[MediaWiki-l] EU’s GDPR and MediaWiki

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] EU’s GDPR and MediaWiki

Tom Hutchison
Hey Everyone

Is there any roadmap for MediaWiki that addresses the EU’s GDPR (General Data Protection Regulation) being enforced as of 28 May 2018?

Mainly addressing user registration on websites and holding what the EU deems personally identifiable information of EU residents such as usernames, real names, email addresses, etc. A method to prove consent such as a checkbox for Terms of Service and the date consent was given.

From the read of GDPR, it effects any company or organization (even those outside the EU) who store data on someone living in the EU.

Tom

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

Victoria Coleman
Hi Tom,

John Bennett, our Security Director, and Tony Sebro, our Deputy General Counsel, are leading our work on GDPR compliance. It is a significant priority for both Tech and the Legal departments at the WMF.

Best,

Victoria

> On Feb 19, 2018, at 7:15 PM, Tom <[hidden email]> wrote:
>
> Hey Everyone
>
> Is there any roadmap for MediaWiki that addresses the EU’s GDPR (General Data Protection Regulation) being enforced as of 28 May 2018?
>
> Mainly addressing user registration on websites and holding what the EU deems personally identifiable information of EU residents such as usernames, real names, email addresses, etc. A method to prove consent such as a checkbox for Terms of Service and the date consent was given.
>
> From the read of GDPR, it effects any company or organization (even those outside the EU) who store data on someone living in the EU.
>
> Tom
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

Tom Hutchison
Thanks Victoria

My main concern and this should include any wiki admin with an open registration on their wiki, is there any available information on the technical side?

I found a few tasks on phabricator but nothing specific for handling explicit consent of users nor any tools for wiki admins using the MediaWiki software to assist them with compliance of GDPR. There are many open source projects scrambling to improve user registration and user account tools making sure websites run by their software is ready for GDPR.

Yes, a few things can be handled with extensions, but at best they would be patch and make compliance difficult.

Tom

> On Feb 19, 2018, at 7:47 PM, Victoria Coleman <[hidden email]> wrote:
>
> Hi Tom,
>
> John Bennett, our Security Director, and Tony Sebro, our Deputy General Counsel, are leading our work on GDPR compliance. It is a significant priority for both Tech and the Legal departments at the WMF.
>
> Best,
>
> Victoria
>
>> On Feb 19, 2018, at 7:15 PM, Tom <[hidden email]> wrote:
>>
>> Hey Everyone
>>
>> Is there any roadmap for MediaWiki that addresses the EU’s GDPR (General Data Protection Regulation) being enforced as of 28 May 2018?
>>
>> Mainly addressing user registration on websites and holding what the EU deems personally identifiable information of EU residents such as usernames, real names, email addresses, etc. A method to prove consent such as a checkbox for Terms of Service and the date consent was given.
>>
>> From the read of GDPR, it effects any company or organization (even those outside the EU) who store data on someone living in the EU.
>>
>> Tom
>>
>> _______________________________________________
>> MediaWiki-l mailing list
>> To unsubscribe, go to:
>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

Victoria Coleman
We are still in process of defining the work that needs to be done for compliance. We are planning a cross Departmental program as part of annual plan which will include all the necessary work - so Phabricator has not been populated yet. This is a great time for input like this so I encourage you to discuss it with John and Tony. Thanks Tom!

