[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [eclipse.org-project-leadership] General Data Protection Regulation(GDPR) at Eclipse Foundation
|
> Project sites who are not using the Quicksilver theme will need to make
sure that their website is fully compliant with the GDPR (
http://ec.europa.eu/justice/smedataprotect/index_en.htm).
> While we may identify additional requirements in the following weeks, at
a minimum our audit will include confirming a project website fulfills the
following requirements:
Will you also check whether the Quicksilver theme is used and report it?
Dani
From: Christopher Guindon <chris.guindon@xxxxxxxxxxxxxxxxxxxxxx>
To: eclipse.org-project-leadership@xxxxxxxxxxx
Date: 04.05.2018 22:43
Subject: [eclipse.org-project-leadership] General Data Protection
Regulation (GDPR) at Eclipse Foundation
Sent by: eclipse.org-project-leadership-bounces@xxxxxxxxxxx
Dear Eclipse Project Leads,
As you may know, a new EU regulation referred to as the General Data
Protection Regulation (GDPR), which covers data protection and privacy for
all individuals within the European Union, becomes enforceable on May
25th, 2018.
The Eclipse Foundation is taking this new regulation very seriously and we
are taking the necessary steps to make sure that we are compliant before
the GDPR deadline.
We are writing to inform you of the steps that are relevant to you, and to
seek your support in ensuring all of the Foundation?s web properties,
including project websites, are in conformance. We understand the
timelines associated with this conformance are tight, and appreciate your
prompt actions. As you can imagine, this is a major undertaking for the
Foundation - your prompt attention to ensure the appropriate steps are
taken by your project are appreciated.
Project Website Audits and Required Updates
We plan on auditing every Eclipse project website for compliance. This
includes web properties and applications hosted on Foundation-provided
resources, such as project virtual servers. If an application or site is
not compliant, effective May 24th, we will be forced to disable the
website and redirect traffic to their respective PMI project page.
Once disabled, a project site will need to demonstrate to the Eclipse
Foundation that its site is compliant before it can be re-enabled. This
can be done by opening a bug and requesting a review from the IT Services
team.
The Eclipse Foundation is planning to include GDPR-compliant features in
our Quicksilver theme, for example the Quicksilver theme will include a
new website privacy policy popup.
Project sites who are not using the Quicksilver theme will need to make
sure that their website is fully compliant with the GDPR (
http://ec.europa.eu/justice/smedataprotect/index_en.htm).
While we may identify additional requirements in the following weeks, at a
minimum our audit will include confirming a project website fulfills the
following requirements:
1. All project web pages must include a footer that prominently links
back to key pages, and a copyright notice. The following minimal set of
links must also be included on the footer for all pages in the official
project website:
1. Main Eclipse Foundation website (http://www.eclipse.org);
2. Privacy policy (http://www.eclipse.org/legal/privacy.php);
3. Website terms of use (http://www.eclipse.org/legal/termsofuse.php
);
4. Copyright agent (http://www.eclipse.org/legal/copyright.php); and
5. Legal (http://www.eclipse.org/legal).
2. Approved Eclipse logos are available on the Eclipse Logos and
Artwork page: https://eclipse.org/artwork/
3. A user must be requested to give their consent, and explicit
consent must be given by the user before a project website can start using
cookies. This requirement also includes cookies used by 3rd party services
such as, but not limited to: Google Analytics, Google Tag Manager, and
social media widgets.
4. Project websites must not collect and/or store and/or display
personal information.
5. Project websites using 3rd party services such as, but not limited
to, google analytics must be explicit about which company or companies
have access to the data collected. For example, the project website must
identify on their website the individuals or organizations who have access
to google analytics data.
We are currently using Bug 534384 - The General Data Protection Regulation
(GDPR) at the Eclipse Foundation
https://bugs.eclipse.org/bugs/show_bug.cgi?id=534384 to define action
items that we must do before the GDPR deadline!
Feel free to post questions, feedback or concerns on this bug as we work
together to protect the personal information of our users!
--
Christopher Guindon
Lead Web Developer
Eclipse Foundation
Twitter: @chrisguindon
_______________________________________________
eclipse.org-project-leadership mailing list
eclipse.org-project-leadership@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-project-leadership
IMPORTANT: Membership in this list is generated by processes internal to
the Eclipse Foundation. To be permanently removed from this list, you
must contact emo@xxxxxxxxxxx to request removal.