Hi, your website allows to search Docs. This automatically uses Google. IMHO it is very unfriendly not to warn people that an external data harvester is involved in your local search. Please consider adding a warning. BTW your website massively violates EU data privacy rights. You have no Impressum and no info about your privacy policy. Your website does not even have a contact address. -- mit freundlichen Grüssen Wolfgang Rohdewald
On Mon, Dec 04, 2023 at 11:01:07AM +0100, Wolfgang Rohdewald wrote:
Hi,
your website allows to search Docs. This automatically uses Google.
IMHO it is very unfriendly not to warn people that an external data harvester is involved in your local search.
Please consider adding a warning.
I've posted patches[1] to switch the search provider to DuckDuckGo and mention the fact that an external provider is used in the first place. Hopefully that mitigates your concerns somewhat.
BTW your website massively violates EU data privacy rights. You have no Impressum and no info about your privacy policy.
Honestly I have no idea what the requirements would be here, much less how to comply with them. Care to post some patches?
Your website does not even have a contact address.
There's a "contact" section in the footer, which links to all the relevant information. It seems to do its job, seeing as you managed to find your way to the mailing list after all :) [1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/FZT5A... -- Andrea Bolognani / Red Hat / Virtualization
On Mon, Dec 04, 2023 at 03:23:18AM -0800, Andrea Bolognani wrote:
On Mon, Dec 04, 2023 at 11:01:07AM +0100, Wolfgang Rohdewald wrote:
Hi,
your website allows to search Docs. This automatically uses Google.
IMHO it is very unfriendly not to warn people that an external data harvester is involved in your local search.
Please consider adding a warning.
I've posted patches[1] to switch the search provider to DuckDuckGo and mention the fact that an external provider is used in the first place. Hopefully that mitigates your concerns somewhat.
BTW your website massively violates EU data privacy rights. You have no Impressum and no info about your privacy policy.
Honestly I have no idea what the requirements would be here, much less how to comply with them. Care to post some patches?
Aside from the search, our is just static content, so I'm not sure how it can be said to be massively violating privacy. Even for the search, if you've not visited google before, you'll get prompted (by google) to agree to its terms before the search will be executed. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Since I do not know in which country libvirt.org legally lives (it does not say that), I do not know what regulations apply. But meanwhile all major US companies follow EU regulations - in general even worldwide. So maybe this is all irrelevant for you - but maybe not. Am Montag, dem 04.12.2023 um 11:32 +0000 schrieb Daniel P. Berrangé:
Aside from the search, our is just static content, so I'm not sure how it can be said to be massively violating privacy.
Please re-read. It is not about the content. The website defines no privacy policy which is against EU regulations.
Even for the search, if you've not visited google before, you'll get prompted (by google) to agree to its terms before the search will be executed.
Again - not to the point. For two reasons: 1. Sometimes I am desperate enough to use Google Search - but I want do decide myself when I want to. 2. the EU regulations request I am asked BEFORE the connection to google starts. Otherwise Google already learns something about me (it learns that I am interested in libvirt). I believe renaming the button to "search local Doc using Google" should be sufficient. But then again - I am not a lawyer. So I think it is libvirt.org having to ask me before connecting to Google. -- mit freundlichen Grüssen Wolfgang Rohdewald
On Mon, Dec 04, 2023 at 01:03:07PM +0100, Wolfgang Rohdewald wrote:
Since I do not know in which country libvirt.org legally lives (it does not say that), I do not know what regulations apply. But meanwhile all major US companies follow EU regulations - in general even worldwide. So maybe this is all irrelevant for you - but maybe not.
Am Montag, dem 04.12.2023 um 11:32 +0000 schrieb Daniel P. Berrangé:
Aside from the search, our is just static content, so I'm not sure how it can be said to be massively violating privacy.
Please re-read. It is not about the content. The website defines no privacy policy which is against EU regulations.
Please provide any source for this requirement that applies to libvirt.org. That site has only static pages, it doesn't collect any personal data and based on my quick search the requirement for privacy policy is when you do collect personal data which is not our case.