Best regards,

Victoria

Sent from my iPhone

> On Feb 19, 2018, at 7:38 PM, Tom <[hidden email]> wrote:
>
> Thanks Victoria
>
> My main concern and this should include any wiki admin with an open registration on their wiki, is there any available information on the technical side?
>
> I found a few tasks on phabricator but nothing specific for handling explicit consent of users nor any tools for wiki admins using the MediaWiki software to assist them with compliance of GDPR. There are many open source projects scrambling to improve user registration and user account tools making sure websites run by their software is ready for GDPR.
>
> Yes, a few things can be handled with extensions, but at best they would be patch and make compliance difficult.
>
> Tom
>
>> On Feb 19, 2018, at 7:47 PM, Victoria Coleman <[hidden email]> wrote:
>>
>> Hi Tom,
>>
>> John Bennett, our Security Director, and Tony Sebro, our Deputy General Counsel, are leading our work on GDPR compliance. It is a significant priority for both Tech and the Legal departments at the WMF.
>>
>> Best,
>>
>> Victoria
>>
>>> On Feb 19, 2018, at 7:15 PM, Tom <[hidden email]> wrote:
>>>
>>> Hey Everyone
>>>
>>> Is there any roadmap for MediaWiki that addresses the EU’s GDPR (General Data Protection Regulation) being enforced as of 28 May 2018?
>>>
>>> Mainly addressing user registration on websites and holding what the EU deems personally identifiable information of EU residents such as usernames, real names, email addresses, etc. A method to prove consent such as a checkbox for Terms of Service and the date consent was given.
>>>
>>> From the read of GDPR, it effects any company or organization (even those outside the EU) who store data on someone living in the EU.
>>>
>>> Tom
>>>
>>> _______________________________________________
>>> MediaWiki-l mailing list
>>> To unsubscribe, go to:
>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>
>>
>> _______________________________________________
>> MediaWiki-l mailing list
>> To unsubscribe, go to:
>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

kghbln
Thanks Tom for bringing up the issue to the list and thanks Victoria for
noting the WMF is already in the process of tackling this presumably
rather complex issue. I do not envy you for this task.

From what I have heard, I may be wrong here, any "solution" no matter
what it looks like, should be in place by End of May this year. This
would leave us with another three months which sounds more like a sprint
effort. Moreover this "solution" should also cater for not just WMF but
third party users too, i.e. users of MediaWiki 1.27, at least this would
be my wish at this point.

I guess it will be great if at one point the resprective Phabricator
tasks could be shared over this list and if it is only for allowing
people to follow the discussion and stay in the loop. I am sure that
there are other people on this list who are interested in this topic too
and also have the problem of trying to be somewhat compliant with
regulations.

Cheers Karsten


Am 20.02.2018 um 04:55 schrieb Victoria Coleman:

> We are still in process of defining the work that needs to be done for compliance. We are planning a cross Departmental program as part of annual plan which will include all the necessary work - so Phabricator has not been populated yet. This is a great time for input like this so I encourage you to discuss it with John and Tony. Thanks Tom!
>
> Best regards,
>
> Victoria
>
> Sent from my iPhone
>
>> On Feb 19, 2018, at 7:38 PM, Tom <[hidden email]> wrote:
>>
>> Thanks Victoria
>>
>> My main concern and this should include any wiki admin with an open registration on their wiki, is there any available information on the technical side?
>>
>> I found a few tasks on phabricator but nothing specific for handling explicit consent of users nor any tools for wiki admins using the MediaWiki software to assist them with compliance of GDPR. There are many open source projects scrambling to improve user registration and user account tools making sure websites run by their software is ready for GDPR.
>>
>> Yes, a few things can be handled with extensions, but at best they would be patch and make compliance difficult.
>>
>> Tom
>>
>>> On Feb 19, 2018, at 7:47 PM, Victoria Coleman <[hidden email]> wrote:
>>>
>>> Hi Tom,
>>>
>>> John Bennett, our Security Director, and Tony Sebro, our Deputy General Counsel, are leading our work on GDPR compliance. It is a significant priority for both Tech and the Legal departments at the WMF.
>>>
>>> Best,
>>>
>>> Victoria
>>>
>>>> On Feb 19, 2018, at 7:15 PM, Tom <[hidden email]> wrote:
>>>>
>>>> Hey Everyone
>>>>
>>>> Is there any roadmap for MediaWiki that addresses the EU’s GDPR (General Data Protection Regulation) being enforced as of 28 May 2018?
>>>>
>>>> Mainly addressing user registration on websites and holding what the EU deems personally identifiable information of EU residents such as usernames, real names, email addresses, etc. A method to prove consent such as a checkbox for Terms of Service and the date consent was given.
>>>>
>>>> From the read of GDPR, it effects any company or organization (even those outside the EU) who store data on someone living in the EU.
>>>>
>>>> Tom
>>>>
>>>> _______________________________________________
>>>> MediaWiki-l mailing list
>>>> To unsubscribe, go to:
>>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>>
>>> _______________________________________________
>>> MediaWiki-l mailing list
>>> To unsubscribe, go to:
>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>
>> _______________________________________________
>> MediaWiki-l mailing list
>> To unsubscribe, go to:
>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l



_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

Greg Rundlett (freephile)
Is there any update on GDPR compliance for third-parties using MediaWiki
software?

