FYI
Data Protection Commission announces conclusion of inquiry into WhatsApp
https://community.nicfab.it/post/26166
Licaon_Kter
A $5.5mil fine is "operational costs", nothing to see, carry on. Also... 4 years later Ireland?
Ramiro Romanihas left
Ramiro Romanihas joined
nicola
> A $5.5mil fine is "operational costs", nothing to see, carry on. Also... 4 years later Ireland?
It’s a hot topic for several reasons, among them:
1. DPC Ireland and the EDPB (administrative matters but relevant);
2. The phenomenon is increasing, and several EU DPAs are issuing measures with relevant fines to big players.
3. People should consider those measures to WA & co … XMPP is better 😉
praveenhas joined
Peter Waher
Note: Many of the XMPP extensions have serious privacy implications as well…
nicola
> Note: Many of the XMPP extensions have serious privacy implications as well…
I know
An alternative reaction would be to list these extensions & privacy concerns, so we can generate tasks to fix those
nicola
> An alternative reaction would be to list these extensions & privacy concerns, so we can generate tasks to fix those
I agree with you, and I am at your disposal
papatutuwawahas left
singpolymahas left
singpolymahas joined
papatutuwawahas joined
Martinhas left
Martinhas joined
Licaon_Kter
Peter Waher: are these "known" by now, 24 years have passed already :)
Jeybehas left
Schimon_has joined
Peter Waher
Example: HTTP Upload need to allow the uploader to define life cycle (how long the file should be persisted on the broker) and delete uploaded files (but only the uploader should be abllowed this).
MSavoritias (fae,ve)
How is that a privacy issue?
MattJ
Users should have control over their data
MattJ
As long as they can request that their provider delete the data, and the provider complies, it's not necessarily an issue
Peter Waher
Images may be sensitive
MattJ
But it would be nice to have it supported directly in the protocol
Peter Waher
According to the GDPR requires life cycle to be defined (i.e. lifetime) to sensitive and/or private information
Peter Waher
meaning, you cannot store (process) it indefinitely
MattJ
Which most servers already don't
Peter Waher
so, you need to either define a time for all content, or allow the uploader to specify the time
Wojtekhas joined
Peter Waher
for each file
Peter Waher
(or allow the uploader to delete the file)
singpolyma
Could use DELETE and Expires header on the PUT endpoint for those. If the component wanted to implement them
Peter Waher
yes
Peter Waher
but it needs to be standardized
Jeybehas joined
singpolyma
Needs to be implemented before it can be standardized :)
Peter Waher
don't see why
praveenhas left
singpolyma
... because standards always follow implementation? You can't specify something in abstract and then just hope an implementation appears. You need at least one, and ideally two
Peter Waher
it’s actually often the other way around. specification comes before implementation, at least if you want to think through things and allow different accords to come to an agreement, rather than standardize what one of the actors have already implemented✎
Peter Waher
I have already an implementation in our broker, but it is not my point to standardize that solution.
Peter Waher
it’s actually often the other way around. specification comes before implementation, at least if you want to think through things and allow different actors to come to an agreement, rather than standardize what one of the actors have already implemented ✏