Even for the search, if you've not visited google before, you'll get prompted (by google) to agree to its terms before the search will be executed.
Again - not to the point. For two reasons:
1. Sometimes I am desperate enough to use Google Search - but I want do decide myself when I want to.
2. the EU regulations request I am asked BEFORE the connection to google starts. Otherwise Google already learns something about me (it learns that I am interested in libvirt). I believe renaming the button to "search local Doc using Google" should be sufficient. But then again - I am not a lawyer.
Agreed that having a button that redirects to google is not a good user experience. But if you claim that it is required by EU regulation to notify user before redirecting to some other website please provide us with any relevant source information to support that claim. Pavel
On Mon, Dec 04, 2023 at 03:30:03PM +0100, Pavel Hrdina wrote:
On Mon, Dec 04, 2023 at 01:03:07PM +0100, Wolfgang Rohdewald wrote:
Since I do not know in which country libvirt.org legally lives (it does not say that), I do not know what regulations apply. But meanwhile all major US companies follow EU regulations - in general even worldwide. So maybe this is all irrelevant for you - but maybe not.
Am Montag, dem 04.12.2023 um 11:32 +0000 schrieb Daniel P. Berrangé:
Aside from the search, our is just static content, so I'm not sure how it can be said to be massively violating privacy.
Please re-read. It is not about the content. The website defines no privacy policy which is against EU regulations.
Please provide any source for this requirement that applies to libvirt.org. That site has only static pages, it doesn't collect any personal data and based on my quick search the requirement for privacy policy is when you do collect personal data which is not our case.
I think the problem is really rather fuzzy. The first issue is that there is no legal notion of "libvirt" as an entity, which it turn makes it harder to say whom has responsibility for any parts the GDPR. The project exists only in so much as a selection of contributors being members of the gitlab group. The services used by a project come from a variety of sources. The main project infra is all run by GitLab. The mailing lists are run by Red Hat. The web server is on a personal server belonging to the project's founder. I think the responsibility (probably) likely lies with the various providers of infrastructure. WRT libvirt.org, if there are web server logs, the IP addr within can be considerered PII. It could be claimed that collecting web servers logs is a neccessary function for running websites (eg to identify hostile traffic) and thus not require consent. If you're mining the data logs and correlating with other info though, it probably would require consent. For avoidance of doubt: we're not doing the latter. In the end it probably doesn't hurt to have a simple privacy page that says we're not doing anything untoward with server logs, etc. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Am Montag, dem 04.12.2023 um 03:23 -0800 schrieb Andrea Bolognani:
I've posted patches[1] to switch the search provider to DuckDuckGo and mention the fact that an external provider is used in the first place. Hopefully that mitigates your concerns somewhat.
It will - when done. Thanks anyway.
BTW your website massively violates EU data privacy rights. You have no Impressum and no info about your privacy policy.
Honestly I have no idea what the requirements would be here, much less how to comply with them. Care to post some patches?
Keywords: Règlement général sur la protection des données RGPD Datenschutz-Grundverordnung (DSGVO) General Data Protection Regulation GDPR) Not knowing where you live - I am sure you will find an Italian translation. I actually downloaded the source and searched for some visible text from the website but I did not find anything. Maybe I was too fast. Anyway I will never do or propose changes which will have legal consequences. This must be done by the person legally responsible for the website.
Your website does not even have a contact address.
There's a "contact" section in the footer, which links to all the relevant information. It seems to do its job, seeing as you managed to find your way to the mailing list after all :)
This is probably not enough. I am quite sure the requirements are - directly reachable - no subscription to a mailing list (n/a) - private communication (n/a) - fast answers (done) Actually I would really have preferred not to publish this thread. Might sometimes be better for you too. Like when somebody wants to tell you about malware on your site. -- mit freundlichen Grüssen Wolfgang Rohdewald
On Mon, Dec 04, 2023 at 01:03:09PM +0100, Wolfgang Rohdewald wrote:
Am Montag, dem 04.12.2023 um 03:23 -0800 schrieb Andrea Bolognani:
I've posted patches[1] to switch the search provider to DuckDuckGo and mention the fact that an external provider is used in the first place. Hopefully that mitigates your concerns somewhat.
