Privacy Policy / GDPR - developer notes

Development
1

Continuing the discussion from Foreman Privacy Policy created:

Now that we have a privacy policy and GDPR is a thing, I wanted to make a point that is relevant to the development community.

GDPR is not a one-and-done, now-you-have-the-badge, thing. We need to maintain the policy, and also ensure we’re all practising Privacy by Design in our work. For Foreman itself, this isn’t a huge deal (since it’s self-hosted, we don’t see the data anyway), but if you’re proposing (or directly making) changes to our infrastructure then you need to keep this in mind. Obviously if you spot something existing that we missed in v1, flag that too :slight_smile:

If you have any doubts about a change, get in touch with me - I’m no lawyer, but I’ve been studying this for a while, and I try to keep up with the state of tech policy. Thanks!

2 Likes
2

Oh that explains why the text reads like it was written by a lawyer… :smiley:

3

I’m taking that as an insult :smiley:

Seriously though, there’s way too much legalese on these privacy notices. Article 12.1 of the GDPR requires you to use “concise, transparent, intelligible and easily accessible form, using clear and plain language” - I would argue many of these privacy notices don’t meet that. I’ve tried hard to keep it clear where I can.

1 Like