[Mailman-Users] [Mailman-cabal] GDPR

Stephen J. Turnbull turnbull.stephen.fw at u.tsukuba.ac.jp
Fri May 11 12:06:15 EDT 2018

I hate to disagree with everybody, but ...

We need to get an articulare European lawyer, or at least find someone
who has studied the subject.  I don't know the credentials of anyone
who has posted on this list, so I would be careful.  There was a post
a few months back listing a bunch of stuff that person claimed we
needed to support for our users (ie, list owners) to be able to
conform to GDPR.  (Sorry, on a plane right now, search is painful.)
I have no idea if that person was clueful, but I suspect he was a
privacy activist and so would be biased toward stringent
interpretation.  Still that post is where I'd start.

On the FUD end of the spectrum, there are claims that the IPs in your
webserver log are subject to redaction on request.  There are
counterclaims that that is FUD. ;-)  I don't know the credentials of
either claimant.  It is my understanding that you may need to remove
posts from archives on request.  AFAIK neither Mailman 2 nor Mailman 3
supports that in the sense of making it possible to do it without
editing the archives by hand (and in Mailman 2's case, rebuilding the
archives), which requires login access to the host.

There are also claims that if you don't profit from the data stored in
your host's records, you're safe.  Some people have posted "all posts
yours are automatically permanently ours" rules of usage -- but I
don't think EU law necessarily allows that, because GDPR rights may
very well be inalienable "creator's rights".  I have no way to
evaluate these claims, but at the very least you have to worry about
frivolous claims (insert Michael Cohen/Rudy Guiliani joke here).

[1]  If someone reading this thinks they know GDPR well enough to (1)
present basic concepts and risks (while liberally sprinkling IANALs and
TINLAs around) and (2) point people at real lawyer blogs, *please*
speak up.  I'm not deprecating your knowledge, just I haven't seen
such here.  Pointing at the official lawyerly stuff isn't really
helpful, I'm sure we can all google for that.  What we need is a
curated list of sane sources.

More information about the Mailman-Users mailing list