On Sat, Aug 9, 2008 at 5:11 PM, Sue Gardner
<sgardner(a)wikimedia.org> wrote:
Gerard Meijssen wrote:
Hoi,
When someone accepts the function to checkuser, he accepts a role that is
clearly with the community. Calling such a person a "third party" is in
my
opinion wrong. The person doing the check user
has accepted the rules
that
allows for executing this function.
Thanks,
GerardM
This is an extremely important point. As you can imagine, it was
challenging for Mike to construct a policy that made it clear that there
are roles in the projects such as checkuser which are inside the
community (and therefore, as per Gerard, not considered 'external'), and
yet whose behaviour is not controlled/controllable by the Foundation.
It's an unusual situation, and we tried to be extremely clear, here:
There's a good reason it's unusual. It's a recipe for disaster. Did you
know that Kelly Martin (alleged "attack site" proprietor) has printed copies
of checkuser results sitting around the house? The privacy policy might
explain how thing are done, but that doesn't mean it's a sane thing to do.
Kelly Martin e-mailed me recently to tell me that, contrary to her
statement at the time to the Ombudsman, she retained my IP address
when she checked me. I have no idea why she decided to tell me now.
But it's definitely another issue that I've not seen anyone discuss --
the extent to which private databases are being retained, and how
legislation covers its handling in different countries. In the UK, for
example, the Data Protection Act may require that the information be
handed over on request, and that the UK chapter (insofar as it's a
separate organization) take steps to ensure that it's not used in a
way that causes damage or distress.