noskcaJ leahciM wrote:
GDPR is nearing the last 7 months of its 2 year transitional implementation before becoming part of the law in EU countries (inc., despite Brexit, the UK), affecting 0.5bn citizens together with US enterprises in under Privacy Shield (replacing Safe Harbour) as well as enterprises in EEA member countries and, outside of the EEA, countries whose privacy laws have been assessed for adequacy. Operators of lists such as MM are as much called-to-account as are the vast corporations behind popular social media that currently absolve themselves as being mere publishers.
GDRP may be well-intentioned, and may even be a good idea, but I know for a fact that many organizations both commercial and volunteer are struggling mightily to comply within the required timeframe. I suspect that many such organization will simply not be able to comply.
Realistically, there is no way the GNU Mailman project can comply given our available resources. One outcome could be that our downstream consumers take over that responsibility. Another is that volunteers in our community step up with offers to provide us with their expertise, guidance, and code. We will welcome such volunteers and help ensure that the legal requirements align with project goals, sensibilities, and timelines.
So, if you want to see a GDPR compliant GNU Mailman, please find some people to help us.
Cheers, -Barry