Not logged in. · Lost password · Register
Forum: General Help and Support General Stuff RSS
GDPR Compliance?
EU General Data Protection Regulation
Avatar
StarArmy #1
Member since Nov 2011 · 74 posts
Group memberships: Members
Show profile · Link to this post
Subject: GDPR Compliance?
The EU General Data Protection Regulation takes effect on May 25, 2018. Is Dokuwiki fully compliant with the GDPR from a software standpoint?

Some things that might be good to add to Dokuwiki would be:

- A way for users to delete their own user accounts, which would make their edits anonymized
- A way for admins to remove all copies of someone's IP address(es) and/or other identifiable information
- One-click unsubscribe from notification/subscription emails
Avatar
andi (Administrator) #2
User title: splitbrain
Member since May 2006 · 3409 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by StarArmy:
The EU General Data Protection Regulation takes effect on May 25, 2018. Is Dokuwiki fully compliant with the GDPR from a software standpoint?

Who knows? That law is a clusterfuck.


Quote by StarArmy:
- A way for users to delete their own user accounts, which would make their edits anonymized

Users can delete their account from their profile. That does not remove their user names from any logs though.

Quote by StarArmy:
- A way for admins to remove all copies of someone's IP address(es) and/or other identifiable information

You can use https://www.dokuwiki.org/plugin:anonip But again, that does not clean anything after the fact.

Quote by StarArmy:
- One-click unsubscribe from notification/subscription emails

It's two click currently.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
andi (Administrator) #3
User title: splitbrain
Member since May 2006 · 3409 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
See also https://github.com/splitbrain/dokuwiki/issues/2321
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
frafu #4
Member since Jul 2012 · 9 posts
Group memberships: Members
Show profile · Link to this post
Hi,

I am trying to write the privacy agreement for a website, using your dokuwiki privacy statement of the following link as a reference.
https://www.dokuwiki.org/privacy

The website is hosted on a shared host running apache, mysql and php. It is a french hosting provider and I only have read access to the 100 most recent lines of the logs. Thus, I assume that I don't have to worry about these logs, as we do not use them.

But what about the dokuwiki logs?

- Does dokuwiki have logs from users without a login browsing the site? If so, how can I administer them?

- How can I administer the logs of the people with a login?

The site is not open for registration and only a few selected people have logins with write access. Though they can be personally contacted to get consent, they must nevertheless be told, what they are giving consent about. Thus, could you tell me what data dokuwiki is collecting?

Finally, I saw that a GDPR plugin has appeared, but that it does not work with the current release. Could you consider creating a new update release?

Thanks in advance for any help.
Avatar
frafu #5
Member since Jul 2012 · 9 posts
Group memberships: Members
Show profile · Link to this post
Maybe that a list of dokuwiki's features with an indication whether its usage involves logging could be helpful. This list could afterwards also be extended with the equivalent information for every plugin.
Avatar
andi (Administrator) #6
User title: splitbrain
Member since May 2006 · 3409 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
In reply to post #4
Quote by frafu on 2018-06-16, 16:28:
The website is hosted on a shared host running apache, mysql and php. It is a french hosting provider and I only have read access to the 100 most recent lines of the logs. Thus, I assume that I don't have to worry about these logs, as we do not use them.

It does not matter if you use them. It matters that you have access. However 100 lines only means that on a busy site you retain access to the information for seconds only.

Quote by frafu on 2018-06-16, 16:28:
- Does dokuwiki have logs from users without a login browsing the site? If so, how can I administer them?

No.

Quote by frafu on 2018-06-16, 16:28:
- How can I administer the logs of the people with a login?

Logs are created when editing only.

Quote by frafu on 2018-06-16, 16:28:
The site is not open for registration and only a few selected people have logins with write access. Though they can be personally contacted to get consent, they must nevertheless be told, what they are giving consent about. Thus, could you tell me what data dokuwiki is collecting?

You're probably overthinking this.

Quote by frafu on 2018-06-16, 16:28:
Finally, I saw that a GDPR plugin has appeared, but that it does not work with the current release.

The plugin works fine for the current stable release. Only one feature is not.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
MartinR #7
Member since Jul 2015 · 134 posts · Location: UK
Group memberships: Members
Show profile · Link to this post
There is a "logger" plugin that writes a CSV record for every access.
Avatar
frafu #8
Member since Jul 2012 · 9 posts
Group memberships: Members
Show profile · Link to this post
Thanks to both of you for the replies.

@andy

It does not matter if you use them. It matters that you have access.

I will add a few words about it to the privacy page of the site I am working on.

Thanks also for telling me explicitely that the dokuwiki core does not write logs for users that are not logged and that logs are only created when editing pages. These were the main pieces of information I was looking for.

You're probably overthinking this.

That might be right.

Have you seen my question at the bottom of your privacy page? Considering that the https://github.com/splitbrain/dokuwiki/issues/2321 thread is locked and that I did not know whether you were also watching the forum, I added a section at the bottom of your https://www.dokuwiki.org/privacy page containing my logging questions. As you replied here, do you want me to remove it again?

Finally, what about creating a page for the wiki core and the extensions to give an overview of what gets logged. For example something like this: https://www.dokuwiki.org/logging

Have a nice day.
This post was edited on 2018-06-21, 15:50 by frafu.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-04-20, 01:00:34 (UTC +02:00)