Aside from Sabine Melnicki's presentation [1] at EMWCon in March,
demonstrating the 'Data Cockpit' application to track compliance [2], I'm
not aware of any extensions, or methods for ensuring compliance for
organizations using MediaWiki. Ideally, there would be an extension, like
the one developed for CiviCRM, that could integrate with MediaWiki to
anonymize, report and/or delete user data in ways that comply with the GDPR.

[1]
https://www.mediawiki.org/wiki/EMWCon_Spring_2018/MediaWiki_and_the_European_GDPR
[2] http://www.datencockpit.at
[3] https://github.com/veda-consulting/uk.co.vedaconsulting.gdpr

Greg Rundlett
https://eQuality-Tech.com
https://freephile.org

On Wed, Feb 21, 2018 at 9:34 AM, [[kgh]] <[hidden email]> wrote:

> Thanks Tom for bringing up the issue to the list and thanks Victoria for
> noting the WMF is already in the process of tackling this presumably
> rather complex issue. I do not envy you for this task.
>
> From what I have heard, I may be wrong here, any "solution" no matter
> what it looks like, should be in place by End of May this year. This
> would leave us with another three months which sounds more like a sprint
> effort. Moreover this "solution" should also cater for not just WMF but
> third party users too, i.e. users of MediaWiki 1.27, at least this would
> be my wish at this point.
>
> I guess it will be great if at one point the resprective Phabricator
> tasks could be shared over this list and if it is only for allowing
> people to follow the discussion and stay in the loop. I am sure that
> there are other people on this list who are interested in this topic too
> and also have the problem of trying to be somewhat compliant with
> regulations.
>
> Cheers Karsten
>
>
> Am 20.02.2018 um 04:55 schrieb Victoria Coleman:
> > We are still in process of defining the work that needs to be done for
> compliance. We are planning a cross Departmental program as part of annual
> plan which will include all the necessary work - so Phabricator has not
> been populated yet. This is a great time for input like this so I encourage
> you to discuss it with John and Tony. Thanks Tom!
> >
> > Best regards,
> >
> > Victoria
> >
> > Sent from my iPhone
> >
> >> On Feb 19, 2018, at 7:38 PM, Tom <[hidden email]> wrote:
> >>
> >> Thanks Victoria
> >>
> >> My main concern and this should include any wiki admin with an open
> registration on their wiki, is there any available information on the
> technical side?
> >>
> >> I found a few tasks on phabricator but nothing specific for handling
> explicit consent of users nor any tools for wiki admins using the MediaWiki
> software to assist them with compliance of GDPR. There are many open source
> projects scrambling to improve user registration and user account tools
> making sure websites run by their software is ready for GDPR.
> >>
> >> Yes, a few things can be handled with extensions, but at best they
> would be patch and make compliance difficult.
> >>
> >> Tom
> >>
> >>> On Feb 19, 2018, at 7:47 PM, Victoria Coleman <[hidden email]>
> wrote:
> >>>
> >>> Hi Tom,
> >>>
> >>> John Bennett, our Security Director, and Tony Sebro, our Deputy
> General Counsel, are leading our work on GDPR compliance. It is a
> significant priority for both Tech and the Legal departments at the WMF.
> >>>
> >>> Best,
> >>>
> >>> Victoria
> >>>
> >>>> On Feb 19, 2018, at 7:15 PM, Tom <[hidden email]> wrote:
> >>>>
> >>>> Hey Everyone
> >>>>
> >>>> Is there any roadmap for MediaWiki that addresses the EU’s GDPR
> (General Data Protection Regulation) being enforced as of 28 May 2018?
> >>>>
> >>>> Mainly addressing user registration on websites and holding what the
> EU deems personally identifiable information of EU residents such as
> usernames, real names, email addresses, etc. A method to prove consent such
> as a checkbox for Terms of Service and the date consent was given.
> >>>>
> >>>> From the read of GDPR, it effects any company or organization (even
> those outside the EU) who store data on someone living in the EU.
> >>>>
> >>>> Tom
> >>>>
> >>>> _______________________________________________
> >>>> MediaWiki-l mailing list
> >>>> To unsubscribe, go to:
> >>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >>>
> >>> _______________________________________________
> >>> MediaWiki-l mailing list
> >>> To unsubscribe, go to:
> >>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >>
> >> _______________________________________________
> >> MediaWiki-l mailing list
> >> To unsubscribe, go to:
> >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> > _______________________________________________
> > MediaWiki-l mailing list
> > To unsubscribe, go to:
> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

Greg Rundlett (freephile)
Bump.

