While that deprecation period is now over, as of today user names (and user keys) are still returned in webhooks. For usages that do not use Atlassian Connect, user names are still supported in Jira Cloud REST APIs. (User names stopped working for Connect around April 2019).
Starting next week (Monday December 16) we will begin the process of removing user name support completely from Jira Cloud webhooks and Jira Cloud REST APIs (in line with the privacy migration guide linked above).
currently i am using jira-rest-java-client-core v5.0.4 as my clientâŠ
who maintain this artifact?
âUserJsonParserâ will be update with the new structure for 5.x.x version?
You may wish to investigating generating client code based on our published Swagger spec for the API. Note that you can reach out to our support team and they can temporarily white list your site from the changes to allow you some extra time if you need it.
@dhollinger In Jira, other Personal Data (PD) that we return in APIs obeys the privacy preferences of the individual user. This includes display name, email and avatar.
Iâd like to understand one point:
the users we have in our Jira instance are our employees. We manage the contractual relationship with them and take care of all agreements directly with them on how weâre gonna use their corporate data.
Why is Atlassian imposing changes like this if the data are mine? I understand you have a single account for all Atlassian poducts, but this account is owned our my domain admin and only exists for the employee (while working for us). Everything they produce using our account is under our responsibility, for bad or for good.
Hi @BrenoLima. I am not a lawyer, but my understanding is that Atlassian has responsibility for personal data that we process and store. (For GDPR we are the âData Processorâ. I think that is the term. A similar concept exists in other jurisdictions.)
Thus we are required to facilitate and respect privacy preferences for end users. Because a personâs user name is personal data, we would be unable to respect the personâs privacy preferences if we continued to return user names in our public REST APIs.
Hi @bkelley, youâre right, there are the Data Processor and Data Controller.
This decision of showing or not our employeeâs data is under our accountability as data controllers, Atlassian responsibility is to process data on behalf of my company, according to your contract you have with us, not directly with our employees.
Sorry for being so incisive, but hope you understand that Atlassian is making decisions regarding our data and our employee information without our consent as the legally accountable by our employeeâs data. This is a critical topic, so Iâd like to kindly request you to help me as a customer with over 3k users being impacted by this, to address this topic within Atlassian legal team, is that possible?
There is some misunderstanding here, maybe mine, but that would need to be clarified.
You will find it less frustrating if you consider that atlassian is operating under the ADPR, or the atlassian data protection regulation. They have their own (and unfortunately very wrong) interpretation of GDPR. However, until there is any jurisprudence, any fool with a keyboard can create their own truth.