Portable identites (MSC 2787) and the GDPR right to rectification, a pressing need for server operators
Michael S.
Most of the discussions around privacy laws have been focused on the protection of data and condition of processing. But some others rights are starting to be litigated more widley and will soon play a bigger role for IT systems managers. This talk will focus on the GDPR article 16 (right to rectification), and how the current Matrix spec is inadequate for servers operators aiming to let people change their username, since MXID can't be changed (as of this proposal writing in June 2025).
Based on the ongoing work done by the Fedora community on the Fedora Username Change project, on recent legal cases in Europe, we will see why the adoption of MSC 2787 (Portable identites) should be more than a nice to have, and how it intersect with questions of privacy and anti-discrimination. The talk will also touch on the topic of SSO configuration and downstream consumers best practice to deal with such changes.