Is anything happening at WMF to assist corporate compliance directors and
site administrators, who run MediaWiki, in their obligations with respect
to GDPR?

May 25th is right around the corner. Projects like Drupal, CiviCRM,
Discourse, Platform.sh; plus every major software vendor and social website
is announcing their compliance with GDPR and/or has a publicly visible
project and discussion about compliance.  I can't find any information
regarding GDPR compliance with regards to websites powered by MediaWiki.
The 'Scrum of Scrums' message from today does not mention GDPR. I did find
information about how Wikimedia Sweden is tackling the issue. [1]

[1] https://se.wikimedia.org/wiki/Kategori:GDPR

Thanks,

~ Greg

Greg Rundlett
https://eQuality-Tech.com
https://freephile.org

On Tue, May 15, 2018 at 1:57 PM, Greg Rundlett (freephile) <
[hidden email]> wrote:

> Is there any update on GDPR compliance for third-parties using MediaWiki
> software?
>
> Aside from Sabine Melnicki's presentation [1] at EMWCon in March,
> demonstrating the 'Data Cockpit' application to track compliance [2], I'm
> not aware of any extensions, or methods for ensuring compliance for
> organizations using MediaWiki. Ideally, there would be an extension, like
> the one developed for CiviCRM, that could integrate with MediaWiki to
> anonymize, report and/or delete user data in ways that comply with the GDPR.
>
> [1] https://www.mediawiki.org/wiki/EMWCon_Spring_2018/
> MediaWiki_and_the_European_GDPR
> [2] http://www.datencockpit.at
> [3] https://github.com/veda-consulting/uk.co.vedaconsulting.gdpr
>
> Greg Rundlett
> https://eQuality-Tech.com
> https://freephile.org
>
> On Wed, Feb 21, 2018 at 9:34 AM, [[kgh]] <[hidden email]> wrote:
>
>> Thanks Tom for bringing up the issue to the list and thanks Victoria for
>> noting the WMF is already in the process of tackling this presumably
>> rather complex issue. I do not envy you for this task.
>>
>> From what I have heard, I may be wrong here, any "solution" no matter
>> what it looks like, should be in place by End of May this year. This
>> would leave us with another three months which sounds more like a sprint
>> effort. Moreover this "solution" should also cater for not just WMF but
>> third party users too, i.e. users of MediaWiki 1.27, at least this would
>> be my wish at this point.
>>
>> I guess it will be great if at one point the resprective Phabricator
>> tasks could be shared over this list and if it is only for allowing
>> people to follow the discussion and stay in the loop. I am sure that
>> there are other people on this list who are interested in this topic too
>> and also have the problem of trying to be somewhat compliant with
>> regulations.
>>
>> Cheers Karsten
>>
>>
>> Am 20.02.2018 um 04:55 schrieb Victoria Coleman:
>> > We are still in process of defining the work that needs to be done for
>> compliance. We are planning a cross Departmental program as part of annual
>> plan which will include all the necessary work - so Phabricator has not
>> been populated yet. This is a great time for input like this so I encourage
>> you to discuss it with John and Tony. Thanks Tom!
>> >
>> > Best regards,
>> >
>> > Victoria
>> >
>> > Sent from my iPhone
>> >
>> >> On Feb 19, 2018, at 7:38 PM, Tom <[hidden email]> wrote:
>> >>
>> >> Thanks Victoria
>> >>
>> >> My main concern and this should include any wiki admin with an open
>> registration on their wiki, is there any available information on the
>> technical side?
>> >>
>> >> I found a few tasks on phabricator but nothing specific for handling
>> explicit consent of users nor any tools for wiki admins using the MediaWiki
>> software to assist them with compliance of GDPR. There are many open source
>> projects scrambling to improve user registration and user account tools
>> making sure websites run by their software is ready for GDPR.
>> >>
>> >> Yes, a few things can be handled with extensions, but at best they
>> would be patch and make compliance difficult.
>> >>
>> >> Tom
>> >>
>> >>> On Feb 19, 2018, at 7:47 PM, Victoria Coleman <[hidden email]>
>> wrote:
>> >>>
>> >>> Hi Tom,
>> >>>
>> >>> John Bennett, our Security Director, and Tony Sebro, our Deputy
>> General Counsel, are leading our work on GDPR compliance. It is a
>> significant priority for both Tech and the Legal departments at the WMF.
>> >>>
>> >>> Best,
>> >>>
>> >>> Victoria
>> >>>
>> >>>> On Feb 19, 2018, at 7:15 PM, Tom <[hidden email]> wrote:
>> >>>>
>> >>>> Hey Everyone
>> >>>>
>> >>>> Is there any roadmap for MediaWiki that addresses the EU’s GDPR
>> (General Data Protection Regulation) being enforced as of 28 May 2018?
>> >>>>
>> >>>> Mainly addressing user registration on websites and holding what the
>> EU deems personally identifiable information of EU residents such as
>> usernames, real names, email addresses, etc. A method to prove consent such
>> as a checkbox for Terms of Service and the date consent was given.
>> >>>>
>> >>>> From the read of GDPR, it effects any company or organization (even
>> those outside the EU) who store data on someone living in the EU.
>> >>>>
>> >>>> Tom
>> >>>>
>> >>>> _______________________________________________
>> >>>> MediaWiki-l mailing list
>> >>>> To unsubscribe, go to:
>> >>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>> >>>
>> >>> _______________________________________________
>> >>> MediaWiki-l mailing list
>> >>> To unsubscribe, go to:
>> >>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>> >>
>> >> _______________________________________________
>> >> MediaWiki-l mailing list
>> >> To unsubscribe, go to:
>> >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>> > _______________________________________________
>> > MediaWiki-l mailing list
>> > To unsubscribe, go to:
>> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>
>>
>>
>> _______________________________________________
>> MediaWiki-l mailing list
>> To unsubscribe, go to:
>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>
>
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

