[Foundation-l] Data retention

Thomas Dalton thomas.dalton at gmail.com
Sat Sep 20 13:15:45 UTC 2008


> I didn't ask if it I applied, I asked how it applied.  Maybe I should have
> said "in what way" instead of "how"?
>
> One question would be, if a "troll hunter" breaks the privacy policy, who
> would you sue?  The "troll hunter"?  The WMF?  Surely the public can't sue
> the "troll hunter" directly, as the privacy policy is only binding on the
> WMF.  But surely the WMF would argue that it isn't responsible for the
> actions of its CheckUsers if it did get sued.

I don't know, ask a lawyer. The privacy policy certainly applies to
checkusers, though, otherwise we wouldn't have an ombudsman to deal
with complaints of checkusers violating it.

> Another question would be, what restrictions are there on retaining
> CheckUser results?  I don't see any.

There are restrictions on who the information can be distributed to,
I'm not sure on the exact definition of "distribute" but letting other
people use your computer when the information is stored on it may
qualify (the policy warns that anyone with access to the servers can
access the information, it doesn't warn that anyone with access to a
checkuser's personal computer can access it). There may also be issues
where the WMF no longer has the information so people start
subpoenaing individual checkusers - would they then be bound by the
WMF's commitments regarding subpoenas? (They are only in the draft
policy, not the current one, but I'm sure the draft one will become
current sooner or later.) I don't know how it would all work, but it's
something that needs to be considered carefully. I would advise
against any checkuser storing such data without having discussed it
with Mike.




More information about the wikimedia-l mailing list