[Foundation-l] Note regarding status of privacy policy

Sue Gardner sgardner at wikimedia.org
Sat Aug 9 21:11:08 UTC 2008 

Gerard Meijssen wrote:
> Hoi,
> When someone accepts the function to checkuser, he accepts a role that is
> clearly with the community. Calling such a person a  "third party" is in my
> opinion wrong. The person doing the check user has accepted the rules that
> allows for executing this function.
> Thanks,
>       GerardM


This is an extremely important point. As you can imagine, it was 
challenging for Mike to construct a policy that made it clear that there 
are roles in the projects such as checkuser which are inside the 
community (and therefore, as per Gerard, not considered 'external'), and 
yet whose behaviour is not controlled/controllable by the Foundation.

It's an unusual situation, and we tried to be extremely clear, here:

"Projects are primarily run by volunteer contributors. Some dedicated 
users are chosen by the community to be given privileged access. For 
example, for an English Wikipedia user, user access levels to Wikipedia 
are determined by the user's presence in various 'user groups'.

Other users who may have access to private identifiable information 
include, but are not limited to, users who have access to OTRS, or to 
the CheckUser and Oversight functions, users elected by project 
communities to serve as stewards or Arbitrators, Wikimedia Foundation 
employees, trustees, appointees, and contractors and agents employed by 
the Foundation, and developers and others with high levels of server access.

Access to and publication of this information is governed by the Access 
to nonpublic data policy, as well as specific policies covering some of 
the functions in question. Sharing information with other privileged 
users is not considered "distribution.""


> 
> On Sat, Aug 9, 2008 at 9:11 PM, Anthony <wikimail at inbox.org> wrote:
> 
>> On Thu, Aug 7, 2008 at 10:37 PM, Michael Snow <wikipedia at verizon.net>
>> wrote:
>>
>>> If you see something in this last draft that strikes you as a
>>> dealbreaker: that is potentially misleading or seriously problematic for
>>> any reason, please send me or Mike a note. If we don't hear anything
>>> within a week, I will ask the board to vote on the current version for
>>> formal adoption.
>>>
>> It seems okay as a descriptive document.  I wish there were stricter and
>> more explicit limits on what can be collected and for how long it can be
>> kept, but that's probably not going to happen.  Specifically, I'd like to
>> see a commitment to throw away the IP address and username information
>> after
>> a definite period of time, maybe 30 days.
>>
>> On a separate point, I disagree with Jon that "disclosure, not checking, is
>> governed by the privacy policy".  There is essentially no difference
>> between
>> disclosure and checking when the people doing the checking are not agents
>> of
>> the foundation.  Checkusers are, for the most part, *third parties*, so
>> giving them access to private information *is* disclosure to third parties.
>> Maybe the privacy policy can (or is) worded in a way to get around that
>> fact, but it shouldn't be.
>> _______________________________________________
>> foundation-l mailing list
>> foundation-l at lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>>
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

More information about the foundation-l mailing list