The Eclipse Foundation recently made available a new policy to make sure that our projects and hosted services are compliant with the General Data Protection Regulation (GDPR).
The Eclipse Foundation Hosted Services Privacy and Acceptable Usage Policy will provide guidance to folks who operate a virtual server or a website hosted either directly by the Eclipse Foundation or provided via the Eclipse Foundation’s funding in support of an Eclipse Foundation open source project.
We want to ensure that all such services meet the highest standards of privacy and transparency, and to ensure that any collected data is used strictly in support of the activities of its open source projects.
There are two changes that we would like to highlight. First we have updated our position on Google Analytics (GA). Projects will now be allowed to create their own GA property, provided they agree to the conditions listed in our new policy.
Secondly we are better defining the responsibilities of the projects or committers responsible for hosting a service or website with the Eclipse Foundation.
Hosted services and Eclipse Projects can adopt this new policy by creating an issue on Eclipse Bugzilla under Community > Hosted Services Privacy and Acceptable Usage Policy where they acknowledge reading and understanding the policy.
Those who wish to store Personally Identifiable Information (PII) must create and include a Data Protection Impact Assessment (DPIA) document. The DPIA must describe what kinds of PII data will be collected and their purpose. This will have to be updated as your services evolve by uploading a new version on Eclipse Bugzilla.
If a service wishes to retain PII for longer than 1 year, they must produce a Data Retention Policy (DRP) that indicates how long they plan to keep each pieces of PII data and why they need to keep them for that long.
For the complete list of requirements & conditions, please make sure to read the Eclipse Foundation Hosted Services Privacy and Acceptable Usage Policy.
Please let us know if you have any questions or concerns regarding this new policy by sending your questions to email@example.com.