[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-project-leadership] General Data Protection Regulation(GDPR) at Eclipse Foundation

> Project sites who are not using the Quicksilver theme will need to make sure that their website is fully compliant with the GDPR (http://ec.europa.eu/justice/smedataprotect/index_en.htm).
> While we may identify additional requirements in the following weeks, at a minimum our audit will include confirming a project website fulfills the following requirements:

Will you also check whether the Quicksilver theme is used and report it?

Dani



From:        Christopher Guindon <chris.guindon@xxxxxxxxxxxxxxxxxxxxxx>
To:        eclipse.org-project-leadership@xxxxxxxxxxx
Date:        04.05.2018 22:43
Subject:        [eclipse.org-project-leadership] General Data Protection Regulation        (GDPR) at Eclipse Foundation
Sent by:        eclipse.org-project-leadership-bounces@xxxxxxxxxxx




Dear Eclipse Project Leads,

As you may know, a new EU regulation referred to as the General Data Protection Regulation (GDPR), which covers data protection and privacy for all individuals within the European Union, becomes enforceable on May 25th, 2018.

The Eclipse Foundation is taking this new regulation very seriously and we are taking the necessary steps to make sure that we are compliant before the GDPR deadline.

We are writing to inform you of the steps that are relevant to you, and to seek your support in ensuring all of the Foundation’s web properties, including project websites, are in conformance.  We understand the timelines associated with this conformance are tight, and appreciate your prompt actions.  As you can imagine, this is a major undertaking for the Foundation - your prompt attention to ensure the appropriate steps are taken by your project are appreciated. 

Project Website Audits and Required Updates

We plan on auditing every Eclipse project website for compliance. This includes web properties and applications hosted on Foundation-provided resources, such as project virtual servers. If an application or site is not compliant, effective May 24th, we will be forced to disable the website and redirect traffic to their respective PMI project page.
 
Once disabled, a project site will need to demonstrate to the Eclipse Foundation that its site is compliant before it can be re-enabled. This can be done by opening a bug and requesting a review from the IT Services team.

The Eclipse Foundation is planning to include GDPR-compliant features in our Quicksilver theme, for example the Quicksilver theme will include a new website privacy policy popup. 

Project sites who are not using the Quicksilver theme will need to make sure that their website is fully compliant with the GDPR (http://ec.europa.eu/justice/smedataprotect/index_en.htm).

While we may identify additional requirements in the following weeks, at a minimum our audit will include confirming a project website fulfills the following requirements:

1.        All project web pages must include a footer that prominently links back to key pages, and a copyright notice.  The following minimal set of links must also be included on the footer for all pages in the official project website:

1.        Main Eclipse Foundation website (http://www.eclipse.org);

2.        Privacy policy (http://www.eclipse.org/legal/privacy.php);

3.        Website terms of use (http://www.eclipse.org/legal/termsofuse.php);

4.        Copyright agent (http://www.eclipse.org/legal/copyright.php); and

5.        Legal (http://www.eclipse.org/legal).

2.        Approved Eclipse logos are available on the Eclipse Logos and Artwork page: https://eclipse.org/artwork/

3.        A user must be requested to give their consent, and explicit consent must be given by the user before a project website can start using cookies. This requirement also includes cookies used by 3rd party services such as, but not limited to: Google Analytics, Google Tag Manager, and social media widgets. 

4.        Project websites must not collect and/or store and/or display personal information.

5.        Project websites using 3rd party services such as, but not limited to, google analytics must be explicit about which company or companies have access to the data collected. For example, the project website must identify on their website the individuals or organizations who have access to google analytics data.


We are currently using Bug 534384 - The General Data Protection Regulation (GDPR) at the Eclipse Foundation https://bugs.eclipse.org/bugs/show_bug.cgi?id=534384 to define action items that we must do before the GDPR deadline!

Feel free to post questions, feedback or concerns on this bug as we work together to protect the personal information of our users!

-- 
Christopher Guindon
Lead Web Developer
Eclipse Foundation
Twitter: @chrisguindon

_______________________________________________
eclipse.org-project-leadership mailing list
eclipse.org-project-leadership@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-project-leadership

IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation.  To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.