[Bug 1779956] Re: GDPR Compliance

RXCE 1779956 at bugs.launchpad.net
Tue Jul 3 23:15:06 UTC 2018 

Thank you for your response,

While it is indeed correct and true that Ubuntu's configuration does
comply, this is more of a legal/policy bug than a technical one.

As the GDPR emphasizes privacy by design, how can Ubuntu ensure ongoing
compliance if its distro is built upon a project that neglects privacy
and seems to do what it wants?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1779956

Title:
  GDPR Compliance

Status in systemd:
  Unknown
Status in systemd package in Ubuntu:
  Invalid

Bug description:
  The systemd project is experimenting and working with various ideas
  that have privacy ramifications. This includes the work in systemd-
  resolved and systemd-timesyncd that creates a possibility for
  disclosure of personal information to Google or similar providers
  through default code paths. The data remitted such as client IP
  addresses, subdomains containing usernames or unique IDs, banking
  domains and similar data may be considered personal data under the
  GDPR and other EU law.

  These components are currently in a state where it is legally dubious
  whether they comply or can be made to comply. In particular, systemd's
  default configuration unless otherwise configured and compiled
  discloses personal information to Google without consent or methods to
  withdraw consent and without plain-language privacy policy. This
  design overall is considered flawed by the GDPR.

  I had reported this concern upstream as it impacts all distributions,
  but the systemd project has shown disinterest in working on "privacy
  by design" and making their work compliant. This lack of concern and
  future work by the systemd project may interfere with distributions'
  efforts to make their distributions compliant.

  As such, this work upstream and future work by upstream may interfere
  with any compliance efforts by Ubuntu to ensure compliance with the
  GDPR as systemd cannot be relied upon as "compliant out of the box"
  software.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1779956/+subscriptions

More information about the foundations-bugs mailing list