We are the good guys – aren’t we? Privacy Experience in Plone and other Open Source CMS
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 53 | |
| Author | ||
| License | CC Attribution 3.0 Germany: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/54833 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
Plone Conference 20181 / 53
2
3
11
12
13
16
19
20
21
24
34
35
37
38
39
40
42
50
52
00:00
Kolmogorov complexityCountingPlane (geometry)Information privacyInteractive televisionPoint (geometry)Presentation of a groupLine (geometry)CodeFreewareInformation privacyLecture/ConferenceComputer animation
00:43
MereologyInformation privacyElectronic data interchangeNumberNormed vector spaceConvex hullAnalytic setEquals signLink (knot theory)Metric systemUsabilityPersonal identification number (Denmark)Information privacyNumberEuler anglesProduct (business)Dimensional analysisConnectivity (graph theory)Basis <Mathematik>FacebookMereologyFlow separationCartesian coordinate systemSinc functionRight angleWebsiteAnalytic setInsertion lossInformation securityProjective planeXML
04:07
Information privacyTablet computerAddress spaceInternet forumDifferent (Kate Ryan album)NP-hardNormed vector spaceInternetworkingRight angleMiniDiscConvex hullWechselseitige InformationExecution unitProgrammable read-only memoryWeb 2.0Different (Kate Ryan album)NP-hardRight angleLetterpress printingDirection (geometry)TwitterRegulator geneBasis <Mathematik>Multiplication signLevel (video gaming)HypermediaView (database)DialectFacebookPhysical lawInsertion lossInformation privacyGraph (mathematics)Service (economics)Internet service providerSemiconductor memoryStandard deviationMereologyInternetworkingImage resolutionGoodness of fitTime zoneGraph coloringSoftware bug
10:35
Open source1 (number)SynchronizationDistribution (mathematics)Information privacyStandard deviationInformation privacyCASE <Informatik>Dependent and independent variablesCodeUniverse (mathematics)Open sourceSoftwareStandard deviationStatisticsWebsiteDifferent (Kate Ryan album)Differential (mechanical device)Power (physics)Level (video gaming)Web 2.0Perspective (visual)MereologyMultiplication signLecture/Conference
13:05
Open sourceInformation privacyChainRandom numberPrincipal idealMIDIThomas KuhnMaxima and minimaComputer wormVacuumCore dumpCodeSoftware developerSystem administratorSoftwarePlug-in (computing)Term (mathematics)Condition numberSoftware frameworkOpen sourcePoint (geometry)Universe (mathematics)View (database)Letterpress printingInformation privacyCodeRight angleCore dumpPlug-in (computing)CollaborationismSpacetimeStandard deviationPairwise comparisonSuite (music)Flow separationPhysical systemRevision controlWebsiteExtension (kinesiology)Link (knot theory)Functional (mathematics)Projective planeFundamental theorem of algebraWeb pageProduct (business)Software developerGoodness of fit
19:36
Information privacyUniqueness quantificationPlane (geometry)Execution unitMIDICore dumpPrincipal idealProduct (business)Information privacyHTTP cookieSet (mathematics)Public key certificateDefault (computer science)Message passingInformation securityMultiplication signInternet service providerStandard deviationSoftware developerMereologyInternet forumWordCodeCore dumpFreewareWebsiteSheaf (mathematics)Single-precision floating-point formatGoogolBitRule of inferenceProjective planeProcess (computing)Flow separationWeb pageBoom (sailing)Plug-in (computing)Different (Kate Ryan album)Level (video gaming)ResultantComputer animation
26:03
Reading (process)Information privacyTelecommunicationStatement (computer science)Sign (mathematics)Open sourcePosition operatorOpen setContent management systemSoftware frameworkTelecommunicationStatement (computer science)SpacetimeDifferential (mechanical device)Physical systemUniverse (mathematics)Canadian Mathematical SocietyView (database)Self-organizationForcing (mathematics)Direction (geometry)Information securityFile formatInformation privacyMereologyContext awarenessMultiplication signLattice (order)Revision controlDifferent (Kate Ryan album)Constraint (mathematics)Point (geometry)WebsiteField (computer science)PlanningComputer animation
32:30
Kolmogorov complexityFeedbackCore dumpStatement (computer science)BitPlug-in (computing)WebsiteProcess (computing)MereologyQuicksortPhysical systemData storage deviceDeclarative programmingPower (physics)Information privacyDatabaseFunctional (mathematics)Multiplication signUniverse (mathematics)Perspective (visual)IdentifiabilityLatent heatInformation securityForm (programming)InformationCloningRight angleHeat transferLine (geometry)Software developerBackupGraph (mathematics)Revision controlObject (grammar)Content (media)Ocean currentNatural numberPlanningFile archiverFrequencyDialectGoodness of fitLecture/Conference
Transcript: English(auto-generated)
00:00
I'm Cologne, Germany, from Interactive. And this would be normally the point in my presentation where I give some advertising, how great we are, what great things we do. But I will spare you that. And so it's an ad-free presentation, and also code-free presentation, no line of codes to see.
