GDPR compliance

[ilu33]

I've seen in issue #132 that @ara4n is aware of at least part of the problem but since GDPR is a difficult beast I thought a separate issue would be in order.

GDPR compliance will be required by everyone hosting matrix/riot next month and I think that there are several issues. What I've seen so far:

1. GDPR requires opt-in for every data collection, thus also riot-web analytics need to be changed to opt-in. At least there should be an easy way to change the default serverside. Since we are hosting riot we'd like to play it safe.

2. Also everybody using riot/matrix needs to be informed about quite a lot of stuff before using the service. The service would not work without storing all that data but still the user has to be informed en detail about what data is stored where and send where. This applies to matrix.org as well as to every home server.

3. The user has to explicitly declare consent and the expressed consent hast to be stored with timestamp. I don't think there is a place atm with those consent tick boxes. It seems that upon creating an account with riot you can proceed without consenting to anything. At least I could on riot.im.

4. Every user has the right to get a data dump about all information stored about him/her, every posting included!

5. Every user has the right to delete his/her account, all data included!

I'm aware that no. 4 and 5 are really difficult and maybe impossible. But no. 1-3 should be easy and tackled as soon as possible.

There's probably more which has to be done. Please note that GDPR affects every project, every organisation, everybody who's hosting a service, not just comercial services!

[lampholder]

Hi @ilu33!

Thanks for creating a github issue for this!

We are devoting time to GDPR; the effort currently breaks up into a few distinct tracks:

1. The activities that are related (at least primarily) to companies who have responsibility for running homeservers and related services (bridges, bots, integ servers etc) - such as the matrix.org one!
2. Understanding the full impact of GDPR on the matrix protocol from a functional perspective. For example - is it necessary to erase usernames as well as message content? We are getting legal advice on this.
3. The outcome of 2. will dictate what technical changes we need to make; in the meantime we are investigating how any potential functional changes might be implemented technically. Until we know the outcome of 2. we are assuming the "worst" (i.e. most invasive) case of GDPR interpretation.

We’ve been putting together a hit list for point 1 currently which we’ll share so that others in a similar situation can take inspiration.

We will continue working with our lawyers on point 2 to nail down the specifics. On point 3. we are keen to involve the community - @richvdh is brainstorming possible technical solutions, and the details of this will be available to share in a blog post on matrix.org soon.

[ara4n]

matrix-org/synapse#1941 (comment) has a bunch more info ftr.

[ara4n]

Here's a full braindump of where we're at with GDPR right now: https://matrix.org/blog/2018/05/08/gdpr-compliance-in-matrix/

[ara4n]

https://github.com/vector-im/riot-meta/projects/7 is the project dashboard for tracking progress here fwiw.