On Mon, Dec 04, 2023 at 03:30:03PM +0100, Pavel Hrdina wrote: > On Mon, Dec 04, 2023 at 01:03:07PM +0100, Wolfgang Rohdewald wrote: > > Since I do not know in which country libvirt.org legally lives (it does not say that), > > I do not know what regulations apply. But meanwhile all major US companies follow > > EU regulations - in general even worldwide. So maybe this is all irrelevant > > for you - but maybe not. > > > > Am Montag, dem 04.12.2023 um 11:32 +0000 schrieb Daniel P. Berrangé: > > > Aside from the search, our is just static content, so I'm not sure > > > how it can be said to be massively violating privacy. > > > > Please re-read. It is not about the content. > > The website defines no privacy policy which is against EU regulations. > > Please provide any source for this requirement that applies to > libvirt.org. That site has only static pages, it doesn't collect any > personal data and based on my quick search the requirement for privacy > policy is when you do collect personal data which is not our case. I think the problem is really rather fuzzy. The first issue is that there is no legal notion of "libvirt" as an entity, which it turn makes it harder to say whom has responsibility for any parts the GDPR. The project exists only in so much as a selection of contributors being members of the gitlab group. The services used by a project come from a variety of sources. The main project infra is all run by GitLab. The mailing lists are run by Red Hat. The web server is on a personal server belonging to the project's founder. I think the responsibility (probably) likely lies with the various providers of infrastructure. WRT libvirt.org, if there are web server logs, the IP addr within can be considerered PII. It could be claimed that collecting web servers logs is a neccessary function for running websites (eg to identify hostile traffic) and thus not require consent. If you're mining the data logs and correlating with other info though, it probably would require consent. For avoidance of doubt: we're not doing the latter. In the end it probably doesn't hurt to have a simple privacy page that says we're not doing anything untoward with server logs, etc. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ Users mailing list -- users@xxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxx
