No way to set GDPR disclaimer

Hi,

Debain 10, Cells 2.0.3 CE, Rev: d3b3e96f8e95000283735af84d9e6121ccc268f6, Virgin installation.

It is not possible to set a GDPR disclaimer to comply with european law as described at: https://pydio.com/en/docs/cells/v2/disclaimer

There is no switch to activate the disclaimer: https://imgur.com/a/ldgOtc1

While i am not even sure the one time notification would suffice to satisfy the law, it should at least work as described.

Without the disclaimer every Cells installation is in violation of the current law and exposes its owner to harsh punishment.

Please clarify.

Hello, @deadcode and welcome in our community.

The custom disclaimer is an Enterprise Only feature.

We received feedback recently about the missing “Tag” in our doc and we spent some time last week to insure that the Enterprise Only features are correctly identified in the Doc.
The update will come together with the 2.0.4 release that should be out next week, #documentationIsAlsoCode.

The Home Distribution is meant to share pictures or documents with your friends and family, so you are on the safe side of the law, so:

I don’t think so, GDPR is about gathering, storage and treatment of personal data like: Name, Photo, Email address, Social media posts, Personal medical information, IP addresses, Bank details…
None of these are required to have a user account in one of the instance, and only the IP address of the end user will appear in some logs. If you clean your log regularly, you then have none of the sensitive info.

That said, if you installed the Home Edition for your business and use it to provide services to end users / clients you are already most probably infringing the law due to the quite restrictive AGPL license, so…

Hi @bsinou,

thank you for your reply and the welcome.

The GDPR is by no means only about the collection and retention of the mentioned data. It is an extensive and strict set of regulations relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data (sic)

To boil it down to 1 sentences: As soon as you offer a service via HTTP, you must inform the visitor about his rights, exactly what information is gathered (IP, timestamp, referer… etc), how it is processed and who he needs to talk to if he/she has issues.

It is by no means sufficient to clean logs regularly!

Cheers and good luck from a fellow dev.