Privacy in Django (GDPR)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Privacy in Django (GDPR)

Johannes Hoppe
Hi there,

I am following up on  [https://www.youtube.com/watch?v=b6KEoNVKFxM Will's great talk during DjangoConEU 2018]. If you haven't watched the talk or don't know what GDRP is, I'd highly recommend watching it before you continue reading. The following message will be a collection of the things that have been discussed during the conferences regarding GDRP.

Purpose of this post:
Discuss best ways Django as a community can do to support it's developers to deal with GDRP and build software that is GDPR compliant by design.

We had plenty of discussion afterwards here is the current common sense:

GDPR is a shift is a shift in software design and architecture. It introduces a concept of data ownership on users bases in contrast to the previous single owner (webmaster). It is within the responsibility of a web framework now to not only provide built in security but also privacy.

Furthermore Django does provide built in ways to store (process) private data, namely

- first name
- last name
- email
- username

all of which can be used to identify an individual. That being said Django does currently not supply any easy way to ensure GDPR compliance for this data.

After a lot of discussion it does not seem feasible to just go ahead and implement something in Django just now. Therefore I we should create a Django privacy workgroup. The primary focus of this workgroup would be to support the Django community. I would suggest to do this though a DEP (Django Enhancement Proposal) as well as a public tutorial. The tutorial should point out best practices on how to deal with personal or sensitive personal data. How to provide interfaces to ensure portability, the right to be forgotten or processed.

Best
-Joe

--
Johannes Hoppe

www.johanneshoppe.com

Want to chat? Let's get a coffee!
https://calendly.com/codingjoe/coffee

Lennéstr. 19
14469 Potsdam

USt-IdNr.: DE284754038

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAPcC2o%3DanXMqz%3DaqKSjsgN6PsxGuND8atgevp6Ti_gjqYW9B2w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Privacy in Django (GDPR)

Vasili Korol
I outlined the problem of parent domain cookies included in Django's error reports, which may be a problem due to GDPR.
There's a ticket in the Django bugtracker:   https://code.djangoproject.com/ticket/29714
And a discussion in the 'developers' group:  https://groups.google.com/forum/#!topic/django-developers/rABXPO-xVAo

So far, the proposed solution is to implement better customization of error reports, which would allow disabling the inclusion of cookies.

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/169637fd-a8cf-463b-9f82-a9ffa1d93d39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Privacy in Django (GDPR)

Johannes Hoppe
A college just referred this new package to me:

https://github.com/wildfish/django-gdpr-assist

On Tuesday, August 28, 2018 at 11:14:51 AM UTC+2, Vasili Korol wrote:
I outlined the problem of parent domain cookies included in Django's error reports, which may be a problem due to GDPR.
There's a ticket in the Django bugtracker:   <a href="https://code.djangoproject.com/ticket/29714" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fcode.djangoproject.com%2Fticket%2F29714\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEGqAFAJ369H6vUNUg0k4JBD38rcQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fcode.djangoproject.com%2Fticket%2F29714\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEGqAFAJ369H6vUNUg0k4JBD38rcQ&#39;;return true;">https://code.djangoproject.com/ticket/29714
And a discussion in the 'developers' group:  <a href="https://groups.google.com/forum/#!topic/django-developers/rABXPO-xVAo" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/forum/#!topic/django-developers/rABXPO-xVAo&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/forum/#!topic/django-developers/rABXPO-xVAo&#39;;return true;">https://groups.google.com/forum/#!topic/django-developers/rABXPO-xVAo

So far, the proposed solution is to implement better customization of error reports, which would allow disabling the inclusion of cookies.

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/d8812722-2943-41ca-8171-c104a96691ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.