Europe Privacy Law

[paulincai]

Hi @dr-dimitru,

didn't really know where to start this conversation. This is not technical and not an issue.

https://www.eugdpr.org/key-changes.html

I was wondering if we could discuss this as a community of "files" and understand how secure, what certifications (if any) are required, and in general understand how we explain our projects to authorities and what role plays each part. I am personally totally clueless how I could draw a chart of responsibilities and accountabilities if asked by European authorities, considering the fragmentation of systems.

Let's say that I take medical or financial records from users and save them with Meteor Files.
I'd be having Heroku as a host, Meteor as a framework, MLab as a DB host and S3 as a files host and SSL all in between.

If you are also interested in this subject and you think it is of any use for the community, let's look into this together and get prepared for the changes to come (if we need to get prepared in any particular way cause this it really the part I don't get)

Thanks,
Paul

[dr-dimitru]

Hello @paulincai ,

I'm definitely would like to follow and meet Europe Privacy Law.
Shall we have a call to discuss it in details?

Hopefully, James (@blackslate) could take a part.
@blackslate wdyt?

[paulincai]

Hi @dr-dimitru,

I'd love to, indeed, and I would like to prepare a bit for this. For instance, check the bottom of this page at the Mongo Atlas certifications in the FAQ area. https://www.mongodb.com/cloud/atlas

I am not a legal person and I am not too much into this stuff but I have a direct interest since I am planing to start 2 businesses/products in Europe, both social, both taking private individual data.

Now is 3:00AM in Dubai and I am shutting down but I am available every day in GMT 8AM - 10PM.

I see in the regulations things like: make it easy for the user to "unaccept" the T&C ... so what would be the workflow for handling private files in this case.

I also see a complete erase of the user data (forget user). It might be the case that you as an owner of this package ask developers to accept a T&C as you are not responsible in any way for this technology etc... Like nobody can sue you over some private files left forgotten in some Dropbox or S3 due to bad code or wrong methods written by some freelance.

Yeah...there are things to be discussed here.

Paul

[dr-dimitru]

@paulincai ,

I'm thinking to make our demo app satisfy European Privacy Law, so it will be a no.1 reference for everyone who wishes to fit its rules. The demo app source code is available here.

Let's continue this discussion privately, connect with me on Gitter.

Let me know wdyt.

[dr-dimitru]

Everyone interested this thread, should also follow - meteor/meteor-feature-requests#246 (comment)

[mikhail-shishov]

Hi @paulincai ,

Just checking, was this issue solved completely or you still have something to discuss with @dr-dimitru ?

[paulincai]

Hi @mksh-su this is not really an ... issue technically speaking. Please follow the other thread mentioned in the previous message

[mikhail-shishov]

Hey @paulincai ,

I understand that it's more of a suggestion than an issue. I was just wondering whether I can close this exact issue or you still have something to discuss in this thread.

[dr-dimitru]

@mksh-su let's keep it open.

We need to find a way to comply with GDPR (more here), I've proposed to make our demo app fit GDPR as an example.

Right now we need to create a checklist, what need to be accomplished to comply with it, here is initial thoughts:

• Account & data removal
• Account's data export
• Basic ToS & PP