Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Jira Software
Questions
Legal problems with Jira

Legal problems with Jira

Hello Atlassian,

we are using Jira a lot here in Germany. Almost always we will have international team members spread around the world to use Jira.

Jira provides a lot of functionality around tracking status and reporting, examples: Burn-Down chart or individual team member contribution.

Unfortunately this is a serious problem in Europe and especially in Germany as there is a data protection / privacy law in Europe / Germany, not allowing access to personal data outside of the EU unless you apply certain (difficult) measures. Personal data is any data (in Jira) that can be mapped to an individual person.

Is there any legal department in Atlassian that has thought about such privacy problems or does Atlassian even have procedures in place how to use Jira in an international environment while being compliant to the laws?

Cheers
Andreas

ps: Some more details:

To be compliant (!) with the law options would be needed that certain data can be seen in detail only by very limited group of people.

It would be needed for example support for a scenario that a Scrum Master can see only the details of his own team but not the details which team member of another Scrum team has reported on his tasks. Similar for team members. Any team member should see maximum only details of its own team but not from any other team.

3 answers

1 accepted

1 vote

Answer accepted

That's the reason a lot of Europeans can't use Atlassian OnDemand - with hosting in the US, it's subject to the Patriot Act, which is almost always an automatic breach of European privacy law (assuming Jira is holding personal details on users. Such as email addresses)

I'd be interested in Atlassian's opinion on this too, as I've got clients who would benefit from OnDemand, but simply can't at the moment - their lawyers instantly say "no" and walk away.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hello Atlassian,

i received now several emails from the system to accept an answer or do something else. I was also aksed to "Please be a good Answers citizen!", while i have received 0 answer from you.

Actually i am very much disappointed to see things like that. Since May Atlassian has not provided a single statement on an important legal question while Atlassian earns money by selling licenses to companies.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I think that's a little unfair on Atlassian, although I do realise that what I am about to write does not seem to have been said to you before, so your annoyance with them is down to failed communication on both sides.

"Answers" is a community of Atlassian users. It is not Atlassian. They provide the site. They have accounts, they read the questions and answers, they do some moderation, and they very much get involved in answering questions and helping people. But there is no guarantee that they will answer, or even read, any of the questions here.

The mails you've had about accepting answers are because you've asked a question and not flagged any answer as correct. It's cleaning up and reminding people to close stuff that's dealt with. The robot doing it does not know that your question has not been answered to your satisfaction, only that it's open.

But. Essentially, you've asked the question in the wrong place. We're users, not vendors. It's the right place to ask for help, but if you have legal concerns, you need to contact Atlassian directly, not their users.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

0 votes

https://marketplace.atlassian.com/plugins/com.devoog.jira.plugin.encrypted/server/overview

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Can't be used on Cloud, so it's not really relevant here.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

0 votes

From time to time this topic comes up elsewhere. I'm wondering what your final solution was and any learning along the way? Did you move to a privately hosted environment? If so, did you consider using encryption plugins? Or might you have hosted the PII or SPII data in a secured server with only links to it in the cloud Atlassian hosting?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS

Community showcase