I'd suggest opening a LEGAL JIRA to track this issue. It will get the proper attention from VP Legal.
Craig > On May 21, 2018, at 5:03 AM, Mark Thomas <ma...@apache.org> wrote: > > On 20/05/18 20:47, Michael Osipov wrote: >> Folks, >> >> is there any legal statement from the ASF how to proceed with our >> privacy policy, especially Google Analytics, from 2018-05-25? > > Legal questions should be directed to legal-discuss@a.o > > Mark > > >> >> All maven.a.o use GA and I have written a mail to private@maven.a.o, but >> no one reaction to. Here is a transcript: >> ======================== >> Hi folks, >> >> raising this privately for the moment to assess the current situation as >> well as how we want to deal with our sites after 2018-05-25. >> >> Most of you might know that EU-DSGVO (GDPR in English) is rapidly >> approaching and our Maven sites (and likely other Apache sites) are >> already illegal with BDSG (Germany's privacy law) due to GA. From 25th >> May it will be illegal in the entire EU. Though, I haven't read the >> entire regulation, some basic points we don't meet now [1], [2]: >> >> * Ask for user's consent >> * Anonymizing the IP >> * Present an easily accesible privacy policy >> * Provide an opt-out option >> >> None of these criteria are met as of today. >> >> See also [3]. >> >> maven.apache.org points for me to 2001:bc8:2142:300:: which is a French >> IP address. >> >> Any ideas? Is there any special legal dept with the ASF who can take >> care of and we will implement? >> >> The easiest one is to drop it altogether from site.xml. >> >> Michael >> >> [1] >> https://www.kloos.de/blog/google-analytics-die-datenschutzgrundverordnung/ >> [2] https://www.kloos.de/blog/google-analytics-datenschutzkonform-nutzen/ >> [3] https://issues.apache.org/jira/browse/MSKINS-143 >> ======================== >> >> I do believe that what we do now, regardless ASF top page as well as >> maven.a.o is illegal in a few days. >> >> Can someone react on? Do I need to raise this with LEGAL on JIRA? >> I am convinced that there are already hords of laywers who have prepared >> cease and desist letter for those who still don't comply with. >> >> Does this has to be raised with https://www.cnil.fr/ since the IP >> address terminates in France? >> >> Regards, >> >> Michael >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org >> For additional commands, e-mail: dev-h...@community.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org Craig L Russell Secretary, Apache Software Foundation c...@apache.org http://db.apache.org/jdo --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
