Thank you for this !
GDPR is coming into force now buy has been voted 2 years ago…
Seafile is already GDPR compliant regarding to its security features (crypting, file block storage model).
As you do here, some users already pointed other lacking opt-out features during the Seafile symposium in Strasbourg.
I hope the dev team will enforce next versions with them.
But, IP logging opt out feature should only be activated if other laws do not require them, because it is not absolutely mandarory in the GDPR.
Regards
The GDPR provides the following rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
The first step for admin is to communicate clearly what personal data is collected and stored in Seafile.
For the community edition, the list is
the files (stored in libraries)
the user email and user name
the login log
For the pro edition, the extra information include
the file access log (default is turned off)
the file activities (which is a basic function of the system)
the search index stored in Elastic Search server
I think the Seafile software itself is not far from GDPR compliant.
If a user ask you to erase his/her data, you can delete its account and libraries, run GC to remove all deleted libraries from persistent storage. The login log of the user from database manually via SQL.
For the community edition, the only thing missing is login log, do we need to make it opt out on a user basis? Does not the user need to know the login history for security audit?
This should be possible via GUI/CLI from Seafile Server. In normal life admins don’t really mess with the DB on a regular basis. Do you expect all your paying customers to fiddle with the DB if they pay for this software? I would understand if you’d make such features PRO only though.
As far as I understand this freaking overly done law, yes. It would also be good if the admin can see/control such setting in the user overview.
@daniel.pan I’d really appreciate it if admin had option to disable all tracking (IP, user agent etc)
Also I think that the Storage Encryption Backend would also be available on the CE.
Or at least - and much more important - to delete his Information from the audit log (IP, metadata) after the user is deleted (as an extra option) and as @DerDanilo said it should be easy to do.
Maybe an option to disable the tracking for just some users but you’d still have the web server logs, so i don’t think this is needed as long as the user is using this system he needs to know that such things will be logged - But can easily be removed if he doesn’t use it anymore.
And a feature to export all that information about one user in the seafile system would help too, since the customer/user has the right to know which data is collected, so if the admin can click just one button and will receive a ZIP with all the Information about that user (like Google does it too).
The TL:DR for GDPR is that if you use personally identifiable information about a citizen of the EU you need to comply with it completely by May 25th 2018.
There needs to be a valid legal basis for processing personally identifiable informaion. Systems have to protect the rights of data subjects, Privacy notices must be adequate. Security of data and backups needs to be clearly documented and privacy and data protection should be by design. To my mind this rules out a lot of current cloud solution providers. It rules out backups being convenently dumped in cloud storage (unless encrypted). It rules out using dropbox or google cloud storage or AWS or icloud to store personally identifiable information. It is important therefore to act on GDPR now. Even if one EU citizen uses your product or service the product or service must comply with GDPR.
what about general setting for admins that would allow them to delete whole logging/limit it. I would really appreciate that. Also I think that would bring some users that have privacy as number 1 priority
By law Software needs to be compliant by the 25th may 2018.
We have to shut down Seafile theoretically until there is a solution in place.
A few weeks from now is not good enough. This was known for a long time already. I don’t get why it was not implemented earlier.
The login log of the user can be removed from database manually via SQL. So in theory, you don’t break the law if you manually delete it if the user request.
I’m in the US, so I’m not as familiar with the law, but I’m certain at some point, a similar law will be passed here.
So, my question is this. Does the law also apply to an individual that hosts their own data? What about an individual that runs Seafile out of their home but has a couple of friends that use it? What about non-profit organizations? Where is that line in the sand between private and public?