GDPR Compliance 🇪🇺

Since many of you have asked about our plans to make GDPR compliance easier on the administration side, here is the GitHub ticket where that is currently being discussed:

Feel free to join the discussion!

I dig up this old message.

What are the current situation of indico about GDPR ?

I got more request every day (well … very often) about GDPR, at the last one are to give the opportunity to the registrant to not appear in the list of the participant


There are currently no resources allocated to this (at CERN). We requested some but we didn’t get them in the last recruitment round.
I agree that hiding names from a list of participants is important functionality that is currently lacking, given that the only alternative is to just hide the list altogether.

As I wrote on the ticket, this matter is very important for the whole community, and given that it’s taking us long to be able to fund this effort, this would be a great opportunity for anyone willing to contribute some development time to do it.

Indico should treat in the correct way also personal “sensitive” data. For example, when in a conference registration a user insert the list of food allergies, this becomes a “health-related” data and then subject to specific processing condition.

I suppose it should be enough to assign that kind of data to the user’s profile and report to the conference only the number of attendees with that specific food needs, but this is only a “2 minutes” analysis.

I think that is a bit too specific - and to stick with your example, I don’t think it would be very useful for you as the event organizer. After all, you need to know WHICH of your participants need special food, not just how many (but of course you’d probably only provide the number of meals and not the list of names to the catering service).

However, with what we’ve planned - being able to mark certain fields as containing personal data that should be removed eventually - you’d simply mark the field where people specify their special food requirements as containing such data, and after the event you’d run the sanitization tool in your event and this data would be deleted.

Well, it would actually most likely be run automatically, depending on the configuration.

Well not really lot of thing to say, just to dig up this message again, to make it not completely buried.

The first round of privacy-enhancing features is already in production at CERN, in Indico 3.2. A public release is expected soon.