Privacy in Django (GDPR)

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Privacy in Django (GDPR)

Johannes Hoppe
Hi there,

I am following up on  [ Will's great talk during DjangoConEU 2018]. If you haven't watched the talk or don't know what GDRP is, I'd highly recommend watching it before you continue reading. The following message will be a collection of the things that have been discussed during the conferences regarding GDRP.

Purpose of this post:
Discuss best ways Django as a community can do to support it's developers to deal with GDRP and build software that is GDPR compliant by design.

We had plenty of discussion afterwards here is the current common sense:

GDPR is a shift is a shift in software design and architecture. It introduces a concept of data ownership on users bases in contrast to the previous single owner (webmaster). It is within the responsibility of a web framework now to not only provide built in security but also privacy.

Furthermore Django does provide built in ways to store (process) private data, namely

- first name
- last name
- email
- username

all of which can be used to identify an individual. That being said Django does currently not supply any easy way to ensure GDPR compliance for this data.

After a lot of discussion it does not seem feasible to just go ahead and implement something in Django just now. Therefore I we should create a Django privacy workgroup. The primary focus of this workgroup would be to support the Django community. I would suggest to do this though a DEP (Django Enhancement Proposal) as well as a public tutorial. The tutorial should point out best practices on how to deal with personal or sensitive personal data. How to provide interfaces to ensure portability, the right to be forgotten or processed.


Johannes Hoppe

Want to chat? Let's get a coffee!

Lennéstr. 19
14469 Potsdam

USt-IdNr.: DE284754038

You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at
To view this discussion on the web visit
For more options, visit