On GDPR and Mibew Messenger
Warning! This text should be considered only as a private (and non-professional) opinion. If you really want to comply with GDPR we’re strongly advise you to consult with a professional lawyer. We’re neither lawyers, nor EU-citizens. Please have that fact in mind. 😉
The roots of this text lies in the appropriate issue at Github.
TL;DR: Mibew Messenger is a tool, not a stand-alone application. At the moment we believe that it has all necessary means to help its owner comply with the GDPR, but it has to be set up the proper way. So, it’s up to a webmaster.
To begin with, what’s it all about? Almost 3 months ago EU started to so to say globally protect users from data leaks, privacy related issues, etc. And new rules contained in the document named General Data Protection Regulation (GDPR) affects almost every web site and/or app that somehow interacts with users and/or store any ‘personal data’.
or not to publish a private sex conversation between EU commissar on family and childhood with non-standard taste and 86-years-old temporary employee impersonating a little girl? ah, nevermind.) Moreover, one should also give a visitor right to demand export and/or deletion of their personal data.
Please don’t get us wrong. We strongly believe in human rights. And we believe that people’s privacy should be protected. But we don’t believe that it can be achieved through some state regulations made by bureucrats who can barely use Google without a couple of assistants. And we doubt that GDPR will stop data leaks from sites owned by huge multinational corporations.
Actually we don’t care about EU and their regulations. But some users of our software does. And we’ve developed two things that can help site that use Mibew Messenger to comply with the GDPR.
2. The plugin to perform bulk operations over chat logs. Now an administrator will be able to export or delete chats found by search query. (It’s easy to install, easy to use, and doubtfully useful.)
Also one could use another plugin to not store logs at all (erase it immediately).
An important thing that we have to mention. Mibew Messenger doesn’t store any ‘personal data‘ by default. It can ask a visitor to enter the name and the email at the pre-chat stage, but it’s an option and provided values are not validated. The name of a visitor could be (and in fact is) non-unique. So it’s impossible to identify a person with it. Multiple visitors could make use of the same name. Maybe one could identify a person with a combination of email, ip and a name, but it’s hard to tell. So if you’re going to export chat logs on demand, please make sure that you’re providing logs to a right person. In our opinion it is better to not provide chat logs at all than to give anyone other people’s messages.