GDPR Compliance

[beberlei]

PHP RFC Watch scrapes Names and E-mails from the PHP Wiki without asking for consent.

This could be done by keeping a MD5 list of e-mail addresses that have given or denied consent and sending an automated e-mail asking for consent when first discovering a new user.

This is not strictly legal though, as asking for the consent could be seen as already violating users privacy.

[stof]

AFAIK, this tool is never displaying the info. So we could avoid storing them entirely:

• stop scraping the RFC author as it does not seem needed
• for votes, associate them with a hash of the username instead of the username itself. This way, you don't have personal data in the database