Bug 496271

Summary: KDE not respecting EU GDPR regulation!
Product: [Websites] discuss.kde.org Reporter: Marcus Johansson <marcus.typ.johansson>
Component: GeneralAssignee: KDE Forum Administrators <forum-admin>
Status: RESOLVED WORKSFORME    
Severity: critical CC: bcooksley, kde-www, kdedev, marcus.typ.johansson, nate, sysadmin
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: All   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Marcus Johansson 2024-11-14 17:02:20 UTC 
KDE has removed the ability to request a GDPR removal for specific users within EU, this is not in compliance with EU regulations.

This has to be acknowledged and acted upon IMMEDIATELY.

Failing to do so puts you in huge risk of being fined for not complying to EU GDPR regulation.

Respond and take action IMMEDIATELY!
Comment 1 Nate Graham 2024-11-14 17:08:47 UTC 
What specifically are you saying we removed, and where are you saying we removed it from? I'm not familiar with what you're talking about. To my knowledge you're free to contact sysadmin@kde.org and request full removal. Please clarify, thanks.
Comment 2 Ben Cooksley 2024-11-14 17:48:14 UTC 
Account removal requests are actioned in line with our privacy policy at https://kde.org/privacypolicy/ (see heading GDPR Requests at the bottom).

There is nothing to correct here because we are compliant - the legislation does not require you offer a self-service capability, merely that you remove data when requested.
Comment 3 Marcus Johansson 2024-11-14 20:21:36 UTC 
Questions have been sent to info@kde.org without response and there was no indication that email is not in use, no automated response or anything.
Subsequent questions and request will be directed to sysadmin@kde.org

This page: https://phabricator.kde.org/maniphest/task/edit/form/2/ that is linked to in https://kde.org/privacypolicy/ requires a login.

But we now have more information to go on and will look into how to proceed.
Comment 4 Nate Graham 2024-11-14 21:30:37 UTC 
Out of curiosity, where did you see information indicating that info@kde.org would be a good email address to send questions to?
Comment 5 Marcus Johansson 2024-11-14 23:08:51 UTC 
(In reply to Nate Graham from comment #4)
> Out of curiosity, where did you see information indicating that info@kde.org
> would be a good email address to send questions to?

Generic email address.
We thought it was used like on a lot of other organizations. Or we thought it would return a "this email is not in use" from KDE in response if it was not.

https://www.coldlytics.com/glossary/generic-email-address
https://blog.warmy.io/blog/generic-vs-role-based-email-addresses-exploring-the-benefits-and-drawbacks/
https://blog.mystrika.com/generic-role-based-email-addresses/
https://www.linkedin.com/pulse/comparing-generic-role-based-email-addresses-advantages-challenges-p4z5f
Comment 6 Nate Graham 2024-11-14 23:17:37 UTC 
Ok. So, just to make sure I understand the situation, you sent an email to an address that was not documented anywhere but that you assumed existed, and when you didn't get a response to the email, you assumed that the people who you had expected to respond were breaking the law. Do I have that right?
Comment 7 Marcus Johansson 2024-11-14 23:35:00 UTC 
(In reply to Nate Graham from comment #6)
> Ok. So, just to make sure I understand the situation, you sent an email to
> an address that was not documented anywhere but that you assumed existed,
> and when you didn't get a response to the email, you assumed that the people
> who you had expected to respond were breaking the law. Do I have that right?

No, you are completely missing what happened, and for both our, his, yours and KDE's sake, we choose to not say more.
You are free to personally contact this email if you want further information.

As far as we are concerned, we got the answers we needed from here.
We are not after to hurt anybody, only closure.