On Mon, Jun 23, 2008 at 4:16 PM, Thomas Dalton thomas.dalton@gmail.com wrote:
2008/6/23 Mike Godwin mgodwin@wikimedia.org:
but there is no question that the document has to function both as a statement of binding policy and as an educational document. Attempting to separate one from the other is asking for trouble down the line.
There is question - I question it. Policy and documentation are very different things. Trying to combine the two is very difficult and, in my opinion, doomed to failure for the reasons already given.
I have to agree with Mike here that a (good) privacy policy has to function "both as a statement of binding policy and as an educational document" (ignoring the part about whether or not there's "no question").
In fact, I'd say the *primary* purpose of a privacy policy is as an educational document. If all the organization wants to do is bind itself to something, a private board resolution would suffice. I think Mike should be applauded for trying to create an educational document rather than a bunch of legalese.
(I guess in some jurisdictions privacy policies are legally required so maybe the purpose could be to fulfill a legal requirement. Or maybe the purpose could be to keep browsers from popping up warnings about the lack of a privacy policy. But still, the base reason is that the public has an ethical right to know these things - a right to be educated.)
We considered for a while separating the current policy into a statement of policy and an FAQ. That would have "solved" the length problem, more or less, but it also would create a problem, since the FAQ itself would have functioned as a legally binding public promise as well. In other words, it would have seemed to be more elegant but would have raised potentially more legal problems, especially to the extent that the public relied on representations in the FAQ rather than in the policy statement proper.
I guess that depends on how well you write it. The policy should describe what the WMF commits to doing, the FAQ should explain why.
Why couldn't the FAQ *be* the current draft policy? Then all that's needed is a summary, which becomes the "privacy policy". And then it isn't a problem if the FAQ is legally binding, because it commits the WMF to no more than the WMF was going to commit to anyway. Or if you don't want to call it a FAQ, because it's not in standard FAQ format, call it "privacy policy (long version)" and "privacy policy (short version)".
Or would it take too much time and effort (also read: cost) to come up with a Godwin-approved shortened privacy policy? That's the only argument I can see against it, since Mike has already seemed to agree it's possible to have a shorter "statement of policy".
Just brainstorming a solution that maybe can solve both points of view. Feel free to ignore me, or not.
Legality aside, we're telling you, as real people, that this policy simply will not work. It doesn't matter how prudent it is, if it doesn't work, it's useless.
I certainly don't agree that it's "useless". A privacy policy is never going to make particularly fun reading material. A shorter policy would probably be more useful, not to mention more educational, but a long policy isn't "useless".
This said, I've had to skim the new draft rather than read it in depth. I'll probably get to that later. Sorry, Florence, non-ideal world and all that.