We make use of the JavaScript SDK, Node SDK and the new minidump endpoint all in our Electron application.
I’ve been tasked with ensuring that our app doesn’t fall foul of the EU’s new General Data Protection Regulation (GDPR) requirements that come into force for anybody storing EU citizens data after May 2018.
We basically need to ensure that we don’t store any user identifiable information otherwise among other things, we would need procedures in place for users to be able to request or delete the data we have stored about them.
I’ve seen the data-scrubbers option but I’m not sure whether it will be enough for these purposes.
Part of the issue is that we can get Node exceptions and they can often include paths, and paths often contain usernames:
Heads up: this is not legal advise and the opinion of an engineer on the project.
We have a few ways in which we are looking at GDPR. As far as sentry.io is concerned you can reach out to support to figure out everything involving the contractual side of things. We are committed to it
As far as actual PII collecting is concerned we are guaranteeing you that data is only retained for 90 days. This should help you a long way to get information of users deleted as it will automatically fall out of the stream. Most of this information is unlikely to be indexed.
With regards to user home folders and server names go: these by themselves are unlikely to be considered personal information if that’s all the information you have as you cannot go from this to an individual however obviously the lot of it might change that. We are generally evaluating our PII stripping to see if we can improve this but there you are likely to enter the territory where you just cannot reliably get it right. As such I would probably not attempt to great Sentry as a service that absolutely will never receive any PII.
Speaking as an engineer on the project and not so much as a lawyer I think to best fulfill the spirit of GDPR we will attempt to improve the PII stripping to cover more cases but to aid customers in fulfilling their GDPR obligations. I do not think it’s possible that Sentry or a service like it can be used in a way where it could be reasonably argue to not be in GDPR scope.
If you have specific suggestions on your part about how we can make it easier for you to achieve GDPR compliance you will always find open ears.
“I am not a lawyer and I am certainly not your lawyer” .
I think much of the concern from my customer is panic and it appears nobody seems to know what the new regulations are going to mean in practice.
I’ve been reading some guidance on the subject and personal names do appear to be included even if they don’t directly identify the person. It’s a shame there is no simple regex for human names .
I think to best fulfill the spirit of GDPR we will attempt to improve the PII stripping to cover more cases but to aid customers in fulfilling their GDPR obligations
Yes, I agree that it will be impossible to remove all PII and that keeping to the spirit is all that’s required. We will accidentally collect PII and there is little that we can do about that. At the moment, my thinking is that to keep to the spirit I would need to do a little more than I currently am.
For the first two images I posted, we can probably fix this ourselves using the callbacks in the SDKs and some regex replace. The paths for minidump modules could be fixed by moving the Electron temp directory to another location on Windows.
Stripping personally identifiable information (PII) certainly is in the spirit of gdpr and would be a good thing. In addition; I wonder if Sentry can be seen as a ‘data processor’ handling data on behalf of the rest of us, the ‘data controllers’. If so you may want to write a standard contract. Just something that we can put in our voluminous gdpr folder.
Just a quick aside, but the username in the file path is likely not enforceable as a means of identifying an individual. It’s possible that combining that with something else is, but that alone likely wouldn’t. Same with the machine name. Additionally the company name is not a concern as a company is not a European citizen. If someone chooses to use their full name (or email address) as their machine name, I think that would fall outside of scope of GDPR given we can’t cover every case and thats not a 1:1 mapping.
(I’m also not a lawyer but I am responsible for our GDPR compliance process and have been somewhat educated on the requirements and concerns.)
Sentry itself will be GDPR compliant ahead of the deadline, and we’ll be sharing more information on that soon. As part of that we are both a controller and a processor, though we’re primarily a processor from our customers point of view.
With all that said, there’s no value in knowing the actual absolutely path on the file system in this case, so ideally we’d just strip it. Thats more about overall experience vs GDPR/privacy though.