Open urien opened 3 years ago
When the user creates an account, is it enough to display a suitable text, and which one ? Text would include "using this site implies acceptation of the following."
By design, SF collects RDF data that is already publicly available on the Web.
But this is not OK with the GDPR. The data about a person other than the user should not be stored, even if that comes from FOAF profiles that are meant for sharing.
This contradicts what is the essence of Linked Open Data, but we must comply ! :( .
However, it is OK to have a triple with foaf:knows
, and to display the remote person profile, but this data should not stored in database except with an explicit permission of the person publishing the FOAF profile. To enforce this, I see two possible mechanisms:
Also, a user with a valid email ( see issue #208 ) can only publish one FOAF person: himself.
Besides data already publicly available on the Web, and data entered in forms by users, other mechanisms to load data in SF are:
/load
service , not part of the web pages, which will be restricted to site administrator Take inspiration from:
I found few things by searching the web for LOD linked data + "GDPR" , except these pages :
Semantic forms allows personal data to be collected and linked. People should be informed when they create an account, procedures should be put in place to prohibit the collection of sensitive data (within the meaning of GDPR), and GDPR compliance documented.