Re: GDPR / popcon + personally identifiable info

To: Jonathan McDowell <noodles@earth.li>
Cc: debian-popcon@lists.debian.org, DSA <dsa@debian.org>
Subject: Re: GDPR / popcon + personally identifiable info
From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>
Date: Wed, 18 Apr 2018 23:29:45 +0200
Message-id: <[🔎] 20180418212944.GH25420@yellowpig>
Mail-followup-to: Jonathan McDowell <noodles@earth.li>, debian-popcon@lists.debian.org, DSA <dsa@debian.org>
In-reply-to: <[🔎] 20180418151210.ovbdqvz4dx6kfkel@earth.li>

On Wed, Apr 18, 2018 at 04:12:10PM +0100, Jonathan McDowell wrote:
> Popcon folk; this is a conversation I've been having with DSA about
> appropriate data minimisation in the context of the forthcoming GDPR. It
> sounds like there are various pieces of personal data hanging around on
> popcon.debian.org that should be cleaned up; can you perhaps comment on
> the points pabs raises below? In particular, can the old data go and how
> long does incoming data stick around for?

Raw submissions with personnal identification are stored for about 24h.
This is needed for replaying if the crontab job script stops for some
reason before having completed the anonymisation.

Anonymized submissions ae kept for at most 20 days.
(Of course the anonymous submitter is expected to send a new submission
that will replace it before the deadline.)

Summary reports are stored for ever.

Cheers,
Bill.

Reply to:

References:
- Re: GDPR / popcon + personally identifiable info
  - From: Jonathan McDowell <noodles@earth.li>

Prev by Date: Re: GDPR / popcon + personally identifiable info
Previous by thread: Re: GDPR / popcon + personally identifiable info
Index(es):
- Date
- Thread