Closed Jegelewicz closed 2 years ago
I don't think Arctos is an "enterprise" and is should not be subject to GDPR if that's true.
https://gdpr-info.eu/art-4-gdpr/
"‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;"
Bringing in Naturalis probably requires legal confirmation.
I'm reopening. At the least we should have a User Privacy Policy clearly stated in a one-page, easy to understand text, even if it's "we dont use your personal info for anything nefarious". That is one of the rules of GDPR. I've had to do a few, and am still not finished, with all of our sites. It's not highly urgent for Arctos since most of our registered users are US (not sure about unregistered web traffic) and the US has no legal protections for its users (hello, facebook!)
here's the easiest one we had to write: https://amphibiaweb.org/data/privacy.html
I've got more examples bookmarked and some drafts going for CalPhotos, Amphibian Disease portal, etc, which are more complicated like Arctos
As part of the AWG meeting we discussed:
What are the privacy issues? For public users Ability to encumber info in agent records - this should be done immediately for public (no Arctos account) searches created separate issue #1603 Privacy policy; opt-in/-out - Need to develop FERPA - student information should not be published unless consent is given
Agree, and this is relevant and timely since we have European collections interested.
On Thu, Jul 12, 2018 at 3:21 PM, Teresa Mayfield notifications@github.com wrote:
As part of the AWG meeting we discussed:
What are the privacy issues? For public users Ability to encumber info in agent records - this should be done immediately for public (no Arctos account) searches Privacy policy; opt-in/-out - Need to develop FERPA - student information should not be published unless consent is given
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ArctosDB/arctos/issues/1500#issuecomment-404622412, or mute the thread https://github.com/notifications/unsubscribe-auth/AOH0hH9NnG_4I4udSBBv7ew093wLhSZPks5uF6GwgaJpZM4TSjfj .
Looks like we still need to do this:
Privacy policy; opt-in/-out - Need to develop FERPA - student information should not be published unless consent is given
Closing
See the article concerning the European Union's General Data Protection Regulation (GDPR), which I believe will have implications for our Agent data. I suggest that everyone read the GDPR FAQ. This will be important if we bring in Naturalis, but even without an EU member, we need to be cautious about Agent data for anyone in the EU.
There are fines involved and the definition of personal data is pretty broad:
We are required to have explicit, unambiguous opt-in from Agents to allow use of their personal data.
Offer suggestions for how we should handle this here!