Dear Eclipse Project Leads,
As you may know, a new EU regulation referred to as the General Data Protection Regulation (GDPR), which covers data protection and privacy for all individuals within the European Union, becomes enforceable on May 25th, 2018.
The Eclipse Foundation is taking this new regulation very seriously and we are taking the necessary steps to make sure that we are compliant before the GDPR deadline.
We are writing to inform you of the steps that are relevant to you, and to seek your support in ensuring all of the Foundation’s web properties, including project websites, are in conformance. We understand the timelines associated with
this conformance are tight, and appreciate your prompt actions. As you can imagine, this is a major undertaking for the Foundation - your prompt attention to ensure the appropriate steps are taken by your project are appreciated.
Project Website Audits and Required Updates
We plan on auditing every Eclipse project website for compliance. This includes web properties and applications hosted on Foundation-provided resources, such as project virtual servers. If an application or site is not compliant, effective
May 24th, we will be forced to disable the website and redirect traffic to their respective PMI project page.
Once disabled, a project site will need to demonstrate to the Eclipse Foundation that its site is compliant before it can be re-enabled. This can be done by opening a bug and requesting a review from the IT Services team.
The Eclipse Foundation is planning to include GDPR-compliant features in our Quicksilver theme, for example the Quicksilver theme will include a new website privacy policy popup.
While we may identify additional requirements in the following weeks, at a minimum our audit will include confirming a project website fulfills the following requirements:
-
All project web pages must include a footer that prominently links back to key pages, and a copyright notice. The following minimal set of links must also be included on the footer for all pages in the official project website:
-
Main Eclipse Foundation website (http://www.eclipse.org);
-
Privacy policy (http://www.eclipse.org/legal/privacy.php);
-
Website terms of use (http://www.eclipse.org/legal/termsofuse.php);
-
Copyright agent (http://www.eclipse.org/legal/copyright.php); and
-
Legal (http://www.eclipse.org/legal).
-
Approved Eclipse logos are available on the Eclipse Logos and Artwork page:
https://eclipse.org/artwork/
-
A user must be requested to give their consent, and explicit consent must be given by the user before a project website can start using cookies. This requirement also includes cookies used by 3rd party services such as, but not limited to: Google Analytics,
Google Tag Manager, and social media widgets.
-
Project websites must not collect and/or store and/or display personal information.
-
Project websites using 3rd party services such as, but not limited to, google analytics must be explicit about which company or companies have access to the data collected. For example, the project website must identify on their website the individuals or organizations
who have access to google analytics data.
Feel free to post questions, feedback or concerns on this bug as we work together to protect the personal information of our users!
Christopher Guindon
Lead Web Developer
Eclipse Foundation
Twitter: @chrisguindon