= Сообщение: 6357 из 12550 ====================================== ENET.SYSOP = От : Michiel van der Vlist 2:280/5555 03 May 18 22:34:38 Кому : Gerrit Kuehn 03 May 18 22:34:38 Тема : GDPR FGHI : area://ENET.SYSOP?msgid=2:280/5555+5aeb77b4 На : area://ENET.SYSOP?msgid=2:240/12+5a80aa95 = Кодировка сообщения определена как: CP850 ================================== ============================================================================== Hello Gerrit,
On Thursday May 03 2018 18:46, you wrote to me:
MvdV>> Pruning Fidonet logs would not be a problem. I do not keep them MvdV>> forever anyway and writing a script to do it automatically is MvdV>> doable.
GK> That's the first step. However, this also needs to be documented in GK> form of a so-called "register of processing information"
If someone asks about it in my capacity of sysop of 2:280/5555 I will give them the scripts used for pruning the logs.
GK> that has to be kept with the person responsible for this (and we're GK> still thinking about who this actually might be - node, NC, RC, GK> ZC...).
I go for the POV that even lawyers have somes sense of logic and that even they will not hold someone responsible for what he/she does not and can not control. So the sysop is responsible for what happens om his/her sytem and a *C is responsible for the tasks described in P4.
MvdV>> What comes to mind is "who will enforce this and how?". My logs MvdV>> are not accessible from the outside. To see them one needs MvdV>> physival access to the machine where they are stored. So the MvdV>> enforcer would need a search warrant. I do not see anyone MvdV>> issuing a serach warrant for such a minor issue.
GK> I think the authorities (in Germany there are "data protection GK> agencies" for this) are enabled to check these things. However, the GK> first thing they'll ask for is to present them the mentioned "register GK> of processing information".
So if I am asked in my cpacity as *C, I will provide them with a copy of the relevant parts of P4 and the scripts I use for processing the part of the nodelist that I am responsible for.
GK>>> I wouldn't buy into that too easily. We have a hierarchical GK>>> structure that allows people in "higher up" positions to ask GK>>> other further down the road to comply to certain rules. We do so GK>>> for ages with stuff that is written in our policies.
MvdV>> Yes, we have a hierachical structure but the powers of the *Cs MvdV>> are very limited. A *C does not have the authority nor the MvdV>> means to demand that sysops give him/her access to their logs. MvdV>> So how can anyone other than the sysop be responsible for what MvdV>> is in those logs?
GK> I understand what you mean. However, I think an "official" request GK> would go through the instances the organisation (i.e., FidoNet) GK> offers, meaning it will start on ZC or RC level. This is why I said GK> earlier that the register should be kept at that level. These people GK> will be asked for it.
In the event that I receive such an official request, I will refer them to whoever I consider to be responsible.
MvdV>> I guess we will just have to see how this evolves. No doubt MvdV>> there will be court rulings in the interpretation. Some parts MvdV>> of this new law may turn out to be unworkable. For both the MvdV>> executioners and the enforcers.
GK> Maybe, maybe not. OTOH, ignoring the stuff altogether is certainly not GK> the way to go.
I am not ignoring it. But my position is that I can only be responsible for what I can control. I have reasonable confidence that when push comes to shove those who will judge me will see it that way too. So my preparations are with that in mind.
If that POV turns out to be wrong so be it. There is nothing I can do other than pulling the plug on Fidonet before May 25th to prepare for that situation.
The theories about stellar evolution may be wrong and the sun may go nova on May 25th. There is nothing I can do to prepaire for that either.