It will - when done. Thanks anyway.
BTW your website massively violates EU data privacy rights. You have no Impressum and no info about your privacy policy.
Honestly I have no idea what the requirements would be here, much less how to comply with them. Care to post some patches?
Keywords: Règlement général sur la protection des données RGPD Datenschutz-Grundverordnung (DSGVO) General Data Protection Regulation GDPR)
Not knowing where you live - I am sure you will find an Italian translation.
I actually downloaded the source and searched for some visible text from the website but I did not find anything. Maybe I was too fast.
Anyway I will never do or propose changes which will have legal consequences. This must be done by the person legally responsible for the website.
Your website does not even have a contact address.
There's a "contact" section in the footer, which links to all the relevant information. It seems to do its job, seeing as you managed to find your way to the mailing list after all :)
This is probably not enough. I am quite sure the requirements are - directly reachable - no subscription to a mailing list (n/a) - private communication (n/a) - fast answers (done)
Please provide any relevant source that applies to libvirt.org stating that we must and are legally required to provide contact information that you are listing here. My quick search produced such requirements only for companies and businesses which we are not. Pavel
Am Montag, dem 04.12.2023 um 15:39 +0100 schrieb Pavel Hrdina:
Please provide any relevant source that applies to libvirt.org stating that we must and are legally required to provide contact information that you are listing here.
The legal owner of libvirt.org - whoever that is - should really consult a lawyer. I gave you keywords to search for like General Data Protection Regulation GDPR A quick search produces: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation https://www.tomsguide.com/how-to/how-to-make-a-website-gdpr-compliant GDPR actually says it applies worldwide if the website is accessible in the EU. (EU only follows other countries imposing their rules worldwide ...) There is no general exception for personal websites even if some discussions only mention businesses like tomsguide. The only exception is when your website is only for your personal use or for your family. https://law.stackexchange.com/questions/28070/would-gdpr-affect-my-own-perso... I'd rather stop the discussion here - there is really nothing else to be said IMHO -- mit freundlichen Grüssen Wolfgang Rohdewald
On Mon, Dec 04, 2023 at 04:27:55PM +0100, Wolfgang Rohdewald wrote:
Am Montag, dem 04.12.2023 um 15:39 +0100 schrieb Pavel Hrdina:
Please provide any relevant source that applies to libvirt.org stating that we must and are legally required to provide contact information that you are listing here.
The legal owner of libvirt.org - whoever that is - should really consult a lawyer.
I created that project, I run the web site on my pocket money. I'm not gonna spend more money getting a lawyer, sorry, nope.
I gave you keywords to search for like
General Data Protection Regulation GDPR
A quick search produces: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation https://www.tomsguide.com/how-to/how-to-make-a-website-gdpr-compliant
GDPR actually says it applies worldwide if the website is accessible in the EU.
"he GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business.[1] " We are not a business. We don't collect personal data on the web site, no identity, no registration, the search is externalized, game over, sorry not applicable, thanks you for raising your concerns but as the owner of the domain I deny applicability of what you pointed, Daniel
(EU only follows other countries imposing their rules worldwide ...)
There is no general exception for personal websites even if some discussions only mention businesses like tomsguide. The only exception is when your website is only for your personal use or for your family.
https://law.stackexchange.com/questions/28070/would-gdpr-affect-my-own-perso...
I'd rather stop the discussion here - there is really nothing else to be said IMHO
-- mit freundlichen Grüssen
Wolfgang Rohdewald _______________________________________________ Users mailing list -- users@lists.libvirt.org To unsubscribe send an email to users-leave@lists.libvirt.org
-- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (5)
-
Andrea Bolognani -
Daniel P. Berrangé -
Daniel Veillard -
Pavel Hrdina -
Wolfgang Rohdewald