00:22
And it's my very first talk at the Plone Conference. So thank you very much for being patient with me. OK, so before I jump in the subject of privacy experience with Plone, I would like to address the question why privacy actually matters.
00:44
And my very first answer to this question would be that it's an important part of user experience. When we talk about user experience, normally we talk or we think about usability in the first place. How usable are our products, our websites,
01:02
our applications for the user? How is the ease of use of our website? But of course, there's a lot more to user experience. User experience, it's about the emotional emotions and about the attitudes of a user towards our product.
01:23
So there are a lot more dimensions to user experience than just usability. And in my opinion, privacy and privacy experience is one of the major components of user experience. There's also, of course, performance, design, security,
01:43
and a lot more aspects to user experience. But today, I want to concentrate on the privacy experience. So my talk is mainly about user experience. It's not about legal stuff.
02:01
And that's normally in my projects. It's what interests me. How can I keep my user happy? Or how can I make my user happy? And in the same sense, if I make my user happy, normally my business metrics are happy. So normally in projects, that is our business metrics.
02:20
Our major goal to have a happy user. OK, so users care about user experience. They care about privacy, sometimes more, sometimes less. And for sure, right now, they don't get around the topic
02:41
since big style data breaches appear almost every day in the news. Stories of data breaches reaches on a regular basis. And those are just some numbers of recent data breaches with huge numbers.
03:04
The most recent one, for sure, is the Facebook scandal where 50 million accounts were compromised. We had the Facebook Cambridge Analytica scandal, which resulted in a loss for Facebook of over $130 billion
03:23
in market value. And we also all remember probably the Yahoo scandal or the several Yahoo scandals with compromised data. Or also just one example from last year, from 2017,
03:41
the Equifax data breach with huge numbers of data released to the public or compromised. Just if you see, over 146 million people's name and social security numbers and so on were compromised. So more than half of all Americans
04:03
were affected by those data breaches. And privacy as a subject is now, of course, a global trend. Talk about privacy. It's not, I mean, I'm from Germany. I'm from Europe.
04:21
And 2018 was for sure a year where privacy came into our mind and into our discussions every day, basically, with the new GDPR regulations from the European Union. But after all, it's a global trend.
04:42
I just found this map. It's about privacy regulations worldwide. And the colors represent how heavily those parts of the world are regulated. Red is heavily regulated. This orange tone is still robust. And then yellow and green are parts of the world
05:03
where regulations are not as strong. And you see that many parts of the world are already heavily regulated. And as I said, Europe for Europe 2018 was a major step with the new GDPR.
05:22
And I think many people here are from Europe. So I don't need to go into legal details of that. Maybe who's from Europe here? Yeah, so. Most of you know what I'm talking about. Who's from North America? OK, still a few people.
05:42
And Canada, for example, is one place where they also had recent amendments to their privacy policy and some advancements in their legislation. And also, in the United States, it's becoming more and more a subject of everyday discussions.
06:04
But also here in Japan, we have regulations now, amendments to existing regulations from 2017, which gave a pretty good privacy standard on the web or for online users. Also in Australia, it's pretty good.
06:21
So in Europe, it reminded me kind of the year 2000 bug. We didn't talk about anything else anymore. Say, starting in March or April 2018, all companies had to deal with GDPR.
06:43
And there were a lot of jokes about it. And yeah, you could only take it as a joke, I think, because it was really everybody you talk to, it was GDPR all over the place. But finally, I had this feeling,
07:04
so I couldn't hear it anymore. But the year 2000 bug, the problem that went away, like the year 2000 passed, and now it's just in our memory that something happened. But that's, of course, different with privacy issues.
07:22
The regulations stay, and also the topic is still a modern topic, and we have to take care about it. So there are different approaches to the privacy experience, to the privacy issue around the world, not only on a legal level,
07:44
but also on a cultural level. And I just pointed out some here in this graph, some sliders, and you can think about your country or your region of the world where you belong. For example, do you have an opt-in culture
08:01
or rather an opt-out culture? The personal data ownership, is it more the individual, the person, does the data belong to the person? Or is it more that data belongs to the service provider? Or is, in your country, is privacy regulated, rather,
08:21
through hard law, through regulations? Or is it more soft law? Is privacy actually, does it have its own regulations as a matter of law itself? Or is it just part of other laws, of commerce laws or whatever, copyright laws or something? Is privacy decentralized or centralized?
08:44
Or what's the culture in your country? Do you trust more the government to protect you from data breaches? Or is it more a trust in businesses? And if you put all those sliders more to the right side or completely to the right side,
09:01
you would probably have an American view of privacy if you put all the sliders to the left side, you would probably have a more European view of the privacy issue. And other regions of the world might slide from the left to the right.
09:21
So, talking about the United States, to give you an example, what changed in the culture or in the view of privacy, it started, or it didn't start, but the Facebook scandal was for sure one major blow where people saw, okay, something is wrong and we have to address the issue
09:43
even on a legal basis. And some people in Congress said, Wild West times in social media are over now and we have to regulate it. So, for example, if Democrats take over the house today,
10:01
I guess it would be, they want to introduce a new Internet Bill of Rights. And you don't have to read the fine print here, it's just the idea that they really made up a legislation proposal now which looks a lot like the European approach.
10:21
In some parts it's different, but still the direction, the way they want to protect online users, it's more or less the direction the Europeans went. So, the question is, we have all different approaches
10:42
to privacy on a cultural level, on a legal level, and what follows for us as an open source, as a global open source community. And I think problems could arise because we structure our work with different cultural approaches.
11:01
We write code with a different legal background from our country and we assume that everyone we code with works in the same way we do, but probably it's not the case. And in the same time, I think we have a huge responsibility because we power a large part
11:23
of the open web, depending on what statistics you look at. This is just done with build with, you see that between 50 and 70% of all websites are powered with open source solutions with WordPress, Joomla, Drupal, Plone, and so on.
11:45
So, I think we have a huge responsibility as a community, and the question is, what can we do to ensure that we are the good guys and that we stay the good guys? And I think one thing is awareness, so that we are aware of this responsibility,
12:02
and that we are aware of privacy as an important issue that we have to take care about, and that we know that users want privacy and they want to know what we do about their privacy. I think another thing would be that we take privacy
12:20
as an opportunity rather than a legal threat and something now we have to do. It could even be a business opportunity and a differentiator towards other software solutions, towards closed code software, and we could distinguish ourself with this approach.
12:46
But then the question is, are there any universal privacy standards away from the legal perspective? We saw already in the legal way, we don't find a common ground, so is there something else?
13:01
Are there universal standards? And if we look at other open source communities, open source TMS communities, we see that the WordPress community, for example, they tried to establish those universal standards,
13:23
and in June 2018, published those 11 principles for privacy and gave that to discussion, and said, look, that could be one way to have a common view on privacy
13:43
among all open source communities, maybe. And again, we don't need to read the fine print here, but I gave the source here, and it's really interesting.
14:01
If you are interested in the subject, look at it, and maybe it would be a starting point for us, for the blown community to work on that. So another interesting thing they did, they developed a privacy impact assessment
14:21
for site owners, for developers, for product owners, where you can look at your project and your software and see what privacy issues you have, what standards you meet, and where you should still work on, and I think that's also something very interesting we should look at.
14:41
I put it in small print here so we don't have to go into details, but just as a hint, there are already very good discussions and fundamentals in other communities we could build on, and that's one of it. So the WordPress community
15:00
is by far the most active on privacy issues. They started with a GDPR compliance team, and they wanted to make the WordPress core GDPR compliant, which they did, and they really then tried to embrace privacy as a 360-degree view and look at all the issues
15:25
that you encounter when you look at privacy, and then they developed a roadmap, what to do, and that's also very interesting to look at. All the subjects they collected that concerned privacy.
15:45
They reached then the compliance in the core. They have a privacy notice, a page basically, where site owners can just fill in the blanks and have a privacy notice. They have the data export function that GDPR requires.
