You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dont be alarmed but i do find it important to point out this issue.
Summary
The personal data handled by mattermost are not exportable, violating the GDPR for all systems deployed in or with the eu / eu citizens.
Expected behavior
As per art. 25 in conjunction with 15 and 12ff GDPR the controller shall make the subjects data available. Art 25 enforces the controller to design his* technology in a way that furthers the dataprotection. And art 12 2. states The controller shall facilitate the exercise of data subject rights under Articles 15 to 22 .
Therefore the gdpr implies that in case of mattermost the user should be able to download their data electronicaly and or in a machine readable format i.e. json, as this reduces the need for documentation, and pdf as users might not be as tech savy.
I asked our team about this and they mentioned that we do have APIs that should enable people to get their user data from our platform. Does this help, or do you have additional questions?
I asked our team about this and they mentioned that we do have APIs that should enable people to get their user data from our platform. Does this help, or do you have additional questions?
Jep this kinda helps but as I already mentioned, any user shall have the ability to export their data easily. And as most of the data subjects do not hold the ability to export with an API, and mostly because of other reasons, the gdpr mandates a export functionality that is accessible by any user (and in this case by the web and app ui).
Therefore I strongly believe this feature is required.
Thank you @Hu1buerger, would you like to share this in our feature idea forum here? Please include a link back to this GitHub issue. If you're interested in implementing the feature and submitting a pull request, please let us know.
Dont be alarmed but i do find it important to point out this issue.
Summary
The personal data handled by mattermost are not exportable, violating the GDPR for all systems deployed in or with the eu / eu citizens.
Expected behavior
As per art. 25 in conjunction with 15 and 12ff GDPR the controller shall make the subjects data available. Art 25 enforces the controller to design his* technology in a way that furthers the dataprotection. And art 12 2. states
The controller shall facilitate the exercise of data subject rights under Articles 15 to 22
.Therefore the gdpr implies that in case of mattermost the user should be able to download their data electronicaly and or in a machine readable format i.e. json, as this reduces the need for documentation, and pdf as users might not be as tech savy.
Observed behavior (that appears unintentional)
see #20719 for an example of this issue.
Possible fixes
As stated
The text was updated successfully, but these errors were encountered: