[GNC-dev] GDPR and gnucash as a project

[Geert Janssens]

Op dinsdag 22 mei 2018 16:36:47 CEST schreef David T.:
> Geert,
> 
> I am not fluent with the issues of the GDPR, but I have had a lifetime of
> considering intellectual property issues (as a librarian). Personal
> contributions of ideas, thoughts, or intellectual content are IMHO NOT
> personal data, even when signed by an individual’s name*.

> Those would fall
> under intellectual property/copyright rules rather than personal data.

> It is my understanding also that use of GPL addresses the question of IP
> rights in code and documentation; if a user contributes to the GC project
> in these areas, they do so with this release understood.

I had given this some more thought as well. And I agree that our code and 
documentation licenses handle this.
Because of these licenses I see a code/documentation contribution as happening 
under a contract. So the GDPR doesn't apply there as far as I'm concerned.
Or put differently in my own simplified words: our code is regulated by 
copyright law. In order to be able to assert copyright (even in copyleft form) 
the author of the protected work must be known. So if someone contributes a 
patch that person must be identified together with the patch or copyright 
can't work. So "the right to be forgotten" doesn't apply due to the legal 
framework in which the personal data (user's name/email) is used.

> It is also my
> understanding that unless someone explicitly states otherwise, their
> posting of information in a public place (such as a website, wiki, mailing
> list, etc.) would constitute permission to release that information
> generally.

Sounds reasonable to me. Though we may be required to mention this more 
explicitly in various places.

> 
> David T.
> 
> * - I would be extremely surprised to find that a user’s name, in and of
> itself, would constitute protected personal information.

That does sound reasonable to me as well.

Geert