James Hare-4
On May 16, 2018 at 1:00:13 PM, Greg Rundlett (freephile) ([hidden email])
wrote:

Bump.

Is anything happening at WMF to assist corporate compliance directors and
site administrators, who run MediaWiki, in their obligations with respect
to GDPR?

May 25th is right around the corner. Projects like Drupal, CiviCRM,
Discourse, Platform.sh; plus every major software vendor and social website
is announcing their compliance with GDPR and/or has a publicly visible
project and discussion about compliance. I can't find any information
regarding GDPR compliance with regards to websites powered by MediaWiki.
The 'Scrum of Scrums' message from today does not mention GDPR. I did find
information about how Wikimedia Sweden is tackling the issue. [1]

[1] https://se.wikimedia.org/wiki/Kategori:GDPR


Part of the draft Wikimedia Foundation annual plan for this coming fiscal
year (starting July 1) includes work on GDPR compliance: <
https://www.mediawiki.org/wiki/Wikimedia_Technology/Annual_Plans/FY2019/CDP1:_Privacy,_Security,_and_Data_Management>.
Full disclosure, I am not involved in this program, but have some
familiarity with the Foundation’s efforts toward privacy and security.

Technically speaking the final plan hasn’t been approved yet (that’s up to
the board) but I think what will end up being approved will be materially
similar to this current draft.


Cheers,

James Hare
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

Greg Rundlett (freephile)
To be clear, there are two totally different aspects to GDPR compliance.
The WikiMedia Foundation can be compliant - or risk the penalties for
non-compliance. And totally separately, those third-party users of
MediaWiki software, who use it to run their own public and private
websites, are also subject to the legislation.  It is this external
audience that I am concerned with. It is the features and capabilities of
the MediaWiki software to anonymize user data, retrieve, report, download,
delete this data that helps organizations comply with the GDPR. For
example, Drupal has a module called "General Data Protection Regulation
(GDPR) - Obfuscated SQL Dump" that when enabled, allows you to select those
data fields in your Drupal schema that you determine to contain sensitive
data, and then it obfuscates those fields so that developers can load data
without leaking sensitive information.  And the main GDPR module for Drupal
provides a checklist for site administrators to do a self-assessment in an
effort to ensure their website is in compliance.

