Folks,
is there any legal statement from the ASF how to proceed with our
privacy policy, especially Google Analytics, from 2018-05-25?
All maven.a.o use GA and I have written a mail to private@maven.a.o, but
no one reaction to. Here is a transcript:
========================
Hi folks,
raising this privately for the moment to assess the current situation as
well as how we want to deal with our sites after 2018-05-25.
Most of you might know that EU-DSGVO (GDPR in English) is rapidly
approaching and our Maven sites (and likely other Apache sites) are
already illegal with BDSG (Germany's privacy law) due to GA. From 25th
May it will be illegal in the entire EU. Though, I haven't read the
entire regulation, some basic points we don't meet now [1], [2]:
* Ask for user's consent
* Anonymizing the IP
* Present an easily accesible privacy policy
* Provide an opt-out option
None of these criteria are met as of today.
See also [3].
maven.apache.org points for me to 2001:bc8:2142:300:: which is a French
IP address.
Any ideas? Is there any special legal dept with the ASF who can take
care of and we will implement?
The easiest one is to drop it altogether from site.xml.
Michael
[1]
https://www.kloos.de/blog/google-analytics-die-datenschutzgrundverordnung/
[2] https://www.kloos.de/blog/google-analytics-datenschutzkonform-nutzen/
[3] https://issues.apache.org/jira/browse/MSKINS-143
========================
I do believe that what we do now, regardless ASF top page as well as
maven.a.o is illegal in a few days.
Can someone react on? Do I need to raise this with LEGAL on JIRA?
I am convinced that there are already hords of laywers who have prepared
cease and desist letter for those who still don't comply with.
Does this has to be raised with https://www.cnil.fr/ since the IP
address terminates in France?
Regards,
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org
