4–7 Nov 2019
Please log in

OSS shaping the future of data protection compliance

Cristina DeLisle (XWiki SAS)
11:0011:45 Thursday, 7 November 2019
Location: Expo Hall Sessions
Secondary topics:  Best Practice
Average rating: ***..
(3.50, 2 ratings)

Who is this presentation for?

  • Developers, OSS communities, and jurists




The evolution of legal norms has centered on privacy as a core value, as it becomes more and more important to keep up with the features and dynamic of technology. The recent changes brought by the EU’s GDPR have made this even more relevant as it imposes a uniform set of rulings to be applied in a variety of ecosystems. Also, besides its versatile mechanism of enforcement, it seems that it’s becoming the new unofficial standard of the future. The OSS field is well known for its concept of community formed around an OSS project, which contributes to its development as it evolves. This may be one of the reasons a lot of projects have set privacy by default and by design as its main ambitions, as it expresses a need of the people to have their data protected. The GDPR is undoubtedly an effective tool to raise awareness about the right to privacy by enforcing data protection principles. However, each field of activity is currently setting up best practices, which eventually will become complementary to the legal norms.

Cristina DeLisle details how the provisions of the GDPR apply in the OSS field and how to analyze the model of data controller or processor in the context of OSS participants and infrastructure providers. Moreover, she analyzes how privacy is and could be further enforced by the OSS model with the examples of XWiki and CryptPad. XWiki is an OSS project started 15 years ago that currently has a mature company provide services on top of it. It involves actors from all over the world, including members of the OSS community, customers, collaborators, and team members. CryptPad, on the other hand, is a project developed with the aim of placing privacy by design as a core principle with the use of end-to-end encryption for data protection.

Ultimately, everyone needs to become more privacy aware, and whatever role we you find yourself in, as controllers or processors of personal data, as authorities or even as data subjects, everyone is participating in shaping the future of privacy.

What you'll learn

  • Understand how the open source ecosystem is tangential to the GDPR data protection principles and how the data protection rights and responsibilities are shared between the community participants and the community's infrastructure providers
Photo of Cristina DeLisle

Cristina DeLisle


Cristina DeLisle is an office and legal administrator and a data protection officer at XWiki SAS. She became interested in software when she began to work at XWiki and CryptPad, open source projects that made her more tech aware, coming from a juridical background. She’s following the GDPR’s evolution, striving to ensure on a daily basis compliance with the applicable data protection rules.

  • AXA
  • Contentful
  • Datadog
  • HERE Technologies
  • QAware
  • SIG
  • Zara Tech
  • GitLab
  • NearForm
  • WhiteSource
  • Cloud Native Computing Foundation

Contact us


For conference registration information and customer service


For more information on community discounts and trade opportunities with O’Reilly conferences

Become a sponsor

For information on exhibiting or sponsoring a conference


For media/analyst press inquires