On 10/11/2018 05:12 PM, Paul W. Frields wrote: > On Wed, Oct 10, 2018 at 10:41:07PM -0400, Dusty Mabe wrote: >> /me waves at legal experts >> >> In the Fedora CoreOS community we'd like to log our IRC channel so we >> can refer back to conversations we've had or link people to conversations >> if they weren't in the channel and start a discussion with them while >> allowing them to gain full context. >> >> We were using botbot.me, but they will be shutting down soon [1]. We >> are looking to explore other options for this and are looking for legal >> help to know what we can and can not do. A few comments/questions: >> >> - logging channels seems to possibly conflict with GPDR >> - if we were to keep logs for a shorter period of time, would it help? >> - if an individual kept logs and provided a service, would that be >> possible or would that possibly have implications for the individual's >> employer? >> - Are fedora irc meeting logs something that should have GPDR concern? >> - If not, why not? Could the same reason apply to a general channel? >> >> Do you have any advice on how we can achieve this goal? >> >> See [2] where we have been having this discussion in Fedora CoreOS community. >> >> Thanks for any help you can provide! >> Dusty >> >> [1] https://lincolnloop.com/blog/saying-goodbye-botbotme/ >> [2] https://github.com/coreos/fedora-coreos-tracker/issues/11#issuecomment-426069775 > > While IANAL, here is some guidance I can give based on recent > experience in looking at the GDPR: > > The Fedora Project has a legitimate business interest in maintaining > records that sometimes have personally identifying information. This > is balanced against GDPR rights such as the so-called "right to be > forgotten," which itself is not unlimited. This is a basis on which > we maintain records like email archives and other communications the > community uses to research, analyze, understand, and act on background > or other information. > > A limited lifespan for communications certainly means less risk of > upsetting that balance. So if you intend these communications to be > archived for only a window of a week or two, that's helpful. > > It would be a good idea to inform all channel users about any > round-the-clock logging. I'd recommend text like "NOTE: This channel > is logged at all times for historical and decision purposes. Logs are > retained for <$TIME> and can be found here: <$URL>." I'd also > recommend having a bot that echoes a notice to the channel routinely, > at least every few hours (hourly would be even better). The point is > to make sure no one is under-informed. > > I do not recommend an individual do the logging or retention, since I > don't know whether they'd have the same level of legitimacy in > retaining information as the Fedora Project does. > > Given what I know about GDPR and our project, the above seems > reasonable. Periodic IRC meetings have different sets of > expectations. > Thanks Paul. I'll try to make sure all of your recommendations get put into practice. I'll also reach out to fedora infra to see if we can set up a botbot.me instance to solve this problem for us in the future. Thanks! Dusty _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
