#todayilearned what the GDPR means for the Git commit log. After all it's personal data there in a sort-of immutable chain. What happens if someone invokes the right to be forgotten?
Enter Steve Winslow from the Linux Foundation, today at his webinar. He said something similar but doesn't fully confirm that "legal obligation" is the proper lawful basis for processing.
-
-
There is also the lawful basis "for the performance of a contract", and you could say a git commit and an open source contribution is an activity as part of a contract.
Show this thread -
In any case, he stated that in case of open source projects it's probably best if you make use of the Developer Certificate of Origin: https://developercertificate.org/ Mention this in e.g. your CONTRIBUTING file.
Show this thread -
This makes it clear to contributors that personal data pertaining to the contribution will remain public indefinitely, which opens the possibility to use "legitimate interest" as the lawful basis of processing.
Show this thread -
So yeah, it seems there are enough ways to prevent having to rewrite your Git history every time someone sends a "right to be forgotten" request
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.