People directory from Jira Core Cloud & Confluence violates GDPR rules and policies

Marius February 20, 2020

I manage multiple Jira Cloud instances for different customers (create advanced workflows, transitions, resolutions etc).


I've set for one of my client from Europe in Jira Core Cloud different Projects with different permissions scheme, to have users access only to the projects they are part of. As long as my customer collaborate with different freelancers & companies from Europe & SUA he give access them to his Jira Core Cloud instance in different projects with different access. Till here everything was perfect but Jira Core Cloud & Confleunce do not allow you to disable People Directory, so all users who have access to that Jira Core Cloud instance can see all users profile with full name, profile picture AND start a team together, doesn't matter they are part from different projects with different access.

So, my Europe client get an complaint from an Europe freelancer because is not respected his privacy and he was invited / contacted by other users (companies) to different teams from "People directory". My customer told me to restrict access to People directory to all users, but Atlassian do not have this option in Jira Core Cloud & Confluence. In that case my customer tell me to remove all users from Jira Core Cloud & Confluence except his team.

In that case Atlassian understand that:
1. People directory violates GDPR rules and policies?
2. With People directory available to all users even if they are not part from same project most of contractors of Atalssian products from Europe are forced to remove a lot of users and Atlassian will loose money?

0 answers

Suggest an answer

Log in or Sign up to answer