[Foundation-l] Note regarding status of privacy policy

elisabeth bauer eflebeth at googlemail.com
Sat Aug 9 15:46:41 UTC 2008


2008/8/8 Michael Snow <wikipedia at verizon.net>:

> The board intends to vote on this version, but before we do, I wanted to
> provide one last opportunity for your feedback.

Thank you for the reminder :-)

My thoughts on the draft:
* length & style: it can be shortened and it should be shortened.
there's a lot of redundancy in it. My favorite "publishers publicly
puplish in a public act" paragraph for example:
"Anyone with Internet access (and not otherwise restricted from doing
so) may edit the publicly editable pages of these sites with or
without logging in as a registered user. By doing this, editors create
a published document, and a public record of every word added,
subtracted, or changed. This is a public act, and editors are
identified publicly as the author of such changes. All contributions
made to a Project, and all publicly available information about those
contributions, are irrevocably licensed and may be freely copied,
quoted, reused and adapted by third parties with few restrictions."

Translated by amateurs as we usually do, it will read in other
languages absolutely ridiculous (and not very comprehensible).

* Contradicition
In the introduction I read "In general, this Policy only applies to
private information stored or held by the Foundation which is not
publicly available." but in the following the policy deals extensively
with public contributions, public discussions, public postings to
public mailing lists etc (possible solution: deal with everything
public in the "scope" paragraph)

* commitments
A privacy poliy is a commitment. Lawyers may love the phrase "include
but is not limited to" which I find several times in the policy but it
does nothing to assure the reader. As a reader and user of the
wikimedia projects, I would prefer a privacy policy which gives a
commitment of some sort to _not_ give access to my private information
to any random person. This refers to this:
" Other users who may have access to private identifiable information
include, but are not limited to, users who have access to OTRS, or to
the CheckUser and Oversight functions, users elected by project
communities to serve as stewards or Arbitrators, Wikimedia Foundation
employees, trustees, appointees, and contractors and agents employed
by the Foundation, and developers and others with high levels of
server access."

the question of access leads me to the next point; I read a few
privacy policies for comparison and I found something I really liked
as informative in one: a mention of where all these private
informations are stored, bluntly spoken: which country can confiscate
the servers. Including this will obviously requiring the privacy
policy each time a server farm is founded in a new country but this
isn't necessarily a bad thing.

*to have access and to access
While the policy deals at length with who has access it is very silent
about when all these persons are allowed to access my data and
actually access my data. The only thing somehow related to this was
"As a general principle, the access to, and retention of, personally
identifiable data in all projects should be minimal and should be used
only internally to serve the well-being of the projects." which is
somehow a bit vague. Who defines what is well-being? How is this
controlled? Who does guarantee that a nosy checkuser doesn't just look
up my user information, revealing my employer,  the wikipedia user
name of my boyfriend and other friends just for fun? How would I even
know?

Wikimedia has a wonderful institution called ombudsmen commission -
might be an idea to mention it in the privacy policy. It might also be
an idea to establish a right for users to be informed on request if
they were checkusered.

* now for the disclaimer...
okay, disclaimers are legally a sensible thing. "We try to do our best
and if this isn't enough..." We recently had in the german Wikipedia a
discussion about individual user rankings. One person used the current
privacy poliy to argue that the Wikimedia foundation approved such
statistics because it said they were possible. While this dispute
concerned fairly trivial rankings of aggregated nr. of edits, blocks
etc. it is possible to do much worse with the public data. Bot created
user profiles with interests, hobbies, living rhythm, estimated
timezone. Network analysis with the users position in the community.

While the Wikimedia Foundation can't legally prevent any third parties
from generating and publishing such informations, it can do two
things:
* it can issue a policy for these cases for the Wikimedia projects
* it can issue recommendations for third parties, for example to
anonymize user names in research publications.

greetings,
elian



More information about the foundation-l mailing list