Hi,
On 2018-08-11 16:01, John Paul Adrian Glaubitz wrote: > On 08/11/2018 09:06 AM, Clayton wrote: >> This was my first DebConf and I chose not to offer my last name on the >> registration, or at any point during the conference, and nobody seemed >> bothered. I believe(?) there were some registrants who were entirely >> pseudonymous. If one does not want one's name exposed publicly in an >> online community, then just don't give a real name. > What happens in case of an emergency then? Aren't organizers of large > events of this type required by law to keep lists of real name? It depends on the country but I've never had that in Taiwan. Martial law is over since a long time. There's an 'old' "assembly act" but that's for anything political. "Freedom of assembly/association" that exists in most democratic countries means you don't have to keep such lists. > If, for example, an attendee of the conference has a serious accident > and other folk call emergency services, they will have a problem when > asked for the name and street address of an attendee. Or, even worse, > if an attendee died, organizers will not be able to contact someone > from the circle of their family etc. I don't think this falls under the responsibility of the organizers, unless there is a Debconf on a ship or airplane. For such a long conference it makes sense to provide an OPTIONAL emergency contact though! Also there should be people that know how to do CPR at the venue (it can be trained). > Or imagine an attendee commits a felony, you need to be able to > identify them as well. There are probably countless occasions where > it's simply not enough to identify as "trumpet232" at the registration > desk. Why? That's up to the police to investigate. Any Data Protection Assessment (DPA) would show that the mass collection of people's addresses is by far worse than the risk of having someone commit a felony. > I know many people in Debian are a huge fan of high privacy levels, > but there is often actually a valid reason beyond advertisement and > statistics why lists are kept with the name of attendees and people > who demand these high levels of privacy should keep that in mind. > > Some requirements are imposed by the law and/or safety requirements, > so you cannot just ignore them, even if you a "digital native". I would be very interested if you can point those laws out? I'm not aware such stuff exists in Germany (basic law article 8 has freedom of assembly) so does Taiwan (which is a copy/paste from the German basic law). How about Brazil? I'm not a lawyer, but as far as I can tell from their Constitution its a right too: Article 5: [...] 10. the privacy, private life, honour and image of persons are inviolable, and the right to compensation for property or moral damages resulting from their violation is ensured;[...] [...] 16. all persons may hold peaceful meetings, without weapons, in places open to the public, regardless of authorization provided that they do not frustrate another meeting previously called for the same place, subject only to prior notice to the competent authority;[...] As sponsor, we hope that you can collect the absolute minimum amount of data and give the freedom from (risk of) surveillance to attendees. The government sponsor which makes the rule that attendees information must be shared obviously did not do any privacy assessment. For us in Taiwan, it would be interesting to talk with them how it can be avoided in the future. In case the local domain registry (.TW = TWNIC) would held events with us (Gandi) they ask for similar things (including signatures of the attendees!) and that is why we never co-hosted anything with them. ;-) And as Karen Sandler pointed out there's no such thing as 'anonymized' data. Thanks for this interesting discussion, Thomas
