GDPR/Compliance Team Meeting - February 26, 2020
By Achilleas Papageorgiou on 2020-03-03 14:58 in Privacy Compliance Team
This meeting of the Joomla! Compliance Team has been held on February 26, 2020, at 16.30 CET on Glip.
Participants
In attendance: Achilleas Papageorgiou, Luca Marzo, Sandra Decoux, Roland Dalmulder, Alkaios Anagnostopoulos, Donata Kalnenaite.
The minutes below also include the updates that were shared through a shorter (85 mins) meeting on 12/02.
Discussion outline
- Luca shared with Donata the situation that exists in some of the legal agreements/contracts that the project maintains with third parties (to provide services on its domains) to conclude if and which changes could be improved to better describe responsibilities between the two involved parties under GDPR.
- Donata provided an extended doc that includes proposed changes towards successful contract amendments. Luca thanked Donata for her amazing work. Luca will share with the Board the amendments before proceeding and propose the above amendments to the Launch and to the Domains partnership agreements to better include roles, responsibilities, and rights.
- Alkaios prepared all the final changes to the cookie script to be merged to the PR that it will be submitted to the template repo. Sander & Roland tested the final script and confirmed that the functionality was the desired. Team also tested the script and confirmed functionality.
- Sander shared with the team that additional ads were activated to CJO and possibly additional cookies are installed. Luca shared a report by an automated tool to help conclude which are the additional cookies that are installed. Alkaios, also performed an audit regarding the cookies that CJO installs. The cookies related situation is complicated as several cookies are generated on the fly and the team worked to provide ideas and directions on how to extend the already cookie script functionality to manage also these cookies.
- Meanwhile, CIVIC, the provider of the cookie script released a major update to 9.x version that Roland shared with Alkaios to be discussed. Alkaios prepared a doc that shared with the team the major issues that the updated version provides to be discussed. 3 major axis where discussed that includes accessibility, IAB Europe TCF and Ad Vendors Configuration. Roland, Achilleas, and Alkaios proposed that the cookie script should include all the new updates.
- Roland proposed that a tool should be proposed to Webmasters in order to easier audit and shared any new cookies found on their properties to be included in the cookie script.
- Privacy Policy doc was extensively discussed by Donata, Luca, and Achilleas. Luca to fill in the missing points on it and then share it for review with Donata and the team.
- Luca shared with the team the content of the article that it is expected to be published on the upcoming issue of Joomla! Community Magazine (JCM). The team found that very well structured and informative.
- Reino’s article regarding the Data Processor Role will also be included in the upcoming JCM issue.
- Roland and Sander are planning the next steps regarding the SSO/IdMS launch. Roland shared with the team that 2FA, a well-known function of Joomla!, should be enforced towards the provision of strongest authentication mechanisms.
Join the Compliance Team
The Joomla Compliance Team is an active and dynamic team that is currently involved in several different tasks that include legal compliance, privacy-related reports, design thinking, development, document reviews and decision making, privacy consultancy, Cross-CMS collaborative activities and more. The Joomla Compliance Team is looking for new volunteers.
Lawyers, people with legal/compliance background, GDPR/data protection specialists and developers are more than welcome to join the team. Please get in touch with Achilleas Papageorgiou achilleas.papageorgiou@community.joomla.org
Next meeting will take place on March 11, 2020, at 16.30 CET on Glip.
Meeting ends after 90 minutes.