Suspected violation of the GDPR #20720
Comments
|
As #20719 was closed as unplaned, and i do suspect a violation of the gdpr, i am asking for a second review. |
|
I asked our team about this and they mentioned that we do have APIs that should enable people to get their user data from our platform. Does this help, or do you have additional questions? |
Jep this kinda helps but as I already mentioned, any user shall have the ability to export their data easily. And as most of the data subjects do not hold the ability to export with an API, and mostly because of other reasons, the gdpr mandates a export functionality that is accessible by any user (and in this case by the web and app ui). Therefore I strongly believe this feature is required. |
|
Thank you @Hu1buerger, would you like to share this in our feature idea forum here? Please include a link back to this GitHub issue. If you're interested in implementing the feature and submitting a pull request, please let us know. |
amyblais
added
the
kind/feature
Dont be alarmed but i do find it important to point out this issue.
Summary
The personal data handled by mattermost are not exportable, violating the GDPR for all systems deployed in or with the eu / eu citizens.
Expected behavior
As per art. 25 in conjunction with 15 and 12ff GDPR the controller shall make the subjects data available. Art 25 enforces the controller to design his* technology in a way that furthers the dataprotection. And art 12 2. states
The controller shall facilitate the exercise of data subject rights under Articles 15 to 22.Therefore the gdpr implies that in case of mattermost the user should be able to download their data electronicaly and or in a machine readable format i.e. json, as this reduces the need for documentation, and pdf as users might not be as tech savy.
Observed behavior (that appears unintentional)
see #20719 for an example of this issue.
Possible fixes
As stated
The text was updated successfully, but these errors were encountered: