Andreas Tille, a Debian Project Leader, recently sent an unexpected message to the Debian mailing lists, announcing that the project is urgently seeking new volunteers to rebuild its Data Protection Team after all current members stepped down, leaving the project without a dedicated group to handle privacy and data protection matters.
The Data Protection Team was established in 2018 in response to new European data protection legislation. Its role has been to act as a point of contact for external inquiries about what personal data the project holds and to advise Debian contributors on data protection obligations.
Additionally, the team was also responsible for drafting Debian’s public privacy policy and coordinating responses to data access and privacy-related requests.
Coincidence or not, all three team members have now resigned simultaneously. So, Tille formally revoked their delegation and thanked them for their work over the past years. With their departure, the team currently has no active members.
“The fact that all team members have stepped back at the same time should
make it clear that we urgently need new volunteers to fulfil this role.”
According to the message, despite a constructive discussion on the topic during the most recent DebConf, no new volunteers came forward. As a result, the Debian Project Leader is temporarily handling all data protection inquiries, adding to an already heavy workload.
So, Debian is now calling on contributors with an interest in privacy and data protection to step in. Potential volunteers would be expected to help maintain and improve the existing privacy policy and to work with Debian teams that process personal data, improving workflows for handling data protection requests.
The project has stressed that restoring a functioning Data Protection Team is urgent, both to meet legal obligations and to ensure that privacy-related inquiries are handled in a timely and sustainable manner.
For more information, see Tille’s message on Debian’s mailing list.
