Lets re-open a new can of worms, before it blows up from pressure, as this will become in force in
May 25th 2018:
This little thing will be coming up soon here in Europe:
Note that while the video words “Companies”, but the article it self is worded for “Hosts” and “Users” using the terms “Controllers” and “Processors”, and not just companies: where Controllers decide what to do with the data, and Processors doing something with the data.
So technically, anyone running a High Fidelity Sandbox, is a “Controller,” as they have data on who connects to their service. Basically if you are online and have EU users, or if you are located in EU this applies to you; and since this is the Internet it pretty much applies to anyone.
Specifically Take-aways which will impact High Fidelity Platform, and Anyone hosting a Sandbox:
- Identifiers, from dynamic and static IP Address, UDIDs/MACs are now to be considered Personal Data. If bundled with personal info
- Encourages Pseudoanonymization of Data
- Data Breaches must be notified within 72h(?).
- Individual Rights are improved: Users must have the right to be forgotten; consent must be unambiguous, access / objection rights.
- Right of Portability: Data must be available to be portable between similar services.
- Applies to goods and services available to EU residents ( including free ) and for services from EU for any other resident in the world.
This unfortunately means that any domain host who doesn’t block EU residents of High Fidelity must adhere to the GDPR and held Accountable for their server security and the above and may not always know if they been compromised or not.
Note however @Ron.Khondji pointed out:
This Directive applies to data processed by automated means (e.g. a computer database of customers) and data contained in or intended to be part of non automated filing systems (traditional paper files). It does not apply to the processing of data: - by a natural person in the course of purely personal or household activities;
So anyone doign commercial stuff through a high fidelity sandbox needs to pay attention. So should there be a method to mitigate any issues by having everyone as a service provider by making sure that by default servers don’t store ip addresses and usernames in logs, and only relies on the information in memory and make sure even if breached no information regarding to service users is available.
Specifically the following information will need to be pseudonymized:
- IP Addresses via domain-server logs
- Usernames via domain-server logs
- Access Rights (IP, Usernames, MAC, fingerprints)
- Avatar urls via avatar mixer logs
Any of the above combined could technically be used to “identify” users in other services / cross domains (identifiable with the service is fine from what I’ve read).
I think we could go around this by having a generated unique secret key of the domain (or the sessionuuid) and hashing any identifiable information to create pseudo-anonymous identifiers that are only unique for that server, and logging these instead. Something like to how the fingerprints work currently.
This doesn’t stop users from building their own servers where they log all the info they want, but they would then be responsible for that info, but it will at-least make it less of a hassle for average user that plops up a sandbox server from their PC, to not have to worry about any GDPR issues.
This way, even in the case of a breach, there is no way to identify users as there is no “personal data” available at all.
This however does not solve the issue of pseudo-identifying users to:
- belong to a group
- to be an adult
- Wallet ID
And then there is the massive question for High Fidelity Inc:
High Fidelity ICE for Sandbox Address resolution, which escentially requires store and know ip addresses of all sandboxes that are configured to connect to it. Infact, I think running a sandbox that connects to this needs to ask explicit consent from the users running that it will connect to it to map ones IP address to a pseudo-name used for the address system.