~ Greg

Greg Rundlett
https://eQuality-Tech.com
https://freephile.org

On Wed, May 16, 2018 at 4:11 PM, James Hare <[hidden email]> wrote:

> On May 16, 2018 at 1:00:13 PM, Greg Rundlett (freephile) (
> [hidden email]) wrote:
>
> Bump.
>
> Is anything happening at WMF to assist corporate compliance directors and
> site administrators, who run MediaWiki, in their obligations with respect
> to GDPR?
>
> May 25th is right around the corner. Projects like Drupal, CiviCRM,
> Discourse, Platform.sh; plus every major software vendor and social website
> is announcing their compliance with GDPR and/or has a publicly visible
> project and discussion about compliance. I can't find any information
> regarding GDPR compliance with regards to websites powered by MediaWiki.
> The 'Scrum of Scrums' message from today does not mention GDPR. I did find
> information about how Wikimedia Sweden is tackling the issue. [1]
>
> [1] https://se.wikimedia.org/wiki/Kategori:GDPR
>
>
> Part of the draft Wikimedia Foundation annual plan for this coming fiscal
> year (starting July 1) includes work on GDPR compliance: <
> https://www.mediawiki.org/wiki/Wikimedia_Technology/
> Annual_Plans/FY2019/CDP1:_Privacy,_Security,_and_Data_Management>. Full
> disclosure, I am not involved in this program, but have some familiarity
> with the Foundation’s efforts toward privacy and security.
>
> Technically speaking the final plan hasn’t been approved yet (that’s up to
> the board) but I think what will end up being approved will be materially
> similar to this current draft.
>
>
> Cheers,
>
> James Hare
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

Paladox
 Bump, is there a date set for how the wmf will handle the gdpr?
The date is almost here for the law to be in affect.
(25 may)
    On Wednesday, 16 May 2018, 21:40:12 BST, Greg Rundlett (freephile) <[hidden email]> wrote:  
 
 To be clear, there are two totally different aspects to GDPR compliance.
The WikiMedia Foundation can be compliant - or risk the penalties for
non-compliance. And totally separately, those third-party users of
MediaWiki software, who use it to run their own public and private
websites, are also subject to the legislation.  It is this external
audience that I am concerned with. It is the features and capabilities of
the MediaWiki software to anonymize user data, retrieve, report, download,
delete this data that helps organizations comply with the GDPR. For
example, Drupal has a module called "General Data Protection Regulation
(GDPR) - Obfuscated SQL Dump" that when enabled, allows you to select those
data fields in your Drupal schema that you determine to contain sensitive
data, and then it obfuscates those fields so that developers can load data
without leaking sensitive information.  And the main GDPR module for Drupal
provides a checklist for site administrators to do a self-assessment in an
effort to ensure their website is in compliance.

~ Greg

Greg Rundlett
https://eQuality-Tech.com
https://freephile.org

On Wed, May 16, 2018 at 4:11 PM, James Hare <[hidden email]> wrote:

> On May 16, 2018 at 1:00:13 PM, Greg Rundlett (freephile) (
> [hidden email]) wrote:
>
> Bump.
>
> Is anything happening at WMF to assist corporate compliance directors and
> site administrators, who run MediaWiki, in their obligations with respect
> to GDPR?
>
> May 25th is right around the corner. Projects like Drupal, CiviCRM,
> Discourse, Platform.sh; plus every major software vendor and social website
> is announcing their compliance with GDPR and/or has a publicly visible
> project and discussion about compliance. I can't find any information
> regarding GDPR compliance with regards to websites powered by MediaWiki.
> The 'Scrum of Scrums' message from today does not mention GDPR. I did find
> information about how Wikimedia Sweden is tackling the issue. [1]
>
> [1] https://se.wikimedia.org/wiki/Kategori:GDPR
>
>
> Part of the draft Wikimedia Foundation annual plan for this coming fiscal
> year (starting July 1) includes work on GDPR compliance: <
> https://www.mediawiki.org/wiki/Wikimedia_Technology/
> Annual_Plans/FY2019/CDP1:_Privacy,_Security,_and_Data_Management>. Full
> disclosure, I am not involved in this program, but have some familiarity
> with the Foundation’s efforts toward privacy and security.
>
> Technically speaking the final plan hasn’t been approved yet (that’s up to
> the board) but I think what will end up being approved will be materially
> similar to this current draft.
>
>
> Cheers,
>
> James Hare
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
 
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

kghbln
Hmm, ... Wikia has created the "DownloadYourData" extension [0]. Perhaps
all what is needed is to port this to run with regular MediaWiki 1.27
and later, install it on your wiki and everything is hopefully fluffy
again. However it appears to me that this only covers the topic of
informing about personal information stored by MediaWiki itself.
Moreover they regrettably do not specifiy a license so this one may be
assumed a copyrighted extension.

