Besides Debian’s aging bug tracker interface, another challenge as the Debian Linux distribution project begins 2026 is that all volunteers have left their Data Protection Team. The Debian Data Protection Team deals with General Data Protection Regulation (GDPR) issues and related data protection/privacy related matters.
A few days ago a call for volunteers was sent out by Debian Project Leader Andreas Tille to join the Data Protection Team. Debian’s Data Protection Team was established back in 2018 for dealing with European data protection legislation like the GDPR. But all three delegated members of the team recently stepped back.
Seems like a lot of legal liability for voluntary work, hopefully one of the many projects that bases off Debian can lend a hand.
Where did you see the mention of personal liability?
Highlights from the very short write-up for visibility. Bolding is my own. Read the full ten paragraphs.
… A working knowledge of data protection, in particular the GDPR, is essential. In practice, the workload has been low: the team handled four requests in 2025. Additional proactive work, such as improving the privacy policy or advising teams on data-handling workflows, is welcome but optional and can be shaped by the interests of the volunteers.
This is a role which requires trust. An established track record within the Debian community is therefore important, and it may be difficult for someone who has only very recently become a Debian Developer to take on this role immediately. Since formal delegations can only be made to Debian Developers, this status is a requirement for the role."
