Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Europe Privacy Law #557

Open
paulincai opened this issue Jan 14, 2018 · 8 comments
Open

Europe Privacy Law #557

paulincai opened this issue Jan 14, 2018 · 8 comments

Comments

@paulincai
Copy link
Contributor

Hi @dr-dimitru,

didn't really know where to start this conversation. This is not technical and not an issue.

https://www.eugdpr.org/key-changes.html

I was wondering if we could discuss this as a community of "files" and understand how secure, what certifications (if any) are required, and in general understand how we explain our projects to authorities and what role plays each part. I am personally totally clueless how I could draw a chart of responsibilities and accountabilities if asked by European authorities, considering the fragmentation of systems.

Let's say that I take medical or financial records from users and save them with Meteor Files.
I'd be having Heroku as a host, Meteor as a framework, MLab as a DB host and S3 as a files host and SSL all in between.

If you are also interested in this subject and you think it is of any use for the community, let's look into this together and get prepared for the changes to come (if we need to get prepared in any particular way cause this it really the part I don't get)

Thanks,
Paul

@dr-dimitru
Copy link
Member

Hello @paulincai ,

I'm definitely would like to follow and meet Europe Privacy Law.
Shall we have a call to discuss it in details?

Hopefully, James (@blackslate) could take a part.
@blackslate wdyt?

@paulincai
Copy link
Contributor Author

Hi @dr-dimitru,

I'd love to, indeed, and I would like to prepare a bit for this. For instance, check the bottom of this page at the Mongo Atlas certifications in the FAQ area. https://www.mongodb.com/cloud/atlas

I am not a legal person and I am not too much into this stuff but I have a direct interest since I am planing to start 2 businesses/products in Europe, both social, both taking private individual data.

Now is 3:00AM in Dubai and I am shutting down but I am available every day in GMT 8AM - 10PM.

I see in the regulations things like: make it easy for the user to "unaccept" the T&C ... so what would be the workflow for handling private files in this case.

I also see a complete erase of the user data (forget user). It might be the case that you as an owner of this package ask developers to accept a T&C as you are not responsible in any way for this technology etc... Like nobody can sue you over some private files left forgotten in some Dropbox or S3 due to bad code or wrong methods written by some freelance.

Yeah...there are things to be discussed here.

Paul

@dr-dimitru
Copy link
Member

@paulincai ,

I'm thinking to make our demo app satisfy European Privacy Law, so it will be a no.1 reference for everyone who wishes to fit its rules. The demo app source code is available here.

Let's continue this discussion privately, connect with me on Gitter.

Let me know wdyt.

@dr-dimitru
Copy link
Member

Everyone interested this thread, should also follow - meteor/meteor-feature-requests#246 (comment)

@mikhail-shishov
Copy link

Hi @paulincai ,

Just checking, was this issue solved completely or you still have something to discuss with @dr-dimitru ?

@paulincai
Copy link
Contributor Author

Hi @mksh-su this is not really an ... issue technically speaking. Please follow the other thread mentioned in the previous message

@mikhail-shishov
Copy link

Hey @paulincai ,

I understand that it's more of a suggestion than an issue. I was just wondering whether I can close this exact issue or you still have something to discuss in this thread.

@dr-dimitru
Copy link
Member

@mksh-su let's keep it open.

We need to find a way to comply with GDPR (more here), I've proposed to make our demo app fit GDPR as an example.

Right now we need to create a checklist, what need to be accomplished to comply with it, here is initial thoughts:

  • Account & data removal
  • Account's data export
  • Basic ToS & PP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants