Re: Question to all candidates: GDPR compliance review
On Fri, Apr 01, 2022 at 07:02:15PM +0200, Jonathan Carter wrote:
> Hi Adrian
Hi Jonathan,
>...
> I'm not sure bringing in the lawyer as a first step is optimal, they are
> expensive and will probably tell us a lot of things we already know. IMHO
> it's better to do some initial groundwork, compile a list of issues that we
> need help on, and then take that to the lawyer for further input.
usually trying to solve legal issues without consulting a lawyer early
ends up being more expensive.
>...
> So, I would appreciate it if the data protection team could look into all of
> the issues we know of in Debian, but I'd also like there to be a process
> where people can file issues with the data protection team.
>...
> So, I think it's more important to take care of known issues and low hanging
> fruit before getting a lawyer involved. I also think it's a good idea to
> make it easy to file issues as they are found, and would like to know if the
> Data Protection team has any ideas or if they would consider implementing
> anything like the above.
It might not have been intended, but to me this comes across like
stalling, trying to avoid addressing the big problems - we all know from
our BTS that "filing issues" does not necessarily imply that anything
will ever happen.
Would you commit to something more specific, like that our Data
Protection team will reply to debian-project within 3 months discussing
all issues mentioned in the discussion at [1] so far, and with their
reply having been proof-read by our GDPR lawyer?
> -Jonathan
cu
Adrian
[1] https://lists.debian.org/debian-project/2022/03/msg00008.html
Reply to: