Andreas Tille, a Debian Project Leader, recently sent an unexpected message to the Debian mailing lists, announcing that the project is urgently seeking new volunteers to rebuild its Data Protection Team after all current members stepped down, leaving the project without a dedicated group to handle privacy and data protection matters.
The Data Protection Team was established in 2018 in response to new European data protection legislation. Its role has been to act as a point of contact for external inquiries about what personal data the project holds and to advise Debian contributors on data protection obligations.
Additionally, the team was also responsible for drafting Debian’s public privacy policy and coordinating responses to data access and privacy-related requests.
Coincidence or not, all three team members have now resigned simultaneously. So, Tille formally revoked their delegation and thanked them for their work over the past years. With their departure, the team currently has no active members.
“The fact that all team members have stepped back at the same time should
make it clear that we urgently need new volunteers to fulfil this role.”
According to the message, despite a constructive discussion on the topic during the most recent DebConf, no new volunteers came forward. As a result, the Debian Project Leader is temporarily handling all data protection inquiries, adding to an already heavy workload.
So, Debian is now calling on contributors with an interest in privacy and data protection to step in. Potential volunteers would be expected to help maintain and improve the existing privacy policy and to work with Debian teams that process personal data, improving workflows for handling data protection requests.
The project has stressed that restoring a functioning Data Protection Team is urgent, both to meet legal obligations and to ensure that privacy-related inquiries are handled in a timely and sustainable manner.
For more information, see Tille’s message on Debian’s mailing list.
BUT, all three resign at once? There’s a story to be told there.
For instance, they have to collect some data according to each country’s law, even if they do not have any usage themselves.
Like phone operator they have a time frame and specific rules forcing them to collect and store some data.
what data? I have no idea what data they would even collect? I do not know of any laws that require debian to collect ip address or any other data on people and a lot of linux users only use linux to not share data.
what data is debian even collecting that would require a team of volunteers to comply with laws? They should vow to collect no data on any users and there would not be much required of them. I would never provide debian or any other distro any of my personal info.
This is simply an obligation in response to laws, collecting data or not, everyone needs them. There is no need to make a mountain out of a molehill.
Laws are laws, to expect Debian to break the law is not realistic.