Talk:Access to nonpublic personal data policy: Difference between revisions

Archives 2013⧼tpt-languages-separator⧽2014⧼tpt-languages-separator⧽2015⧼tpt-languages-separator⧽2016⧼tpt-languages-separator⧽2017 2018⧼tpt-languages-separator⧽2019⧼tpt-languages-separator⧽2020

Question

How do you provide contact and identification information now? I remember used to you could send a copy of an ID. Thanks. Bobherry (talk) 13:47, 23 October 2017 (UTC) {{helpme}}

No, that is not needed now. For example as an OTRS member (now former) at the moment when I became one I just needed to email my name and whether I am a major, and when the new policy was put in place I had to sign phab:L4 and phab:L32 and that's it, the action on Phab was all I needed. I believe nothing has changed since (at least not as of May when I still had OTRS access). --Base (talk) 10:50, 25 October 2017 (UTC)

@Base: Thanks. I signed phab:L4 the other day and I am just waiting for it to go through. I am working to get on the request an account team. Thanks again. Bobherry (talk) 13:33, 25 October 2017 (UTC)

Identification

The big blue box at the start of the page says "Provide contact and identification information", and links to a section titled "Identification", but that section does not exist. Does an identification requirement currently exist for holding advanced permissions? If so, it isn't enforced. Can this wording be changed or removed? – Ajraddatz (talk) 08:34, 12 November 2017 (UTC)

See Talk:Access to nonpublic information policy/Noticeboard#Identification. From what I understand, you sign your name and then are added to the noticeboard. No additional identification is required. Would be great to hear confirmation. --Eurodyne (talk) 08:53, 12 November 2017 (UTC)

Ah yes. Incidentally enough, I came here after noticing out of date text on enwiki regarding identification. But when I go here, I found that the outdated text remains here as well. Hopefully the WMF can clarify a bit! – Ajraddatz (talk) 09:24, 12 November 2017 (UTC)

The requirement of identification was removed from this policy in April 2014. What is left is that users need to give their email address (can be under a pseudonym), "certify" that they're of age (accepted as AGF) and provide a signature that can be also made with a pseudonym. The blue box has not been updated regarding the "identifcation information" and twice refers to it, which is very misleading in my opinion. Could it please be updated to better represent the actual policy? -kyykaarme (talk) 10:32, 9 December 2018 (UTC)

I updated it myself three months ago. kyykaarme (talk) 21:34, 23 June 2021 (UTC)

Reference to the authentic text of this document

Hi. I miss, like it happens with other Foundation policies, a mention about the "authentic language" of this document. In this case the authentic text of this document is the one written in English, and differences between the English text and its translations should be solved in favor of the English version. As such a note like in the wmf:Terms of Use (In the event of any differences in meaning between the original English version and a translation, the original English version takes precedence.) could be added, just in case. Thanks. —MarcoAurelio (talk) 18:16, 27 November 2018 (UTC)

Sets of nonpublic personal data

This policy targets nonpublic personal data from OTRS, CheckUser, email response teams like ArbComs, and possibly other sets. This is written as a broad policy.

Some weirdness has crept into the wiki community without documentation. At some point in the past WMF staffers permitted the registration of Wikimedia user groups to be a nonpublic personal data issue. I am not sure why this happened or if the staffers were even conscious of what they were doing. AffCom was a part of this but seemingly acting at the behest of staff.

Over at Wikimedia Foundation bylaws/December 2018 - Affiliate-selected trustees, term limits, and diversity there is the proposal that user groups should get some powerful voting rights. That could be okay, but if that were so, I wish that the registration and governance of user groups would shift from being nonpublic personal data to being on-wiki in the usual way. The implication is the new power to user groups would give voting rights to individuals who would vote behind this nonpublic personal data policy, instead of making themselves known as Wikimedia account users. In all previous Wikimedia elections most votes come from people with Wikimedia accounts, sometimes from IP users, and never from people who were neither account holders or IP editors. Blue Rasberry (talk) 15:01, 11 December 2018 (UTC)

(iv) authorized parties, with the express permission of the user whose nonpublic information is to be disclosed

I am a little confused about 1/ what is meant by "authorized parties" in this context and 2/ why it is thought necessary to inform the Foundation in advance --or inform the Foundation at all--when the person whose data is being disclosed consents that it be released — The preceding unsigned comment was added by DGG (talk)

How do I sign?

