Managing GDPR implications of apps and privacy statements

[bpcurse]

As a europe based cloud provider or by providing service for european users, you have to obey the GDPR regulations, including a detailed privacy statement.

When setting up a nextcloud instance you will create a privacy statement taking into account all privacy implications and the planned usage. But what about the installation of new apps or updates to nextcloud itself? As they bring new features, they may imply necessary changes to the existing privacy statement, that might not have been considered before.

What I am proposing is to implement a privacy management / information standard for apps. One element could be a standardised "privacy implications" form for apps, integrated in the app store completed and maintained by app developers. This standardised data collection should contain information like:

• Does this app harvest additional personal information? If yes, which and how is it collected?
• For what purposes is the information stored and used?
• How long is the information saved?
• Where is the information saved?
• Is the information shared with third parties? Which? For what purpose?
• How is the information protected (e.g. SSE, E2EE [optional or mandatory], pseudonymized, anonymized)?
• Is there a way for the user to delete this information, or request deletion?
• ... and all the other things required by the GDPR

Basic usage

This information could be displayed in a user-friendly way in the apps menu, when clicking on an additional icon:

Extended usage

If this system would exist, with the machine readable app privacy information in the database, even a sophisticated nextcloud-specific privacy statement generator, that takes all apps' privacy implications into account, could be developed and integrated. Meaning that, on first install of the cloud itself or whenever you install an app, that expands the existing data collection / processing, the admin could get a privacy warning and a proposal to use a newly generated privacy statement.

EDIT: Addendum for legal reference

Art. 13 (and possibly Art. 14) GDPR https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

[skjnldsv]

cc @jospoortvliet

[skjnldsv]

I guess this is https://github.com/nextcloud/privacy ?

[Spartachetto]

My impression is that @bpcurse 's proposal has 3 pieces:

• a part in the app store, which allows developers to input information about their app, users to read it and Nextcloud instances to download it
• a "manager" of this information for every Nextcloud instance
• one or more interfaces for every Nextcloud instance to display the information to admins and users.

[bpcurse]

I guess this is https://github.com/nextcloud/privacy ?

@skjnldsv It could be a part of it, when "privacy" is extended to the privacy implications of apps. But it isn't yet and the proposal is far more than that.

@Spartachetto Yes, that breaks it down to the relevant parts, not to forget the important part of standardization.

To make it easier for app developers there could even be a script in the app store that scans the app and tries to analyze what privacy implications it has (at least from a technical point of view). A bit like the Google Play Store overview of which permissions certain Android apps demand.

[Spartachetto]

F-Droid too shows what permissions are needed by the different apps. Maybe they could provide some useful indications (I seem to remember some contacts between Nextcloud and F-Droid developers)

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[Spartachetto]

@skjnldsv in my opinion this issue is requiring an useful functionality and should not be closed. Do you agree?

[skjnldsv]

@skjnldsv in my opinion this issue is requiring an useful functionality and should not be closed. Do you agree?

It's pending info from @jospoortvliet

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[Spartachetto]

I guess that @jospoortvliet is preparing the material for Nextcloud 21 release....

Best!

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[Spartachetto]

@jospoortvliet
I do think that this issue request is interesting and, if realized, would contribute to increase the appeal of Nextcloud offer... I also do realize that this is a non trivial amount of work.

I'd rather avoid to disturb you with a pending issue that you do not deem interesting/useful/feasible enough. I know you're quite busy and I too am waiting for Nextcloud 21... So if you manage to accept or discard this I'll avoid to ping you annoyingly... 😇

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[Spartachetto]

@skjnldsv , sorry to disturb again but the same @jospoortvliet wrote somewhere that he struggles to follow all the Github notifications he gets. Can you manage to have a feedback from him? Even a negative one. It would help to understand if this issue has any usefulness.

Thanks in advance

[bpcurse]

As an addition, can the "needs info" tag be removed, or does it refer to jospoortvliet ? Can I supply any additional information?

[Spartachetto]

For reference I put an example of information that could be exposed via this functionality: https://github.com/nextcloud/polls/pull/1490

[bpcurse]

I think this is also somehow related: nextcloud/server#16046

[szaimen]

Related: nextcloud/server#15883

[jospoortvliet]

Hey,

So I think this is useful - at the very least, having some kind of standardized format for what the privacy impact of apps is and having that displayed in our app store, first on apps.nextcloud.com and/or on the built in app store - that totally makes sense. It's work, of course, and I can't say who should do it, but I do think it is a very useful feature.

Beyond that, a section in the privacy app in Nextcloud (we do have it!) would be helpful perhaps.

[Spartachetto]

@jospoortvliet glad to read you find this feature useful.

I guess that the first step is to draft the standardized format, trying to maximize the amount of information that can be generated automatically.

For example in https://github.com/nextcloud/polls/pull/1490#issuecomment-827936536 what is deleted and what is anonymized at the removal of an user.

[jospoortvliet]

Yes, I suppose - but on the tech side I have little input ;-)

[uwedisch]

It seems to me that regulatory and security issues should be driven from the paid professionals of Nextcloud and that these kind of issues should not be dependend on count of user likes.

[Spartachetto]

@uwedisch I do not think it is a question of user likes.

It is more a question of "some parts of GDPR are not yet tested because no user sued a big provider with a subsequent big fine". So the clients of Nextcloud are not asking for the development of this feature. A way of accelerating the development could be to sue a provider...

[uwedisch]

Yes, both are dependent on user feedback. User feedback should be the better wording. These regulatory and security stuff should be done without any user feedback.