After announcing the bot, a few people contacted me to warn that my current legal basis (Domestic exemption) probably can't be used when sharing the information. That is, it'd cover processing for my own purposes, but not making available - at least as far as any of that information might relate to an individual.
I had initially been working on the basis being Legitimate Interest, but then thought that Domestic exemption applied (and removes a lot of compliancey stuff). Need to finish documenting that.
Activity
19-Jan-23 08:30
assigned to @btasker
19-Jan-23 19:12
mentioned in issue jira-projects/GDPR#1
20-Jan-23 08:43
mentioned in issue #4
20-Jan-23 08:47
I raised a GDPR ticket (the first since migration to Gitlab!) to follow up on this. The Legitimate Interest Assessment is complete, what remains is to create some privacy policy wording for it.
A task has also arisen as a result: the bot should be adjusted to only publish/toot during the UK daytime. This is to help ensure that if a mistake is made, it's not tooted out at
0100and then left online until I wake up and become aware of it.I've raised #4 to track that
20-Jan-23 13:00
New Privacy Policy has been written and is now available at https://mastodon.bentasker.co.uk/privacy-policy
20-Jan-23 14:00
My original post has been updated to reflect this https://www.bentasker.co.uk/posts/blog/security/autodetecting-and-outing-mastodon-scrapers-with-scrapersnitchbot.html#new_legal_basis