The Linux Foundation and the GDPR

As you may be aware, the European Union’s General Data Protection Regulation (GDPR) is leading to many changes in the regulatory framework for protecting personal data of EU individuals. You may find it useful to review our “Summary of GDPR Concepts for Free and Open Source Software Projects” white paper. The Linux Foundation will be compliant with the GDPR as of its effective date of May 25, 2018. The revised policies described below go into effect on this date.

Like many other global organizations, The Linux Foundation has been working hard to review the ways that it collects and processes personal data, in preparation for the effectiveness of the GDPR on May 25, 2018. As part of this, we’ve updated our policies and have enhanced the ways that we protect the personal data of people who interact with The Linux Foundation and our projects and services. We wanted to explain a few of the updates and changes we’re making.

We have updated our Privacy Policy to clarify and improve privacy protections and align with GDPR requirements. Briefly, the updated policy includes the following changes:

  • Clearer and more specific language. Our new Privacy Policy is easier to read and uses plain language where possible.
  • More details about our privacy practices. We provide more information about the types of personal data that we collect; the purposes for which we collect and process it; and the instances where data may be shared with third parties.
  • Information on your ability to control your personal data. We outline details about your legal rights under the GDPR regarding (1) how to get specific information about the processing of your personal data, and (2) how to control the ways that your personal data is processed.

Please take a minute to read the Privacy Policy itself, as the above points are just a quick overview of a few of the main changes.

We have also created a Cookies Policy to clarify how The Linux Foundation’s websites use cookies. The updated policy includes details about the specific types of cookies we use, a list of third-party cookies used on our sites, and information on how you can disable cookies if desired.

We have taken other steps as well to ensure compliance with the GDPR. These include performing an analysis of how we collect, process and transfer personal data throughout our services; documenting our lawful bases for this processing; updating internal processes and policies relating to the handling of personal data; and entering into data protection agreements with key third parties.

If you have any questions, please feel free to reach out to us at privacy@linuxfoundation.org.