I have tried loading this page in both of my browsers: Opera 12 and Opera 55 as well as via mobile but I can't see where to sign. The 'submit' button is just text. Am I missing something? Xania (talk) 04:15, 18 January 2019 (UTC)

Did you follow the steps at [ https://meta.wikimedia.org/wiki/Confidentiality_agreement_for_nonpublic_information/How_to_sign ]? --Guy Macon (talk) 22:49, 19 September 2020 (UTC)

How long does it take to process?

Hello! I'm interested in becoming involved with Account Creation over and en-wp and signed the agreement a couple months ago. I was wondering how long it takes for things to be processed, as I don't actually see my username on the noticeboard yet. Cheers, Cymru.lass (talk) 17:26, 23 January 2019 (UTC)

Hello Cymru.lass. I don't have access to the signatures so I cannot check (currently it looks like Samuel (WMF) is the one taking care of this). Please nonetheless make sure you've signed the updated Confidentiality Agreement (a.k.a. L37) because this policy was updated in November and they ain't adding people to this board who hasn't signed the updated NDA. Hope that it helps. Best regards, —MarcoAurelio (talk) 14:09, 24 January 2019 (UTC)

Link to other languages on left

Hi. Today I clicked on languages on the side bar (left side of the page) it goes to google chrome page. I even liked on English it went to google chrome page. Is this my problem (that I don't think so) or the links. Please check. Thanks.Gharouni 23:34, 31 October 2019 (UTC)

Okay, that's weird. You are correct, I am getting the same result, taking me to w:en:Chrome OS when clicking on "English", and the same article in other languages when clicking on other languages. No idea how that would be happening. Risker (talk) 01:18, 1 November 2019 (UTC)

@Gharouni and Risker: d:Special:Diff/1030549859 was the offending edit. Undoing. — regards, Revi 01:20, 1 November 2019 (UTC)

And restored to the original state. — regards, Revi 01:21, 1 November 2019 (UTC)

OTRS agreement

At the bottom of the text, a link is made to the "OTRS confidentiality agreement". Following that link leads to a statement that the OTRS agreement is withdrawn, apparently since 2015. Can somebody correct the link so it leads to the current OTRS agreement-if any exists? Thanks, Ellywa (talk) 22:28, 14 February 2020 (UTC)

I can't see any link to OTRS/Confidentiality agreement on this page. Stryn (talk) 07:42, 15 February 2020 (UTC)

I don't see such a link here either. Ellywa,

• the Wikimedia Foundation requires OTRS volunteers to agree to https://phabricator.wikimedia.org/L45, which is the OTRS version of https://phabricator.wikimedia.org/L37 (same content). This is the Confidentiality Agreement discussed in section 3(c) of the access to nonpublic personal data policy ("To ensure that community members with access rights understand and commit to keeping the Nonpublic Personal Data confidential, they will be required to read and certify that they agree to a short Confidentiality Agreement [...]"). OTRS access cannot be granted to volunteers unless they sign this agreement.
• Meanwhile, OTRS/Confidentiality agreement was intended as an additional OTRS-specific agreement (hereinafter: the "volunteer agreement"), authored and to be enforced not by the Wikimedia Foundation but by the group of volunteers managing OTRS access rights (the OTRS administrators). It was withdrawn many years ago. The idea was that when signing the Wikimedia Foundation confidentiality agreement discussed in the preceding paragraph, OTRS agents would in addition be asked to state their agreement with the volunteer agreement ("By typing your name below, clicking the check box, and clicking the 'Sign Document' ('Sign Document') button below, you acknowledge that you have reviewed and agree both to this confidentiality agreement between you and the Wikimedia Foundation as well as the OTRS confidentiality agreement."). I'm not sure why this language is still in Confidentiality agreement for nonpublic information, which is supposed to be the "Wiki copy" of the Phabricator document (maybe that is where you saw it?). Either the Phabricator interface was changed at some point to reflect the withdrawal of the volunteer agreement and the Wiki page was not updated, or the Phabricator interface in fact still asks new volunteers for that. So something probably needs updating ... Materially, however, it makes no difference since, as I said, a separate volunteer agreement no longer exists.

