zlacker

[parent] [thread] 3 comments
1. madeof+(OP)[view] [source] 2018-05-18 12:04:04
This is already a “solved problem” though. If you post copyrighted material to Github, Github will have to remove it.

If you’re posting users information to a public repo, then you fully deserve whatever impacts you’ll face when you have to delete it.

replies(2): >>spacen+ub >>aeorgn+bj
2. spacen+ub[view] [source] 2018-05-18 13:53:55
>>madeof+(OP)
I'm not talking about copyrighted or otherwise shady stuff pushed to GitHub. My concern is what's supposed to happen when a GitHub user requests GitHub to delete their entire account and all the personally identifying information they have on them. Clearly GDPR calls for this to be possible, yet that would mean that GitHub would have to delete this user's commits (which usually contain full names and mail addresses). Clearly they can't reasonably do that though.
3. aeorgn+bj[view] [source] 2018-05-18 14:50:33
>>madeof+(OP)
> If you’re posting users information to a public repo

Like their name and email address in every commit they submit?

I've already seen a notice from GitLab requiring me to consent to waive my rights to have that info deleted if, e.g. I were to contribute to the GitLab open source project. But I'm not sure that that's even enough for GDPR.

replies(1): >>jhurew+Zq
◧◩
4. jhurew+Zq[view] [source] [discussion] 2018-05-18 15:46:51
>>aeorgn+bj
The waiver is only one aspect of it. Waiver only applies when consent is required. Article 6 of GDPR also allows for the use of personal information when "processing is necessary for the performance of a contract to which the data subject is party..." Consent is not required when it is a necessary part of performance under a contract. GitLab's updated terms state that as part of the agreement to voluntarily contribute to GitLab projects, contributors acknowledge and agree that their personal information will become part of the repository as part of the Git functionality. Therefore, their personal information will not be deleted and will remain in the repository so as not to impact the code base. This only applies to those who contribute to GitLab projects. This does not apply to general use of the software. There is still much that is unclear regarding GDPR but we are doing our best to comply and protect individuals' privacy. An important function of this waiver and acknowledgement is to provide transparency to our contributors. If an individual does not want their information to be maintained, they have the option not to contribute.
[go to top]