Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-3653

EU General Data Protection Regulation (GDPR)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Answered
    • Affects Version/s: 4.8, 5.7, 6.1, 7.0
    • Fix Version/s: None
    • Component/s: API
    • Labels:
      None
    • Attachments:
      0
    • Comments:
      22
    • Documentation Status:
      Needed

      Description

      From 25 May 2018, the new European General Data Protection Regulation (GDPR) law will apply. This law enforces that personal data of EU citizens can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law. This also applies to non-EU based organisations. An overview of this new law can be found here https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

      The definition of "personal data" is very broad: name, e-mail, location, ip, tweets, pictures, identifiers…

      We need to assess how this impacts DSpace and implement improvements to make DSpace compliant with the GDPR. Otherwise organisations using DSpace will risk high EU fines.

      Based on my initial reading, these aspects of DSpace are impacted:

      • The information we capture for usage events in the DSpace log files and SOLR statistics core (see https://piwik.pro/blog/how-will-gdpr-affect-your-web-analytics-tracking/)
      • The ability to delete an eperson account even if that eperson is the submitter of certain items.
      • How DSpace stores or logs identifiers (ORCIDs, email, authority control records, ip addresses... )
      • How DSpace does its session management by returning a session ID cookie. In the future this can only be done on explicit consent (see Piwik blog post).
      • Support the right to erase private items linked to a specific eperson (We do not need to support erasure of public items because of the exception "archiving purposes in the public interest, scientific research, historical research or statistical purposes").

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              tom.desair Tom Desair
              Votes:
              2 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: