Re: F30: System-Wide Change proposal: DNF UUID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2019-01-08 at 09:59 -0500, Owen Taylor wrote:
> On Tue, Jan 8, 2019 at 7:17 AM Benjamin Berg <bberg@xxxxxxxxxx> wrote:
> > On Tue, 2019-01-08 at 12:33 +0100, Miroslav Suchý wrote:
> > > Dne 08. 01. 19 v 11:35 Nicolas Mailhot napsal(a):
> > > > *which* *do* *not* *permit* *or* *no* *longer* *permit* *the*
> > > > *identification* *of* *data* *subjects*
> > > 
> > > How do you identify data subject solely on UUID?
> > 
> > You also inherently collect information such as the IP and the
> > timestamp of the request which in principle permits identification. You
> > could for example collect the IP from Fedora account logins and one of
> > these pings. This way you can de-anonymise the data collected for the
> > UUID.
> 
> We can certainly implement a setup that does not collect or store the
> UUID together with the IP address or timestamp. Send the UUID as a
> HTTP header, don't log it, send the UUID off to a counting service
> (*). If we make sure the UUID is protected in transit, sent only to
> our own servers (or servers configured by the user), and not collected
> or stored in a personally identifiable way, I suspect that we're
> meeting our obligations under the GDPR, though we'd need to
> double-check any selected solution carefully.

You are right that it is possible to immediately discard or obfuscate
the information.

But, as Nicolas pointed out, the argument here is that the UUID itself
likely needs to be considered "personal data" in the GDPR sense. And
even doing something as minimal as that seems to imply "processing"[1]
the data in the GDPR sense.

Benjamin

[1] The definition of "processing" reads:
"""
‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;
"""
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux