Recent Topics

Data Portability - Export Format

Started by on Dec 30, 2017 – Contents updated: Mar 09, 2018

Dec 30, 2017 00:19    

About Data Portability - Users can request all their data

Is there a particular format we need to use?

Can we make an XML dump of user profile + posts + comments + private messages (with any XML vocabulary we want to use) ?

Dec 30, 2017 06:31

GDPR does not refer to specific formats or technologies for data portability. GDPR demands portability in a " structured, commonly used, machine-readable and interoperable format" (Regulation 68). XML is a structured, commonly used and machine-readable format. WG29 expressively refers to XML, Jason, CSV. So IMHO XML is according to legal demands.

Dec 30, 2017 07:18

Recommendation:
GDPR demands secure transmission of the data. So in a way you should inform the owner of a b2e instance that she has to take care for a secure, end-to-end encryption and that this is nothing the b2evolution Software can establish. This way you can comply with the demand on information towards this issue.

Therefore:
The owner of a b2e instance should be able to customize porting. In case she could not offer e.g. SSL or another secure end-to-end encryption she should be able to stop the process before providing to download and give some information to the user instead. The owner himself then has to find a way to send the data in a GDPR compliant way. (E.g. she could encrypt the data by veracrypt, truecrypt or PGP and transfer the data. The user, who asks for data transfer should have the option to choose by a form. But software automation does stop at this point of process and further handling lies in the responsibility of the collection owner in case there is no SSL)

Dec 30, 2017 22:34

Ok, is the user allowed to specify “ I don’t care about security, just let me download my data now!” ?

Mar 08, 2018 19:11

@fplanque sorry, I got no push notification of your last posting or did not recognize the mail.

Not so easy to answer. The user should have an option to download the data in a secure way.
If both options are available, may be it is GDPR compliant to offer an unsecure download, too, which can be used after consenting. But I doubt, that offering no alternative to an unsecure download is compliant to GDPR.

Mar 08, 2018 22:46

We'll make a file available to the admin and the admin and user can decide how to transmit it.


Form is loading...

powered by b2evolution CMS – This forum is powered by b2evolution CMS, a complete engine for your website.