The peculiarity in some respects of Scandinavian law seems to come up on this list fairly frequently, but it's usually short on specifics or actual cases. John, do you have any specific references to what you've described as a problem?
Adhering to your interpretation on the possible limits on "private" information would effectively eliminate the abuse filter as a useful tool. I'm having a hard time seeing this as a widespread problem; there can't be many jurisdictions that define public and private in this way, or place such restrictions on what can be done with this data that blocking someone from a private website in another country could be a violation of the law.
To my mind, private data of the sort we need to worry about is not "private" in the sense that it is owned by the Foundation or not publicly viewable, but "private" in the sense that it contains potentially sensitive details of individual editors and readers. Nothing in the abuse filter would seem to change the public availability of this sort of data, and I can hardly see Wikimedia being penalized simply for preventing vandalism instead of reacting to it.
Nathan
On Wed, Mar 25, 2009 at 8:35 AM, John at Darkstar vacuum@jeb.no wrote:
The problem is that something that previously was public (vandal moving the page "George W. Bush" to "moron") will now be private (he get a message that hi isn't allowed to do that), this shifts the context from a public context to a private context. Then the extension do logging of actions done in this private context to another site. Users of this site will then have access to private information. It is not the information _disclosed_ which creates the problem, it is the information _collected_. It seems like the information is legal for "administrative purposes", but as soon as it is used for anything other it creates a lot of problems. For example, if anyone takes actions against an user based on this collected information it could be a violation of local laws. (Imagine collected data being integrated with CU) If such actions must be taken, then the central problems are identification of who has access to the logs and are they in fact accurate. That is something you don't want in a wiki with anonymous contributors! :D
The only solution I see is to avoid all logging of private actions if the actions themselves does not lead to a publication of something. Probably it will be legal to do some statistical analysis to administer the system, but that should limit the possibility of later identification of the involved users.
There are a lot of other problems, but I think most of them are minor to this.
John