— Pajz (talk) 19:24, 15 February 2020 (UTC)

Thank you for your explanation. I made a mistake, the link to the OTRS agreement I saw indeed on the page you mentioned: Confidentiality agreement for nonpublic information. Should that link be removed there?

Regarding the OTRS agreement, I was actually looking for my obligation, as an OTRS volunteer, to ensure all content I am uploading to Commons through the permission queues, or all content on Commons which I happen to see, is according to the copyright policies of Commons. I thought this obligation existed, and I wanted it to show it to somebody asking for my help. Ellywa (talk) 12:23, 16 February 2020 (UTC)

Signing Constraint

Who else has experienced this problem with signing the agreement in which the submit button is a text that literally cannot be clicked? I see Xania also experienced this problem & voiced out but did not receive a reply. This is a humble plea; please if you are reading this & are knowledgeable about this kind of problems what do you think could be the cause of this? I have used multiple browsers but the problem is still there. Could this be an overlooked error? Or are there pre-requisites one must attend to before signing this document? Celestina007 (talk) 13:49, 15 April 2020 (UTC)

Did you follow the steps at [ https://meta.wikimedia.org/wiki/Confidentiality_agreement_for_nonpublic_information/How_to_sign ]? --Guy Macon (talk) 22:49, 19 September 2020 (UTC)

Clarification of the ANPDP

Hi all, posting this on behalf of the Legal team here at the Foundation:

In June 2021, the Legal team encountered an ambiguity with the application of this Access to Non-public Data Policy (ANPDP) for information about which checkusers have run certain checks. We want to clarify that this information typically is confidential under the ANPDP unless local project policy requires checkusers to make it public. ANPDP applies to information that requires a special tool such as checkuser to access. This means that if a person must sign this policy and be given a special role to see personal information such as who ran which checks on an account, that information should remain confidential.

However, local project policy is allowed to require people to disclose data about themselves publicly as part of holding special roles, which could make this information public. For example, a local language policy that requires checkusers to post what checks they run publicly would be permitted and would make that data public and no longer covered by ANPDP. Local policy may NOT require disclosure of another's personal information. For example, a local policy could not obligate checkusers to reveal the result of a check or to post checks run by other users. Kbrown (WMF) (talk) 15:24, 21 June 2021 (UTC)

Policy adjustment on behalf of Legal

Introduction

Due to a need to better protect our community, the Foundation is initiating a policy adjustment that suspends Foundation volunteer NDA recognition to applicants who live in jurisdictions that have blocked access to Wikimedia projects and where there is reason to believe that their domicile associated with their user account is known to others than the individual applicant(s) and the Foundation. This means that all NDA-based access granted to users fulfilling both criteria in the change shall be revoked immediately. Nothing changes for users not fulfilling both criteria.

Can exceptions be granted?

There are some exceptions that may be granted on an individual basis and following a request for review submitted to the Legal department. However, the Foundation recognizes that granting such NDA-based access will put applicants as well as other volunteers relying on the Foundation’s platform at undue risk and will only grant exceptions due to extraordinary need if safety of volunteers is reasonably certain.

When is the policy adjustment effective?

All NDA-based access granted to users who do not meet the new criteria of the adjusted policy is revoked immediately. While we wish we could have pre-announced this change, unfortunately doing so could itself lead to the exploitation of the security gap we are attempting to address to preserve user safety.

