Hacker News new | comments | ask | show | jobs | submit login

> If you’re posting users information to a public repo

Like their name and email address in every commit they submit?

I've already seen a notice from GitLab requiring me to consent to waive my rights to have that info deleted if, e.g. I were to contribute to the GitLab open source project. But I'm not sure that that's even enough for GDPR.

The waiver is only one aspect of it. Waiver only applies when consent is required. Article 6 of GDPR also allows for the use of personal information when "processing is necessary for the performance of a contract to which the data subject is party..." Consent is not required when it is a necessary part of performance under a contract. GitLab's updated terms state that as part of the agreement to voluntarily contribute to GitLab projects, contributors acknowledge and agree that their personal information will become part of the repository as part of the Git functionality. Therefore, their personal information will not be deleted and will remain in the repository so as not to impact the code base. This only applies to those who contribute to GitLab projects. This does not apply to general use of the software. There is still much that is unclear regarding GDPR but we are doing our best to comply and protect individuals' privacy. An important function of this waiver and acknowledgement is to provide transparency to our contributors. If an individual does not want their information to be maintained, they have the option not to contribute.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact