On Oct 11 06:22, Jean F. Quéralt (JFQueralt@theiofoundation.org) wrote:
*Well, yes, although as they are only software, their GDPR compliancewould depend on the installation and setup. That is, if we host themourselves we'd have to take care of GDPR requirements by ourselves.Which is not quite trivial, however well the software supports them.There're also other regulations and directives and also non-EU laws that'd have to be considered.*
Agree. Would you have a list of those so we keep them in mind?
No. But some obvious ones would be the ePrivacy directive (and even more so the regulation when and if they get it done), possibly some of the new D*A directives, CCPA (in California)... But even with just GDPR it wouldn't be trivial.
As long as we don't claim ICANN endorsement we can do pretty much anything we want in social media. In some instances we might need to have an explicit disclaimer somewhere to make it clear, that's it.
Noted and makes sense. Maybe NPOC could have a standard statement for it and determine (and document) when it needs to be used?
I don't know. Curiously, NCUC's website has one that looks like it's been dictated by ICANN Legal, but I don't see one at npoc.org. Anyway, this is what NCUC's looks like: "This website is sponsored and operated by the Noncommercial Users Constituency (NCUC). This is not a website supported or operated by the Internet Corporation for Assigned Names & Numbers (ICANN)." Looks good enough to copy (replacing NCUC with NPOC, of course).
*Yes. CiviCRM. But there's no technical reason why it could not be usedby NPOC as well. It could be configured so that NPOC EC (or whoeverNPOC delegates to the task) can only see and handle NPOC members there.*
If they are open to that then indeed.
"They" is actually us, or at least 40% of them as it were: NCSG EC is comprised of two NCUC and two NPOC representatives (me and Caleb) and the Chair (who presently doesn't belong to either, just NCSG). So I dare they NCSG EC would be open to discussing it at least. But of course it would be a question of who would do what and at what cost. I'm not up to date on the situation with CiviCRM there, but last I heard there was a paid support agreement, and using them to do this kind of thing would obviously cost money which NCSG may have better uses for. So it might not be all that easy regardless of any, er, political will. But an option worth investigating. Perhaps NCUC could see use for similar tools for themselves, too.
I am not acquainted with CiviCRM at admin level so I don't believe I could help on this.
You could learn. :-)
*No conflict *if* we undertake to maintain and manage them ourselves without any support from ICANN staff. Given that we can't even manageour regular mailing lists on our own, they're hosted at ICANN's Mailman (unlike NCUC and NCSG's) and administered by ICANN secretaries, I'm not sure we'd be wise to commit to that.*
The idea would be to have some time of balance between "what ICANN enforces" and "what NPOC needs to do".
ICANN *enforces* very little. They only put conditions on their support. Which admittedly may amount to the same thing, given that NPOC doesn't have much money of its own (as far as I know).
(In other words, NPOC should make sure to remain independent by hosting its own products and under its own licensing control.)
Yeah. NCUC does that, sort of, with their own VPS. They still rely on ICANN staff (Andrea and Brenda, I believe) for managing them. NCSG's situation is more complex, but most of NCSG's mailing stuff, in particular mailing lists are hosted outside ICANN, too.
*And maybe start by considering how easy it'd be to take overour own mailing lists, so that we could at least update themourselves even when ICANN staff is on vacation.*
Is there an ICANN regulation here that would stop NPOC from doing so?
I seem to recall ICANN didn't want to give administration rights to mailing lists it hosts to anybody but their staff. That might be worth confirming, perhaps it could be negotiated. But even if they did, there's the consideration that led NCSG and NCUC avoid ICANN-hosted lists: the threat that ICANN might censor them. There was some discussion about that way back: ICANN implied that they might have to filter some messages that might have legal implications, as ICANN could then be held liable.
Yes, my position is that we need to find ways for NPOC to handle these things.
It would be nice, yes. But perhaps not so easy.
*Also, we'd need to consider long-term maintenance. I'm pretty surewe won't have enough volunteers within NPOC membership to manage any of these for long. I'd love to be proven wrong there, though.*
This is a forever problem that we need to address indeed. For the time being I can take care of the stuff we implement and thus to not over saturate me we would establish an implementation timeline and take it one step at a time.
Depending on any single individual is not really sustainable.
*How many people do we have who think they both technically could todo this kind of thing and would be able and willing to commit timeto do it for several years to come?*
We do need to answer that and maybe that's something members can take care of (to offload EC - and obviously depending on which tasks according to privacy, etc.).
Maybe.
*Otherwise, we'd have to consider commercial support. We might beable to get funding for that from ICANN, but we'd need a pretty good idea of the availability and cost of such support.*
Pay me!!
Paying you won't make it any easier if you're still just one man. If you have a company with several employees doing such support it'd be different.
*Either way, such a project would require considerable amount of time and commitment from NPOC ExCom, too.*
How so?
Mostly all these would be tools for the ExCom to use. They'd have to be involved in their setup and customization, be trained in their use &c. At least you'd need one EC member closely involved in the process.
If we decide to move forward a sensible timeline would something along this lines (with the info I have so far):
While your timeline looked reasonable I cut it off because I think it's a bit too early to do that. First thing I'd want is to have a team of people to manage the process. Including at least one, preferably two from the EC, to oversee it and also to act as a guinea pig as it were, trying things out to see if they'd work for the EC &c, and more than one person actually doing the thing (it should not be just you). Someone should also liaise with NCSG and NCUC. But of course I'm not in a position to decide anything, I'm just commenting from the side. Decisions are up to the EC to make. -- Tapani Tarvainen