Open source in the quest for GDPR compliance
- Track: Legal and Policy Issues devroom
- Room: UA2.220 (Guillissen)
- Day: Saturday
- Start: 12:00
- End: 12:25
Uniformisation at the European level of data protection legislation brought on the table a lot of diversity in implementation from the private sector. Before the GDPR, member states had a specific national approach on how to interpret the previous Data protection directive 95/46/EC. Also, lots of actors came in the spotlight: the National Supervisory Authority, different public and private entities coming from all sectors of economy. The OSS community found itself driven in this ride and even with the best intentions nobody was able to find a complete, personalized guide to implement this new ruling that in theory is so welcomed. This talk is about pointing out how the Open source ecosystem is tangential with the GDPR data protection principles. Also, it will show how are the data protection rights and responsibilities shared between the community participants and the community's infrastructure providers.
The OSS field has as core value the concept of community, which helps a project evolve and make a difference in the software world. Not surprisingly a lot of the OSS projects are around the notions of privacy, anonymity and data protection, as they reflect in general a need that the people forming OSS communities have: to keep their personal data protected and avoid monopoly of that by proprietary software. The GDPR came as an effective tool to raise awareness about the importance of personal data and brought on the table specific principles, rights, obligations, along with a lot of improvements to be made in the current status quo. This talk will analyse how the provisions of the GDPR are tangential with the OSS ecosystem. It will point out how the principles of the GDPR are connected to the OSS world, how we could analyse the model of data controller / data processor in the context of the OSS participants / infrastructure providers. Also, it will point out how the data protection rights are enforced by the OSS model, by analyzing some of the technologies that have risen from this ecosystem: wikis and zero-knowledge collaborative software.
Speakers
Cristina DeLisle |