Will the policy adjustment be reviewed?

This policy adjustment may be reviewed in future depending on the safety of the community at large.--WMFOffice (talk) 18:02, 23 August 2021 (UTC)

@WMFOffice: Please announce the list of those jurisdictions, so that users based in those jurisdictions can decide not to apply for becoming VRT agents in the first place. 4nn1l2 (talk) 12:38, 24 August 2021 (UTC)

@WMFOffice: Since this is a change to the existing agreement, I would suggest mass-messaging everyone on the current signatory list. GeneralNotability (talk) 19:03, 24 August 2021 (UTC)

Hi everyone. We would like to provide some follow up from the Foundation Legal team regarding the updated policy.

NDA Policy Change

We are extremely grateful for the comments, encouragement and questions that we have received with regards to the NDA policy change. Indeed, keeping the community safe and vibrant is our collective responsibility. We want to acknowledge and appreciate your support and understanding in these unprecedented times.

Background on the NDA Policy Change

As a measure taken to protect the community, the Foundation suspended volunteer NDA access to applicants who live in jurisdictions that have blocked access to Wikimedia projects (currently or recently) and where there was reason to believe that the identity of the individuals using the accounts is known (or easily discoverable by) actors in those regions..

This was necessitated by recent world events, triggered by credible information about a more focused security threat to the Wikimedia community that placed multiple users at risk. The users who were at risk then, and who are still at risk now, are physically located in the jurisdictions we earlier identified.

Before initiating this policy change, the Foundation evaluated several options and strategies to keep these users and the community safe. To help us identify the credibility of the threat and in order to come up with the best course of action to take, the Foundation contracted a security consultant firm that evaluated the threat, authenticated its credibility, and advised immediate action to be taken to keep multiple users safe and reduce the exposure to harm.

While we wish we could have pre-announced this change, doing so could have led to the exploitation of the security threat that the Foundation was attempting to address in order to ensure user safety.

Progress on the NDA Policy Change

At the moment, all NDA-based access granted to users who do not meet the new criteria of the adjusted policy has been suspended. The Foundation may be granting some exceptions on an individual basis after an application for review is submitted to the Legal department.

However, exceptions will be extremely unusual at this time, as granting such NDA-based access may put not only applicants but also other volunteers relying on the Foundation’s platform at undue risk. Therefore, the Foundation is only granting exceptions that have an extraordinary need and if the safety of the volunteers (both the applicant and other users) seems highly secure. Before you apply for the exemption, the Foundation encourages you to bear in mind not only your security, but also that of the community at large. Keeping people safe is key.

Currently, the policy change covers all Wikimedia projects. It is our hope that we will be able to safely review this in future - always mindful of the security of the individuals and the community at large.

During the month of September, the Foundation will work within community processes to remove permissions under the adjusted NDA policy from accounts that can no longer hold those permissions and whose owners have not stepped down voluntarily. Again, we reiterate that this is for the safety of the entire community. -Jrogers (WMF) (talk) 15:39, 31 August 2021 (UTC)

@Jrogers (WMF), NahidSultan (WMF), JSutherland (WMF), and WMFOffice: For clarfication:

1. What does "live in" mean? Does this mean a steward must be temporary deflagged if they visit Mainland China? What about those who stayed in Mainland China for some time, such as one week or one month?
2. Does it affect users from Hong Kong? Wikipedia is currently not blocked there, but one may argue they will be affected by the national security law.
3. Does it affect users from Turkey or Venezuela? What about Iran?
4. What about mainland Chinese citizens living abroad?

--GZWDer (talk) 17:38, 31 August 2021 (UTC)

@Jrogers (WMF):So now will these account be global lock in order to that them "voluntarily" resigned? Jonathan5566 (talk) 11:57, 1 September 2021 (UTC)

Yes, we are all locked until "voluntarily" resign to get back our account back Mard (talk) 12:06, 1 September 2021 (UTC)