[Moving to europython-improve@, as I reckon that most delegates will not be interested in details on how to improve our website]
On sab, 2011-04-09 at 16:46 +0200, Charlie Clark wrote: > Am 09.04.2011, 16:10 Uhr, schrieb Giovanni Bajo <ra...@develer.com>: > > > I disagree. The form linked above clearly explains what it is going to > > be published and what it is not. Moreover, if you submit the form once, > > you are brought to the exact page that *will* become public, but still > > in a private form; you can review everything and amend at any time. > > The pop-up requrires javascript to work. As it stands they are two > slightly contradictory statements. I would suggest you clarify in the > obligatory opt-in field exactly what data will be published on the > website. Generally speaking, we do not spend time to specifically tune and enhance the experience of people browsing our website with Javascript disabled. Obviously the website is well-designed so that it does work with Javascript disabled, but there could surely be other QoI issues (just like this one). Anyway, since it's a relatively small fix, I will change the opt-in text to specify that mobile number and birthdate will not be published. I have added a paragraph to the privacy policy about speaker data. > To be honest, as the form is not secure neither statement is of > any great relevance from a data protection perspective: all public data is > being transferred in the clear. Would it be possible to have the forms > secured? If someone can provide a *quality* (single-root, full browser coverage including mobile) SSL certificate for ep2011.europython.eu, we would be happy to switch to HTTPS. Alternatively, if someone donates €20 (there is a donation button on the homepage), we will be happy to buy a 1-year certificate and install it. > >> but then the site > >> is also using Google Analytics which also breaches this > > Again, I disagree. We don't send Google Analytics any private data that > > we are aware of. If you mind to elaborate on where our privacy policy > > seems to disallow Google Analytics usage, we can amend the text to allow > > it (and/or explicitly mention that it is being used). Plus, it's > > possible to globally opt out from GA as you might know. > > IP addresses are considered as personal information. In general, in > Europe, only opting-in to the collection of personal data is permissible > and, as such, the US preference for opting-out is not sufficient. I disagree that IP addresses are considered personal information in Italy, but I'm not a lawyer. If you are suggesting that all websites using Google Analytics violate EU privacy laws, then too bad. I have updated the privacy policy to reflect our usage of Google Analytics (and Olark, and Janrain). You mentioned that there was a 10-years cookie set by our website. We could not find it. Can you give us more details please? Thank you for elaborating on your concerns. I hope most of them are cleared out now. PS: while composing this e-mail and editing the privacy policy, I've been cold-called by a company that was trying to upsell cat food, declaring that they knew that I had a cat. That is, sadly, the current status of the privacy in Italy at least ./ -- Giovanni Bajo _______________________________________________ Europython-improve mailing list Europython-improve@python.org http://mail.python.org/mailman/listinfo/europython-improve
