Talk:Draft Privacy Policy June 19 2008

From Meta, a Wikimedia project coordination wiki

Comment[edit]

Short comment, only reflecting the most important issues. A more verbose comment, which still applies can be found at the previous draft Talk:Draft_Privacy_Policy_June_2008#Comment.

Section "Access and release of personally identifiable information"

Text in draft:

"5. Where the user has been vandalizing articles or persistently behaving in a disruptive way, data may be released to a service provider, carrier, or other third-party entity to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers."``

I find "third party entity" is somewhat fuzzy. I read this as official or semi official places outside the Wikimeda Foundation projects, as schools or universities. I would prefer to name more directly, who is meant by "third party entity" and to specify more clearly, that this paragraph refers to wiki-outside entities, not to wiki-administrators or users without CheckUser privileges or comparable status.

There have been many discussions, where to draw a borderline concerning "Vandalism". It should be noted, that the vandalism / project disruption must be of a certain severeness, before a release of data can be considered.

Section "Purpose of the collection of private information?"
" For example, when investigating abuse of a wiki, including the suspected use of malicious “sockpuppets” (duplicate accounts), vandalism, harassment of other users, or disruption of the wiki, the IP addresses of users, derived either from those logs or from records in the database may be used to identify the source(s) of the abusive behavior. This information may be shared by users with administrative authority who are charged by their communities with protecting the projects."

I assume that "users with administrative authority who are charged by their communities with protecting the project" refers to ArbCom-Members, CheckUsers or Stewards performing CheckUser, who have identified themselves to the Wikimedia Foundation and that it not refers to "standard" administrators, who have not identified themselves to the Wikimedia Foundation. This should be worded more clearly:

This information may be shared by users with administrative authority who are charged by their communities with protecting the projects and are authorized by the Wikimedia Foundation (for example, CheckUsers or Stewards).

If the intention of this paragraph is that IP information should also be given out to other administrators, the policy should take into consideration the individual amount of private information that is represented by the IP-adress. It could be non-informative (open proxy, large provider) but also very specific (company-IP, or even IP that allows to identify a specific person). Also the amount of project-disruption should be considered. IP-Information can be abused also by trusted members of the comunities. Therefore, persons that such information is shared with should by liable (i. e. at least identifiable by the foundation) and therefore, the circle of persons with whom the data is shared should be restricted.

All in all I do encourage to implement the proposed changes and rather to delay the voting on the policy than not adressing the issues named. --Hei ber 21:23, 21 June 2008 (UTC)[reply]

Conflating policy, intent, and background[edit]

The current policy combines policy, motivational intent and exampl use cases for clarification, and basic background information for novice internet or computer users which is better described at langth in articles devoted to each specific technical topics. This hides the parts of policy that are special to Wikimedia.

I would prefer to see these three classes of information separated, with a policy document that is as short as possible, and combined appendix of use cases and clarifications that can be explicitly tied to the policy doc, if the desire is to ensure one is always transmitted with the other. 18.85.47.60 21:43, 23 June 2008 (UTC)[reply]


Policy is vague; important details missing[edit]

While this is now a very long policy, it is short on details and important substance, including

  • What sorts of anonymized statistics can be gathered from readership and other data? There are many classes of data bundling that would be useful for research, site usage/community assessment, and even for effectively designing reader/editor feedback polls to improve the utility of the site to different audiences and in diferent languages.
  • Whether and how one can see how one's data is being aggregated or used -- if there is data released due to a subpoena or checkuser or other action, can one see that this has taken place?
  • To what degree privacy extends to information that has been knowingly shared on the site and later removed? Can one expect oversighted removal of one's own personal information if others add it? If one adds it oneself? revision deletion of one's own contributions to userspace underthe "right to leave"? Or is this up to each project to decide?

18.85.47.60 21:48, 23 June 2008 (UTC)[reply]

New Draft is available now[edit]

Mike Godwin has reviewed the Nathan-SJ draft and adopted itas the new draft. The new draft is now replacing the old draft which can be found on Draft_Privacy_Policy_June_19_2008, and is now open for further discussion.

Priviledged Access - Section "Access to and release of personally identifiable information"[edit]

"Some dedicated users are chosen by the community to be given privileged access and greater authority to govern these projects. For example, as an English Wikipedia user, access levels to Wikipedia is determined by users' presence in various 'user groups'.[...]
Sharing information with other privileged users is not considered "distribution.""

This might be taken that private information gained from logs might be shared with users with any priviledge, like "create accounts" or "rollback". It is very important to clarify, if private data may or must not be shared with administrators (or any other user in a user group that is listed at [access levels]). I think that this information must only be shared with users of the same priviledge "level", but this is not explicitely formulated in this paragraph. I would prefer to have this worded in a more direct way. As stated above, private information should only be shared with users, who are authorized by the Wikimedia Foundation and who have themselves identified to the foundation. --Hei ber 21:59, 25 June 2008 (UTC)[reply]

I'd suggest modifying "same privilege" to "same privilege or other privilege granting potentially greater access". This would account for specific exceptions such as Stewards, who might not be oversight or checkuser at any given time, but certainly could grant themselves such tools in the event they it's needed. This would also allow for the potential of "global checkusers", which would be a greater yet different permission, disregarding the potential of such a usergroup to exist through consensus. Since we're clarifying. ~Kylu (u|t) 05:43, 26 June 2008 (UTC)[reply]

Last round of feedback[edit]

We're checking for any additional comments before this is formally submitted to the board for approval. --Michael Snow 04:32, 9 August 2008 (UTC)[reply]

Private data access[edit]

I disagree with "This information may be shared by users with administrative authority who are charged by their communities with protecting the projects." I've seen enough administrators's bad behavior to think private information should be kept only to users with Checkuser status. Also proceedings to elect administrators are less strict than those for Checkusers.--Pediboi 23:59, 23 August 2008 (UTC)[reply]

Note that use of CheckUser is also governed by CheckUser policy (not just the privacy policy).  — Mike.lifeguard | @en.wb 00:24, 24 August 2008 (UTC)[reply]