[Foundation-l] Release of squid log data
Sue Gardner
sgardner at wikimedia.org
Sat Sep 15 16:25:56 UTC 2007
Erik Moeller wrote:
> On 9/14/07, Tim Starling <tstarling at wikimedia.org> wrote:
>> For a while now, we've been releasing squid log data, stripped of
>> personally identifying information such as IP addresses, to groups at
>> two universities: Vrije Universiteit and the University of Minnesota. We
>> now have a request pending from a third group, at Universidad Rey Juan
>> Carlos in Spain. They are asking if they can have the full data stream
>> including IP addresses, and they are prepared to sign a confidentiality
>> agreement to get it.
>
> "Wikimedia will not sell or share private information, such as email
> addresses, with third parties, unless you agree to release this
> information, or it is required by law to release the information."
> http://wikimediafoundation.org/wiki/Privacy_policy
>
> Under the current policy I would not support it, even if "private
> information" is somewhat ambiguous: we must err on the side of
> caution.
Yes. The first question is, would providing this data violate the
privacy policy, which protects "private information" - often but not
always assumed to mean personally-identifiable information. If we
consider the squid log data to include potentially
personally-identifiable/private information, then we can't release it
to a third party. Regardless of how much we trust them, or what they
are willing to sign.
If the release does NOT violate the privacy policy, then the question
becomes whether it violates existing community standards & practices.
I don't know the answer to that. But there has been lots of discussion
here, which may suggest there's not a clear consensus view.
IMO we want to help academics and we share lots of their values.. but
it is more important that we protect our own community of
users/contributors. So we want to err on that side.
>
> I might support a research exemption clause in future versions of the
> policy _if_ a compelling case can be made that such an exemption is
> needed, and that no alternative research method would produce results
> of approximately the same quality. So far no such case has been made.
Yes. Regardless, that would apply on a going-forward basis only; we
obviously could not change the terms of use
retroactively/non-consensually.
>
> Whatever we do, it is crucial that we make it clear to our users
> through our privacy policy what is going on. In that spirit, I would
> also appreciate it if the privacy policy could be updated to describe
> the existing agreements with universities, and the work that is being
> done on the toolserver.
More information about the foundation-l
mailing list