16:03
They have a data erasure function that GDPR requires, and so on. Then they also integrated the privacy by design approach that GDPR asks for, and I will get back to that later,
16:23
but the interesting thing is that they also gave documentation for developers, for site owners, for all people who are concerned with privacy. They gave documentation on their website, and they gave guidelines how to write code and how to also make your add-ons, for example,
16:43
compliant to GDPR. So those resources are very interesting. The links I put there, everybody who's really interested in the subject of privacy
17:01
has a very good starting point with the WordPress community there. The screenshot is their version of the export personal data tool so that users in WordPress can export their personal data and take it to another system.
17:23
Or also, this is the version how to erase your personal data in a WordPress website. That's also a requirement of GDPR, that you have the right to be forgotten. Then, short look at Drupal.
17:41
I went to the Drupal Europe conference this year in Germany, and there were six talks about privacy experience, about GDPR, so in their community, it's also a big subject. They also started with a GDPR compliance team,
18:01
tried to make the core of Drupal compliant. They wrote documentation, and they have more than 20 extensions or add-on tools to make Drupal compliant. And I found that very interesting to see
18:20
in comparison to the other communities. Joomla started the same way. They also tried to do the GDPR compliance first, and then they developed a whole privacy tool, suit that they published, and have something they call privacy dashboard, a health check, and several plugins
18:42
where you can ensure privacy for your website. And among the documentation for developers, something they share with the other communities we saw, and something really impressive is then that they have a collaboration space where 580 people are interested and joined them
19:05
to really work on all the add-ons and the privacy tools they develop. And something you really know, or they did really well in my opinion, they tried, or they used it for marketing too, so they have a whole release, the 3.9 release.
19:25
They called it the privacy release so that they could really tell the public, look, we did something, and they knew how to communicate this to the world. So let's turn to Plone and see what we have.
19:44
For privacy experience for our users, and I started by Googling, Googling Plone plus privacy. Then I went to Plone.com, I went to Plone.org, I went to the community forum and so on, and I just wanted to see what is out there.
20:04
And on Plone.org, I just found the privacy policy of the site. And it looks like this. So I think it would need a little bit of love to make sure or to show a user that really care about privacy.
20:22
This is more like, okay, I pasted the text somewhere. That's it, take it. I think it's even made with a free tool, with a, yeah, creation tool for privacy texts. And that's the only thing I found on the website.
20:43
Then on the documentation for Plone, there's also nothing. Even in the developing, or in the section for Plone developers, the search for privacy doesn't give any results.
21:00
So we don't talk about it at all. And on Plone.com, there's also no, nothing, no single word or word privacy is not found one single time. Then in the forums, I searched for privacy. And finally, I found something interesting.
21:22
I found a discussion and I found the tool, the collective privacy tool that was proposed there. And I think there we are in a good way, but I can't tell much about it. But I think Matthew will say more about that
21:41
in his talk Thursday about privacy best practice in Plone. So something similar, I guess, to what I talk about. But from what I know, he will, of course, show collective privacy in detail. So that's a good start, I guess.
22:03
And let's look what else we can do, or where we are. So privacy in Plone development, what's done? We have collective privacy. Probably a lot of us developed our own code snippets, at least providers in Europe. We had to publish cookie consent messages and so on.
22:24
So we had to use third party tools or develop our own code. So there probably is something. And I don't know, maybe something else I'm not aware of. But I would like to add some suggestions for discussion,
22:42
what we could do and what we should do maybe. So the first thing is kind of an assessment, maybe following this assessment I showed from the WordPress community before, that we really look, what's our status? And that we write down what the status of privacy is
23:03
in Plone Core and make that public and show people, look, we talk about security and how strong Plone is on a security level, but we should really focus on the privacy part and then publish it, because from my experience,
23:22
that's what people want to know. Like in the GDPR discussions earlier this year, my customers asked, so what cookies does Plone set and how is user data stored in Plone and is there a possibility to access user data and to export it and so on?
23:41
That's what our customers ask, but there's no documentation about it. So we could do this assessment and then write it down. I think we could also follow the examples from the other communities and give some guidance for the developers. So how we should develop for privacy
24:04
and privacy by design, for example, we should tell them those are the principles we should follow and make clear, maybe there could even be a certification for add-ons or whatever, that you followed privacy standards and principles.
