I've already requested this, and my stats scripts automatically delete user data/host and team data that have been in the xml but no longer appear (used to be a soft delete, but I switched it to hard delete last week).

However as soon as I see terms like legally binding contract, it gives me pause whether to continue something that is after all just a hobby.

Sounds too much like work - I was involved in quite a few of the legal meetings when we at American Airlines migrated our SAP Financials to IBM's Cloud a few years ago.

Great - I'm glad you have been donig that even without GDPR. The stats export has both an implicit (the user and hosts willl no longer appear in the stats export) and explicit (for 60 days there will be a list of userids/cross project ids and hostids/cross project ids) exported accounts that have been deleted. We implemented this in BOINC itself and you can read the details here: https://boinc.berkeley.edu/trac/wiki/RightToErasure#DataExports


We are worried about the impact this will have on hobbiest such as yourself and we hope that the contract isn't too scary. However, GDPR gives us no leeway on this issue and we have to be in compliance.

The Byteball distribution is broken cause of this issue. I hope you will give them quickly an access.

I am not a lawyer nor a politician so I will try to explain what I have been told.

Our webpages (i.e the HTML form) provide a service that we are reponsible for and when you come to our website and view our web pages you are consuming that service. We own the data that is shared and we own the responsability to only present data to you that was authorized by other users of our service.

The API's were designed to allow other people to take data from our system and then display or use it somehow in another system. Thus they become a service provider (or 3rd party processor) using the data from our system. Under GDPR, we have to control that data and make sure that it is used as allowed by the users of our system. Thus if a user of our system revokes consent and wants their data deleted, we have to make sure that these 3rd party processors (i.e. people who have consumed the data to render on their systems) are also delete that data.

I believe that screen scrapping would be a disallowed use of our website and thus the data would have already been collected without our permission.

Again - I'm not a lawyer, but the above is my understanding of the difference.

Hi knreed, thanks for your answer on html vs xml.

I really hope it will turn out that the data of team members would turn out to be not personal identifiable data or something, because otherwise it feels like the end of DC as we know it... If it is no longer possible to post the team member results on a forum, then that kind of takes the competition element away. :'(