Cheers Karsten

[0] https://github.com/Wikia/app/tree/dev/extensions/wikia/DownloadYourData

Am 21.05.2018 um 20:14 schrieb Paladox:

>  Bump, is there a date set for how the wmf will handle the gdpr?
> The date is almost here for the law to be in affect.
> (25 may)
>     On Wednesday, 16 May 2018, 21:40:12 BST, Greg Rundlett (freephile) <[hidden email]> wrote:  
>  
>  To be clear, there are two totally different aspects to GDPR compliance.
> The WikiMedia Foundation can be compliant - or risk the penalties for
> non-compliance. And totally separately, those third-party users of
> MediaWiki software, who use it to run their own public and private
> websites, are also subject to the legislation.  It is this external
> audience that I am concerned with. It is the features and capabilities of
> the MediaWiki software to anonymize user data, retrieve, report, download,
> delete this data that helps organizations comply with the GDPR. For
> example, Drupal has a module called "General Data Protection Regulation
> (GDPR) - Obfuscated SQL Dump" that when enabled, allows you to select those
> data fields in your Drupal schema that you determine to contain sensitive
> data, and then it obfuscates those fields so that developers can load data
> without leaking sensitive information.  And the main GDPR module for Drupal
> provides a checklist for site administrators to do a self-assessment in an
> effort to ensure their website is in compliance.
>
> ~ Greg
>
> Greg Rundlett
> https://eQuality-Tech.com
> https://freephile.org
>
> On Wed, May 16, 2018 at 4:11 PM, James Hare <[hidden email]> wrote:
>
>> On May 16, 2018 at 1:00:13 PM, Greg Rundlett (freephile) (
>> [hidden email]) wrote:
>>
>> Bump.
>>
>> Is anything happening at WMF to assist corporate compliance directors and
>> site administrators, who run MediaWiki, in their obligations with respect
>> to GDPR?
>>
>> May 25th is right around the corner. Projects like Drupal, CiviCRM,
>> Discourse, Platform.sh; plus every major software vendor and social website
>> is announcing their compliance with GDPR and/or has a publicly visible
>> project and discussion about compliance. I can't find any information
>> regarding GDPR compliance with regards to websites powered by MediaWiki.
>> The 'Scrum of Scrums' message from today does not mention GDPR. I did find
>> information about how Wikimedia Sweden is tackling the issue. [1]
>>
>> [1] https://se.wikimedia.org/wiki/Kategori:GDPR
>>
>>
>> Part of the draft Wikimedia Foundation annual plan for this coming fiscal
>> year (starting July 1) includes work on GDPR compliance: <
>> https://www.mediawiki.org/wiki/Wikimedia_Technology/
>> Annual_Plans/FY2019/CDP1:_Privacy,_Security,_and_Data_Management>. Full
>> disclosure, I am not involved in this program, but have some familiarity
>> with the Foundation’s efforts toward privacy and security.
>>
>> Technically speaking the final plan hasn’t been approved yet (that’s up to
>> the board) but I think what will end up being approved will be materially
>> similar to this current draft.
>>
>>
>> Cheers,
>>
>> James Hare
>>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>  
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l



_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: EU’s GDPR and MediaWiki

Greg Rundlett (freephile)
On Tue, May 22, 2018 at 11:55 AM, [[kgh]] <[hidden email]> wrote:

>
> Moreover they regrettably do not specifiy a license so this one may be
> assumed a copyrighted extension.
>
>
> *Any* extension developed for MediaWiki and "distributed" (as is the case
here), can be assumed to be released under the same license (GPL v2+); or a
GPL-compatible license.

In the case of Wikia, they do have a LICENSE
<https://github.com/Wikia/app/blob/dev/extensions/wikia/LICENSE> file in
their wikia/extensions folder that states the license is GPLv3+

~ Greg

Greg Rundlett
https://eQuality-Tech.com <https://equality-tech.com/>
https://freephile.org
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l