24:27
Then of course, we could develop more features. For example, for the GDPR compliance, also following the examples from the other communities, the data export features, data erasure features,
24:42
privacy notices maybe. For example, we have this accessibility default page in Plone where we say what our standards are in core. We could do the same thing for privacy, for example. It could be a default page where you say, Plone adheres to the following principles and follows the following rules.
25:06
Yeah, then question, of course, what about all the plugins, all the themes? How can we make sure that they follow privacy principles? And the first thing would be, of course,
25:21
to give people guidance and documentation of what to look at. So that's a big project. If we see it, for example, in WordPress, they created a roadmap. It's a process over several months or even years.
25:41
It's nothing you can do at the one-time shot. So I think a roadmap, if this is something that we really see as an important thing for Plone and for the community, we could have a roadmap and work on the different issues.
26:02
Privacy by design, I just want to show those seven principles. I don't want to go into details here. It's a framework that was developed in Canada already in the 1990s. So it's nothing new, but it came to our mind, I guess, with the GDPR.
26:24
So also this is really a good starting point if you want to work on privacy for Plone. Then let's switch to communication and marketing. What's done there?
26:42
Well, I don't know. Like, I didn't find anything, as I said, in my searches. I didn't hear anything. So maybe somebody has an idea or can add something what I don't know, but I think we didn't do a lot in this field.
27:00
So here's some suggestions what we could do. We should talk about privacy. I try to do it now. And I want to encourage you to do the same, maybe in other places, other conferences, other venues, and make sure to the public that privacy matters to us,
27:22
and that we do something about it. So talks in conferences, documentation on our website and so on would be a starting point there. And as I said before, an accessibility statement
27:43
like version for privacy in an empty Plone would also be a good thing. Then in the beginning of my talk, I talked about cultural and legal differences
28:01
between countries and parts of the world. And I think for us as a community and in our communication, it would be good that we make clear that we see privacy as something positive. So when I showed this example of the privacy notice on Plone.org,
28:23
I think your first feeling is, okay, this is nothing important for them, and we should change that. We should have a different cultural approach, a positive cultural approach to privacy and see really as something that could be good for us. And our users, of course, in the main point,
28:40
as the main point, and it should not be only a legal constraint. So use transparency and privacy as a differentiator so that we can really show we are the good guys. Then privacy in Plone community work. What has been done? I don't know.
29:01
Nothing that I'm aware of. So here, some suggestions too. In the first place, of course, we need people. We need people who are interested in this subject matter. And I can only propose if somebody from the audience is interested,
29:20
we could maybe use this time we have now in Tokyo and meet for open spaces, or we could use the sprint days maybe and work on parts of the privacy experience I mentioned, or other parts maybe that you are interested in. So yeah, maybe we could talk about that
29:42
in an open space format in the next days, or during the sprint. And also, the WordPress community communicated pretty openly that they are interested in working together with other CMS communities. And there are talks between WordPress, Joomla, Drupal.
30:05
They are always in an exchange. In Germany, we also represented with Plone in the so-called CMS Garden. It's an organization where open source CMSs are joined together,
30:21
and there would be an opportunity to bring our forces together with them and really work in the same direction for privacy issues, for example. So I think it's for sure that we are the good guys.
30:44
Let's show it to the world. Let's start the work that we have to do. And if we have to prioritize what we do first, I would say let's do things first that are visible to users. So that users of our communication tools,
31:01
our website, the Plone website, see first. And also, if you install an empty Plone website, well, they see then there should be some hint that privacy matters to us. So that should be the first thing we do. Then we should, of course, assess and document everything that is security related
31:21
so that people know what they have when they work with Plone. And then we could also give Plone a whole privacy branding, but it's really a differentiator that people see, wow, if I use Plone, I really have a system where people work who care about privacy.
31:43
So thank you very much. I think there are a few things open for discussion. For example, I would be very interested in your opinion on those universal privacy principles
32:00
of that could be something where we also work on, where we contribute something. I would be interested in getting your idea about this positioning, about this view of Plone as to have a privacy branding. And of course, I would be interested to know
32:21
if you are interested in working on privacy issues in the next days in open space formats, for example. So if you have any opinions on that, I would appreciate your feedback. Thank you very much.
