Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-project-leadership] General Data Protection Regulation(GDPR) at Eclipse Foundation 
> Project sites who are not using the Quicksilver theme will need to make 
sure that their website is fully compliant with the GDPR (
http://ec.europa.eu/justice/smedataprotect/index_en.htm).
> While we may identify additional requirements in the following weeks, at 
a minimum our audit will include confirming a project website fulfills the 
following requirements:

Will you also check whether the Quicksilver theme is used and report it?

Dani



From:   Christopher Guindon <chris.guindon@xxxxxxxxxxxxxxxxxxxxxx>
To:     eclipse.org-project-leadership@xxxxxxxxxxx
Date:   04.05.2018 22:43
Subject:        [eclipse.org-project-leadership] General Data Protection 
Regulation      (GDPR) at Eclipse Foundation
Sent by:        eclipse.org-project-leadership-bounces@xxxxxxxxxxx



Dear Eclipse Project Leads,

As you may know, a new EU regulation referred to as the General Data 
Protection Regulation (GDPR), which covers data protection and privacy for 
all individuals within the European Union, becomes enforceable on May 
25th, 2018.

The Eclipse Foundation is taking this new regulation very seriously and we 
are taking the necessary steps to make sure that we are compliant before 
the GDPR deadline.

We are writing to inform you of the steps that are relevant to you, and to 
seek your support in ensuring all of the Foundation?s web properties, 
including project websites, are in conformance.  We understand the 
timelines associated with this conformance are tight, and appreciate your 
prompt actions.  As you can imagine, this is a major undertaking for the 
Foundation - your prompt attention to ensure the appropriate steps are 
taken by your project are appreciated. 

Project Website Audits and Required Updates

We plan on auditing every Eclipse project website for compliance. This 
includes web properties and applications hosted on Foundation-provided 
resources, such as project virtual servers. If an application or site is 
not compliant, effective May 24th, we will be forced to disable the 
website and redirect traffic to their respective PMI project page.
 
Once disabled, a project site will need to demonstrate to the Eclipse 
Foundation that its site is compliant before it can be re-enabled. This 
can be done by opening a bug and requesting a review from the IT Services 
team.

The Eclipse Foundation is planning to include GDPR-compliant features in 
our Quicksilver theme, for example the Quicksilver theme will include a 
new website privacy policy popup. 

Project sites who are not using the Quicksilver theme will need to make 
sure that their website is fully compliant with the GDPR (
http://ec.europa.eu/justice/smedataprotect/index_en.htm).

While we may identify additional requirements in the following weeks, at a 
minimum our audit will include confirming a project website fulfills the 
following requirements:
1.      All project web pages must include a footer that prominently links 
back to key pages, and a copyright notice.  The following minimal set of 
links must also be included on the footer for all pages in the official 
project website:
1.      Main Eclipse Foundation website (http://www.eclipse.org);
2.      Privacy policy (http://www.eclipse.org/legal/privacy.php);
3.      Website terms of use (http://www.eclipse.org/legal/termsofuse.php
);
4.      Copyright agent (http://www.eclipse.org/legal/copyright.php); and
5.      Legal (http://www.eclipse.org/legal).
2.      Approved Eclipse logos are available on the Eclipse Logos and 
Artwork page: https://eclipse.org/artwork/
3.      A user must be requested to give their consent, and explicit 
consent must be given by the user before a project website can start using 
cookies. This requirement also includes cookies used by 3rd party services 
such as, but not limited to: Google Analytics, Google Tag Manager, and 
social media widgets. 
4.      Project websites must not collect and/or store and/or display 
personal information.
5.      Project websites using 3rd party services such as, but not limited 
to, google analytics must be explicit about which company or companies 
have access to the data collected. For example, the project website must 
identify on their website the individuals or organizations who have access 
to google analytics data.
We are currently using Bug 534384 - The General Data Protection Regulation 
(GDPR) at the Eclipse Foundation 
https://bugs.eclipse.org/bugs/show_bug.cgi?id=534384 to define action 
items that we must do before the GDPR deadline!

Feel free to post questions, feedback or concerns on this bug as we work 
together to protect the personal information of our users!

-- 
Christopher Guindon
Lead Web Developer
Eclipse Foundation
Twitter: @chrisguindon
_______________________________________________
eclipse.org-project-leadership mailing list
eclipse.org-project-leadership@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-project-leadership


IMPORTANT: Membership in this list is generated by processes internal to 
the Eclipse Foundation.  To be permanently removed from this list, you 
must contact emo@xxxxxxxxxxx to request removal.

Back to the top