From 493bb062afb1eef49c9282cc1162e72a022f2ff1 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Mon, 5 Aug 2019 09:50:24 +0100 Subject: [PATCH] MSC2197: update with privacy perspective Includes recommendations for client developers. Signed-off-by: Olivier Wilkinson (reivilibre) --- ...search_filter_in_federation_publicrooms.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/proposals/2197-search_filter_in_federation_publicrooms.md b/proposals/2197-search_filter_in_federation_publicrooms.md index 04413c869..bc1a74a93 100644 --- a/proposals/2197-search_filter_in_federation_publicrooms.md +++ b/proposals/2197-search_filter_in_federation_publicrooms.md @@ -119,8 +119,23 @@ up sharing the client's search terms with a remote homeserver, which may not be operated by the same party or even trusted. For example, users' search terms could be logged. -It is uncertain, to the author of this MSC, what implications this has with -regards to legislation, such as GDPR. +The privacy implications of this proposal are not overly major, as the data +that's being shared is [\[1\]][1]: + +- only covered by GDPR if: + - the search terms contain personal data, or + - the user's homeserver IP address is uniquely identifying (because it's a + single-person homeserver, perhaps) +- likely to be *expected* to be shared with the remote homeserver + +[1]: https://github.com/matrix-org/matrix-doc/pull/2197#issuecomment-517641751 + +For the sake of clarity, clients SHOULD display a warning that a remote search +will take the user's data outside the jurisdiction of their own homeserver, +before using the `server` parameter of the Client-Server API `/publicRooms`, as +it can be assumed that this will lead to the server invoking the Federation +API's `/publicRooms` – on the specified remote server – with the user's search +terms. ## Conclusion