33:00
Have you already, for your website or for customer's website, worked on privacy declarations that are understandable and easy and could we use or reuse or translate some of them
33:21
if they were in German? Because yeah, part of it is also how to write it and it has to be understandable and so that it's not just legalese. Do you already have experiences and things that we could probably use? If you want to write a privacy statement
33:42
or a notice for a website, of course you have to really look at this website. So it's not only Plone as the system that counts but everything else, all the add-ons or all the third party systems that are connected to the website. So we relied on lawyers, on legal text
34:01
that we then used for our customers. But all our customers who did it themselves, they came to us and asked about Plone. They asked about the basic system and they wanted to know how do you handle your user storage and how do you handle privacy
34:20
in general in the core system. So that's something we should think about. But I think we cannot make sure that an individual website, for example, would be GDPR compliant. That's not our job. But yeah, so the legal notice would only concern the Plone core, I think.
34:43
Yeah. There's some websites that sort of try to automate those privacy statements a little bit
35:00
by looking at the stack and the plugins and the different things that you're using and combining privacy statements from each of those. Do you think there's scope to do that within Plone? Like have some system where the plugins each have a privacy statement, maybe? I think that could be a good idea, yeah.
35:21
But we have a whole, like a large ecosystem of add-ons and I think you will never be able to have privacy statements in all the add-ons and maybe you give a false pretense, you give a false security for a site owner if you tell him, okay, all the privacy notices
35:43
from add-ons and so on are collected together to one place and you are sure now that your site is compliant. So it could be something that you tell add-on developers or that it's kind of a requirement for the future
36:02
that there should be a privacy statement, that they should say what happens to data, does your add-on transfer data to third parties and so on but I don't think that this could be the only solution or the main solution to make a site compliant. So another question is, if you've just got
36:25
like a straight-blown site and you're not collecting any information, you don't have forms but what you have is the users who are using the system, how important is that to have, like should you be doing anything to make a GDBI compliant for that
36:41
and also if your site is not based in Europe, how much should you be worried as well? I think you should always say something about privacy wherever your website is hosted, wherever your target audience is. I'm not really focusing on this GDPR compliance
37:03
but I wanted to show with my examples that privacy matters everywhere in the world and that users everywhere in the world care about privacy. So I would lead from this more universal perspective that we should really say, look, if you use Blown,
37:23
you have a system with a strong security, you have a system where we take care of privacy and it shouldn't be so much focused on this European GDPR issue.
37:41
I was wondering, the technical nature of Blown and the ZODB plays into privacy. When you're editing anything, old versions of objects remain in the ZODB, remain recoverable and besides that,
38:04
other kinds of functionality is built on being able to reference older versions of content. So if you want to give someone all the information that you have about them, probably you're giving them the current versions of everything or if you want to delete something,
38:21
can you delete all the information that you have about someone without messing with other editing histories or object version graphs in the ZODB? I'm not a developer, so I'm sorry I can't answer technical questions. I'm more interested in the approach to privacy
38:44
and what we could do but I couldn't say anything about versions or about technical implications there. My understanding of the legislation
39:01
with regard to versioning is that there's some ability to sort of say, well, here's our backup policy, there's the right to be forgotten but there's some lenience with regard to versioning and backups. So if you say, okay, so we deleted the data but it's in backups for the next six months. Don't get legal opinion, this is my understanding.
39:22
So you're not completely lost. You don't have to wipe all your backups and stuff like that. Otherwise, pretty much everyone's screwed with regard to backups. So that's my understanding.
39:45
I don't think we have to wipe all the backups. I guess it's probably not needed to keep backups as an archive for half a year. That's not necessary usually for restoring the data. You only need it for a shorter time period
40:00
and that's totally fine. I think technical-wise, we could have some stuff because there are some requirements from GDPR but it also makes sense for other regions to make it possible to find data for specific users,
40:21
delete them, make it easier. Now it's almost impossible. I mean, the ZLDB is packed after one week usually and then the deleted data is gone, that's fine. But we need some ways I think to identify user-specific data like form data
40:41
or even other stuff we have in the database and there are some gaps I guess. I have not seen much so far. So we could have some core functionalities. We could also look at other systems because there's a lot of ongoing.
41:03
I know in WordPress they did a lot. Exactly, that's what I showed with the examples. In WordPress, for example, they already have those tools and yeah, that should be something or could be something we work on too, yeah. Thank you very much, we're running out of time.
41:21
I'd like to see you again in about one hour. Thank you again.