storing the
geolocation of every reader request is not within
the letter or the spirit of the Foundation's privacy policy,
which explicitly requires consent for the use of geolocation
No, this is not correct. The reasons why this statement is
incorrect have already been discussed in the already mentioned thread.
The only such discussion I see on the analytics list is:
The privacy policy talks about client side geo
location to offer you
geo-specific features on the client side, which is an entirely different
topic of what we are taking about here. IP addresses are going to be
sent via HTTP regardless with your request and the geo location we
do (to be able to report for example pages per country, one of the
reports most sought after by our community) has nothing to do with
geolocated features.
On the contrary, all geolocation services, processing, and logging
is performed on Foundation servers, not client equipment. Every
reader's request is currently being geolocated without regard to
whether consent has been asked or obtained. If readers' refuse
consent for their GPS information to be used (which is the only
consent we ask even though the Privacy Policy says we require
consent to use any geolocation) we store their IP addresses in
the clear with their associated geolocation anyway, and make
them available to several external researchers at Stanford, the
École polytechnique fédérale de Lausanne, and the Leibniz
Institute for the Social Sciences.