Besides Debian’s aging bug tracker interface, another challenge as the Debian Linux distribution project begins 2026 is that all volunteers have left their Data Protection Team. The Debian Data Protection Team deals with General Data Protection Regulation (GDPR) issues and related data protection/privacy related matters.
A few days ago a call for volunteers was sent out by Debian Project Leader Andreas Tille to join the Data Protection Team. Debian’s Data Protection Team was established back in 2018 for dealing with European data protection legislation like the GDPR. But all three delegated members of the team recently stepped back.
The lack of Debian Data Protection Team members was raised at DebConf 2015 but ultimately no one stepped up to volunteer and thus the Debian Project Leader is serving ad-hoc in this role for any data protection inquiries. But there’s a fresh call-out now for new volunteers for this team.
Andreas Tille further shined light on the issue today within the Bits from the DPL. He explained of the situation with no Data Protection Team members:
“As you may have read in my recent call for volunteers, Debian currently has no active Data Protection Team. All previous delegates have stepped back, and the delegation has therefore been revoked.
This leaves Debian without a dedicated team to handle data protection and privacy-related matters, which is not a sustainable situation. I would very much welcome volunteers who are interested in data protection and privacy to help re-establish the team.
Several people asked for more detail about what the role involves. A working knowledge of data protection, in particular the GDPR, is essential. In practice, the workload has been low: the team handled four requests in 2025. Additional proactive work, such as improving the privacy policy or advising teams on data-handling workflows, is welcome but optional and can be shaped by the interests of the volunteers.
The previous team stepped back mainly due to a lack of capacity and enthusiasm to take the work further, not because of specific problems. There are no formal external relationships, no requirement to be in a specific location, and some handover support is available if needed.
This is a role which requires trust. An established track record within the Debian community is therefore important, and it may be difficult for someone who has only very recently become a Debian Developer to take on this role immediately. Since formal delegations can only be made to Debian Developers, this status is a requirement for the role.”
Hopefully there are new Debian Developers to step-up for addressing the data protection and privacy concerns within the Debian Linux project.
