By Luca Marzo on 2018-12-08 21:52 in Privacy Compliance Team

This Special Meeting has been held on December 6, 2018 at 11.30 CET on Glip.

Participants

In attendance:

• Heather Burns, Member of the WordPress Core Privacy Team,
• Luca Marzo, Secretary of Open Source Matters / Joomla!
• Achilleas Papageorgiou, Leader of the Joomla! Compliance Team

Discussion outline

This meeting has been held as a response to the tweet of Heather about the idea of a Cross-CMS Privacy and Compliance group, where members from the major CMS could collaborate, exchange ideas, results, opinions and best practices. GDPR and other privacy regulations and laws had and will continue to have impacts on the CMS and the whole web. Each major CMS had to deal with the new regulation requirements, implementing new features and changing some of the core behaviors in order to comply with the law. But the Communities had also to work on the compliance as organization and this, for example, has been the major focus for the Joomla Compliance Team during this year.

The idea of a Cross-CMS Compliance Coalition has been launched by Chris Teitzel and Heather Burns at a Drupal Conference. The Joomla Compliance Team is more than happy to be part of this Coalition and to put in common the experience and the knowledge acquired while working on the compliance of Joomla as organization.

During the meeting, Achilleas and Luca shared the strategy adopted by the team that brought the design and development of the Identity Management System to be deployed across the Joomla.org properties.

Heather shared her experience in the WordPress Core Privacy Team, the strategy adopted and the challenges faced. She talked about the new features included in the WordPress core to reach compliance with GDPR and asked information on how Joomla as CMS dealt with the new European Privacy regulation.

Luca presented the Privacy Tool Suite and the new features introduced in Joomla 3.9 to help the work of webmasters towards compliance with GDPR, thanks to the huge work done by Michael Babker and all the other volunteers who coded and tested the features of the new version of the CMS.

The attendees discussed about the consent management as well as the effect on Cookie management requirements defined by the upcoming EU ePrivacy Directive and the status of the US Privacy Shield.

Heather is following closely the development of the ePrivacy Directive and will share her findings with the team in order to define a common set of requirements.

Heather proposed to create a shared GitHub repository where to share findings, guidance and updates. The Joomla Project is more than happy to host such repository on its GitHub.

The Cross CMS Compliance Coalition repository is available at https://github.com/joomla/cross-cms-compliance. Contributions are more than welcome.

The future challenges on privacy and compliance with several different frameworks and laws, not limited to GDPR, produce many complex issues that Open Sources Projects have to overcome and a Cross-CMS Coalition that could act as a bridge for sharing best practices and guidance between the Communities would unleash the power of open collaboration and shared knowledge.

It has been a very great meeting with a lot of enthusiasm and a very interesting context.

The attendees would hope that the meeting could result as the foundation of this new cross-community initiative and would like to invite Chris Teitzel and other members from the WordPress, Drupal and Joomla Communities to join this informal group and share their knowledge and efforts.

If you want to join the initiative feel free to contact compliance@community.joomla.org