On 10/11/2018 05:12 PM, Paul W. Frields wrote:
> On Wed, Oct 10, 2018 at 10:41:07PM -0400, Dusty Mabe wrote:
>> /me waves at legal experts
>> In the Fedora CoreOS community we'd like to log our IRC channel so we
>> can refer back to conversations we've had or link people to conversations
>> if they weren't in the channel and start a discussion with them while
>> allowing them to gain full context.
>> We were using botbot.me, but they will be shutting down soon . We
>> are looking to explore other options for this and are looking for legal
>> help to know what we can and can not do. A few comments/questions:
>> - logging channels seems to possibly conflict with GPDR
>> - if we were to keep logs for a shorter period of time, would it help?
>> - if an individual kept logs and provided a service, would that be
>> possible or would that possibly have implications for the individual's
>> - Are fedora irc meeting logs something that should have GPDR concern?
>> - If not, why not? Could the same reason apply to a general channel?
>> Do you have any advice on how we can achieve this goal?
>> See  where we have been having this discussion in Fedora CoreOS community.
>> Thanks for any help you can provide!
>>  https://lincolnloop.com/blog/saying-goodbye-botbotme/
> While IANAL, here is some guidance I can give based on recent
> experience in looking at the GDPR:
> The Fedora Project has a legitimate business interest in maintaining
> records that sometimes have personally identifying information. This
> is balanced against GDPR rights such as the so-called "right to be
> forgotten," which itself is not unlimited. This is a basis on which
> we maintain records like email archives and other communications the
> community uses to research, analyze, understand, and act on background
> or other information.
> A limited lifespan for communications certainly means less risk of
> upsetting that balance. So if you intend these communications to be
> archived for only a window of a week or two, that's helpful.
> It would be a good idea to inform all channel users about any
> round-the-clock logging. I'd recommend text like "NOTE: This channel
> is logged at all times for historical and decision purposes. Logs are
> retained for <$TIME> and can be found here: <$URL>." I'd also
> recommend having a bot that echoes a notice to the channel routinely,
> at least every few hours (hourly would be even better). The point is
> to make sure no one is under-informed.
> I do not recommend an individual do the logging or retention, since I
> don't know whether they'd have the same level of legitimacy in
> retaining information as the Fedora Project does.
> Given what I know about GDPR and our project, the above seems
> reasonable. Periodic IRC meetings have different sets of
Thanks Paul. I'll try to make sure all of your recommendations get put
into practice. I'll also reach out to fedora infra to see if we can set
up a botbot.me instance to solve this problem for us in the future.
Suggestion: Build a containerized service and offer to keep it
updated, so that all they have to do is deploy it in an Openshift