Page MenuHomeMiraheze

Review Imgur CSP Entry
Closed, ResolvedPublic

Description


CSP REVIEW

  • Is the site equipped with a privacy policy? Yes
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? Denies being subject to GDPR: "Imgur does not collect “personal data” about, or monitor behavior of, “data subjects” as those terms are defined in GDPR Art.4(1), nor do we “target” individuals in the EEU."
  • Does the site provide a list of personal data being collected by using the service? Yes, see PP
  • Is the website owner known to have a bad reputation regarding privacy? No
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Unsure
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Likely yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? There is a privacy email but unclear whether there is a privacy team or DPO: [email protected]
  • Is the site equipped with a security policy? Yes, see PP
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? General info; no specifics
  • Is the website owner known to have a bad reputation regarding information security? No
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? Doesn't appear to have one

Event Timeline

John triaged this task as Normal priority.Aug 28 2021, 19:22
John created this task.

While a few requirements seem to not be met, the website only deals in image sharing/hosting so it would seem reasonable to accept to me under the circumstances. T&S may want to look further into the GDPR issue however, which I'm not sure about.

From my understanding, if the data is anonymised which it seems so then there's no GDPR issue. It seems they've gone to a great length to simply avoid having personal data in a way that GDPR would cover it.

Owen subscribed.

The assessment looks fine, anonymised data means it can't be traced back to the author/source so GDPR is fine in this regard.

John claimed this task.
John moved this task from DTech Review to Completed on the CSP Review board.