Hi Raul and Dimi,

Thanks for raising this issue. As you know, we’re constantly monitoring developments on the GDPR and other laws and policies that could affect the projects. We’re concerned about efforts to remove biographical information from the projects, as Raul describes, or attempts to make it more difficult to find such information.

For instance, the French Data Protection Authority, the Commission Nationale de l’Informatique et des Libertés (CNIL) has recently ordered that Google’s Right to be Forgotten delistings be made on all domains globally. Google had offered to delist results from all domains when the person making the search was located in the same country as the person who made the RTBF request. However, the CNIL rejected this suggestion, and ordered that delisting uniformly take place across all domains.

Any action that could potentially make it harder for users around the world to find project content causes us concern. We understand that there may be times when someone wants changes made to the projects, but we believe that in those cases, three factors should come into play:

Community Decision-making. The communities create and upload content for the projects. They should determine what belongs on the projects, and make decisions about what information may be irrelevant or outdated. If someone has concerns about information on the projects, we encourage them to work with the communities to find a solution. Simply delisting articles from search results, or demanding that we remove information from the projects not only threatens free expression and free access to information, but also attempts to bypass the communities’ involvement.

Transparency & Due Process. Efforts to remove or affect access to information should be done in the open, with transparency and due process afforded all parties affected. If authors and publishers are not given a chance to express their opinions, or appeal decisions to delist or remove information, their voices are effectively silenced.

Courts, Not Companies. If any external bodies, who are not part of the communities, are granted the authority to affect access to information on the projects, they should be neutral courts, not tech companies. Companies may choose to delist or remove information in order to avoid a lawsuit, because they may not be concerned first and foremost with freedom of expression and access to knowledge. Only courts should have the power to make decisions of this importance.

We post the delisting notices we receive, so that members of our communities can be aware when access to their work is affected. Some of the articles that have been delisted are very broad and include a lot of information, such as this lengthy German Wikipedia article about scientific fraud from Galileo’s time to present day; or deal with issues of public concern, such as this English Wikipedia article about a 2007 court case and this French Wikipedia article about a political scandal involving arms dealing.

Not all search engines send these notices, so the page is very likely incomplete. If anyone becomes aware of delisted articles that are not indicated on this page, please let us know!

As preparations are made for the GDPR to come into force in 2018, we hope to encourage decision-makers and the yet to be established European Data Protection Board to keep these values in mind: the importance of community/creator input; upholding transparency and due process; and entrusting courts, and not companies, to make decisions that affect access to knowledge.

Best,

Jan

==

Jan Gerlach
Public Policy Manager
Wikimedia Foundation
149 New Montgomery Street, 6th Floor
San Francisco, CA 94105
jgerlach@wikimedia.org

On Thu, Apr 21, 2016 at 6:07 AM, Dimitar Parvanov Dimitrov <dimitar.parvanov.dimitrov@gmail.com> wrote:

Hi Raul,

I'll try to provide a thorough analysis (to be honest I have only about a quarter read the final text), but generally speaking there's nothing to get really worried about. I expect we'll keep having mostly the same problems/discussions, revolving around what is public and necessary personal information.

Talking of data protection, the thing that worries me most is the fact that we're publishing IP addresses of unregistered editors.

Cheers,
Dimi

2016-04-15 19:03 GMT+02:00 Raul Veede <raul.veede@gmail.com>:
Sorry, I have been up to my ears in FoP, so I haven't been able to analyze recently passed General Data Protection Regulation closely. Is there any estimation on the final version, to which extent might it influence the flow of request to Wikipedia about erasing personal data?

http://www.europarl.europa.eu/news/en/news-room/20160407IPR21776/Data-protection-reform-Parliament-approves-new-rules-fit-for-the-digital-era

I mean, we are definitely in the business of gathering and sharing people's personal data in biographical articles (incl. exporting it to non-EU countries via Wikipedia), so - any new legal risks? Most comments only mention companies but I'm sure it also concerns NCOs as collateral damage (as usual).

I recall at least one case a couple of years ago when someone had contacted Estonian Data Protection Agency which sent WMEE a rather unofficial letter suggesting to comply. I pulled a half-Godwin on them (stating and demonstrating they're incompetent, though not publicly; probably should have, for educational value). Nothing followed. But I suspect this directive would acquire the same influence on such cases as full moon has in Arkham Asylum.

Raul

_______________________________________________
Publicpolicy mailing list
Publicpolicy@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/publicpolicy

_______________________________________________
Publicpolicy mailing list
Publicpolicy@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/publicpolicy