EU-GDPR - Privacy by design and default

[brevilo]

Let's use this issue for privacy-by-design-related topics that need to be addressed. I start with this one:

• On account creation the user's computers are publicly visible by default. Needs to be changed/inverted (show_hosts).
• FYI, we don't consider send_email to be problematic is this doesn't cause personal data to be shared.

[TheAspens]

I also think that when it comes to the data export, there should be a flag the user can opt into that indicates that the user agrees to export their data. If not set, then the data should not be exported.

In order to mitigate the fact that this would cause significantly fewer devices and users to be exported over time, we could add a summary.xml to the export that includes:

• Total credit on project (sum of user.total_credit)
• Total recent credit on project (sum of user.expavg_credit)
• Total number of users on project (count of user.total_credit > 0)
• Total number of active users on project (count of user.expavg_credit > 1)
• Total number of hosts on project (count of host.total_credit > 0)
• Total number of active hosts on project (count of host.expavg_credit > 1)

Stats sites could then use this data to provide aggregate data graphs for the project.

[brevilo]

Sounds good.

FTR: yet the consent to publish the personal stats data doesn't relieve the projects of GDPR's requirement to propagate a data erasure request to downstream data consumers. That effectively means you need to keep track of who you publish to.

[RichardHaselgrove]

Remember that BOINC itself participates in this merry-go-round of exported and re-imported stats to drive pages like https://boinc.berkeley.edu/chart_list.php

I think the data is aggregated by http://boinc.netsoft-online.com/e107_plugins/boinc/bp_home.php (another page which can't be accessed by https, it seems), which also provides the data for the 'Projects in which Richard Haselgrove is participating' panel on public pages like https://setiathome.berkeley.edu/show_user.php?userid=5509 - I'm not sure whether WCG participates in this process, so @TheAspens may not be so familiar with it.

Provided netsoft-online updates its code and processes along the lines we've been discussing, proper GDPR compliance should follow automatically, but it might be wise to reach out to James Drews sooner rather than later, because his site is rather less independent from BOINC than some of the others.

[brevilo]

The good things is that as soon as we lock down our stats exports, everyone we missed will surely be in contact very soon. But yes, Willy and James are on our radar. Thanks.

[drshawnkwang]

We (Oliver Tristan and I) discussed offline that the consent to stats exports, mentioned above, could be rolled into the Opt-in consent work/PR I am currently working on.

The front-end is simply an additional privacy preference, similar to the show computers preference, where the user consents to having his/her stats exported.

The back-end would use the new consent_type table, a record for for stats-exporting consent. And then when the user agrees, we can record this consent in the consent table with a timestamp.

[AenBleidd]

Is there something left here or this ticket can be closed?

[drshawnkwang]

The main item for this ticket, setting show_host to false by default has been merged. I will ask at the next contributors call whether there are other privacy options people care about.

[JuhaSointusalo]

@davidpanderson opened a ticket about host name and IP address. #2836

@drshawnkwang:

I will ask at the next contributors call whether there are other privacy options people care about.

Hmm, maybe better ask volunteers instead.

[AenBleidd]

Closing this as 'Done'