[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question to all candidates: GDPR compliance review

On Fri, Apr 01, 2022 at 07:02:15PM +0200, Jonathan Carter wrote:
> Hi Adrian

Hi Jonathan,

> I'm not sure bringing in the lawyer as a first step is optimal, they are
> expensive and will probably tell us a lot of things we already know. IMHO
> it's better to do some initial groundwork, compile a list of issues that we
> need help on, and then take that to the lawyer for further input.

usually trying to solve legal issues without consulting a lawyer early 
ends up being more expensive.

> So, I would appreciate it if the data protection team could look into all of
> the issues we know of in Debian, but I'd also like there to be a process
> where people can file issues with the data protection team.
> So, I think it's more important to take care of known issues and low hanging
> fruit before getting a lawyer involved. I also think it's a good idea to
> make it easy to file issues as they are found, and would like to know if the
> Data Protection team has any ideas or if they would consider implementing
> anything like the above.

It might not have been intended, but to me this comes across like 
stalling, trying to avoid addressing the big problems - we all know from 
our BTS that "filing issues" does not necessarily imply that anything 
will ever happen.

Would you commit to something more specific, like that our Data 
Protection team will reply to debian-project within 3 months discussing 
all issues mentioned in the discussion at [1] so far, and with their 
reply having been proof-read by our GDPR lawyer?

> -Jonathan


[1] https://lists.debian.org/debian-project/2022/03/msg00008.html

Reply to: