[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A note from GitHub about your repository





On Wed, Oct 10, 2018 at 9:50 AM Morgan (GitHub Support) <support@github.com> wrote:

Hi Kurt,

Thanks for your reply, and apologies for the delay in coming back to you.

We appreciate that you may have properly obtained consent from the user to public their information publicly; but at this time, the user has withdrawn that consent, as they are permitted to under GDPR.


This isn't entirely true. You can't for example call your local tax authority and tell them you're withdrawing consent from being processed. For a variety of business process and technology and legal reasons it is possible for this "right to be forgotten" to not universally apply.
 

We feel that it's in everyone's best interests to have you and the user connect to figure out what's an appropriate solution. Since you


I already did, I thought it was at an end and then they made this complaint. I think an appropriate solution is "you consented, TWICE, to publishing your email address publicly, you could have chosen NOT to give consent and used an alternate email address specifically for this purpose, as such we are not removing your data". 

 

already have the user's information, we'd recommend you reach out to them directly to discuss a resolution. Please be advised that, until you're able to work out an alternative with the user, we need you to remove the user's personal information, or we'll be required to remove the repository. We'll check back in a week to see if this has been resolved. If not, we will need to disable the repository. Please let us know if you have any other questions.


To the board: it looks like the CVE community will need to stop using GitHub until this is resolved as their current interpretation of GDPR essentially makes it impossible for the DWF to use the CVE data people submit (as they can revoke it, even after agreeing in a positive manner). I will be transitioning the DWF off of GitHub when I have time. I also suspect this means MITRE and others cannot use GitHub safely as well. 
 

Cheers,
Morgan



--
Kurt Seifried
kurt@seifried.org

Page Last Updated or Reviewed: October 10, 2018