[Foundation-l] New draft of privacy policy (urgent)

Mike Godwin mgodwin at wikimedia.org
Mon Jun 23 19:53:11 UTC 2008 

Ryan writes:

> I noticed that it doesn't mention anywhere the possibility that the  
> policy
> may be altered in the future.  Most sites, including Yahoo and  
> Google, do
> so.  Is this omission accidental or deliberate?  Is such a mention  
> either
> necessary or encouraged legally?

It's deliberate.  Almost all commercial sites allow themselves to  
change privacy policy unilaterally and without notice. That's not our  
practice -- we take pains to let the community (both editors and the  
larger community of users) know what we're doing before we do it, and  
we seek feedback.

> In general, I agree with others that the policy might be worth  
> splitting
> up.  But if it isn't, I think it should be pruned.  For example, I'm  
> looking
> at Section VIII, Point C.  Why in the world is it necessary in a  
> privacy
> policy to specifically mention "badly-behaved web spiders" as a  
> possible
> reason for examining log data?

I think the idea here is to suggest a specific example that promotes  
better understanding than a categorical generalization might.

> The mention of IRC is strange.  IRC is not a Wikimedia venue, so  
> perhaps it
> should be removed completely.  But if it is to be left, why was the  
> mention
> about the possible exposure of IPs deleted?  Surely that's an  
> important
> privacy concern regarding IRC (where the IRC guidelines have nothing  
> to do
> with privacy)

I'm not necessarily averse to excluding discussion of IRC, but you  
will note that IRC is discussed in current WMF privacy policy (at  
6.4).  It's reasonable to infer that the Board in 2006 wanted IRC  
included, perhaps because some users infer that WMF-related IRC  
channels are somehow operated by us.

> Perhaps my main point is this:
>
> -- Yahoo privacy policy:  1,427 words
> -- Google privacy policy:  1,858 words
> -- Myspace privacy policy:  2,322 words
> -- WMF current privacy policy:  1,767 words
> -- WMF privacy policy draft:  5,081 words

The fact that our policy is longer than some others is something of  
which we are painfully aware, and which we were aware of before any  
community feedback started.  But there are both reasons and  
explanations for this.

First, as I recall from my research, Google has a separate privacy  
policy for each product (e.g., a privacy policy for Google search, a  
privacy policy for G-mail, one for Maps, one for Shopping, etc.).  We  
don't do that -- our draft policy covers all projects. (I assume  
something similar is going on at Yahoo!)

Second, even if we limit our discussion to Wikipedia, the uses of the  
service that may raise privacy implications are more various and  
complicated than those of, say, Google search.

The question here is whether it makes sense to put everything in one  
place or not. The previous WMF privacy policy put everything in one  
place, but was shorter and (I strongly believe) too dense and  
technical for non-technical users.  We traded off length for  
readability.  I still think that is the right decision.

That said, any approach to shortening the privacy policy draft that  
does not require removing or relocating essential privacy-related  
information (and I continue to believe that an expression of the  
Foundation's philosophy is essential) is something we're open to.


--Mike

More information about the foundation-l mailing list