El lun., 21 may. 2018 11:31 p. m., Chris Mattmann <mattm...@apache.org> escribió:
> Seconded ☺ > > > > Chris Mattmann > > VP, Legal > > > > From: Craig Russell <apache....@gmail.com> > Reply-To: "dev@community.apache.org" <dev@community.apache.org> > Date: Monday, May 21, 2018 at 6:38 PM > To: "dev@community.apache.org" <dev@community.apache.org> > Cc: Michael Osipov <micha...@apache.org> > Subject: Re: Our Privacy Policy and GDPR > > > > I'd suggest opening a LEGAL JIRA to track this issue. It will get the > proper attention from VP Legal. > > > > Craig > > > > On May 21, 2018, at 5:03 AM, Mark Thomas <ma...@apache.org> wrote: > > On 20/05/18 20:47, Michael Osipov wrote: > > Folks, > > is there any legal statement from the ASF how to proceed with our > > privacy policy, especially Google Analytics, from 2018-05-25? > > Legal questions should be directed to legal-discuss@a.o > > Mark > > All maven.a.o use GA and I have written a mail to private@maven.a.o, but > > no one reaction to. Here is a transcript: > > ======================== > > Hi folks, > > raising this privately for the moment to assess the current situation as > > well as how we want to deal with our sites after 2018-05-25. > > Most of you might know that EU-DSGVO (GDPR in English) is rapidly > > approaching and our Maven sites (and likely other Apache sites) are > > already illegal with BDSG (Germany's privacy law) due to GA. From 25th > > May it will be illegal in the entire EU. Though, I haven't read the > > entire regulation, some basic points we don't meet now [1], [2]: > > * Ask for user's consent > > * Anonymizing the IP > > * Present an easily accesible privacy policy > > * Provide an opt-out option > > None of these criteria are met as of today. > > See also [3]. > > maven.apache.org points for me to 2001:bc8:2142:300:: which is a French > > IP address. > > Any ideas? Is there any special legal dept with the ASF who can take > > care of and we will implement? > > The easiest one is to drop it altogether from site.xml. > > Michael > > [1] > > https://www.kloos.de/blog/google-analytics-die-datenschutzgrundverordnung/ > > [2] https://www.kloos.de/blog/google-analytics-datenschutzkonform-nutzen/ > > [3] https://issues.apache.org/jira/browse/MSKINS-143 > > ======================== > > I do believe that what we do now, regardless ASF top page as well as > > maven.a.o is illegal in a few days. > > Can someone react on? Do I need to raise this with LEGAL on JIRA? > > I am convinced that there are already hords of laywers who have prepared > > cease and desist letter for those who still don't comply with. > > Does this has to be raised with https://www.cnil.fr/ since the IP > > address terminates in France? > > Regards, > > Michael > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > Craig L Russell > > Secretary, Apache Software Foundation > > c...@apache.org http://db.apache.org/jdo > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > > >
