Hi Alina, Thanks for running this review :-) Lots of interesting stuff in here; forgive me if I focus on the bits I think may need more work.
On 19/07/14 00:33, Alina Hua wrote: > NO SURPRISES Previous: Only use and share information about our users > for their benefit and as spelled out in our notices. New: Use > information in a way that is transparent and benefits the user. Why was "and share" removed? > SENSIBLE SETTINGS Previous: Establish default settings that balance > safety and user experience appropriately. New: Design for a > thoughtful balance of safety and user experience. Context: Replaced > "Establish default settings" with "Design for" to be less repetitive > with the title and focus on the engineering design phase. Replaced > "appropriately" with "thoughtful" to indicate carefully considered > tradeoffs. This problem was present in the original, but: this implies that there's a trade-off between safety and user experience. I don't think that's so - you can have very usable, very privacy-respecting software. The difficult tradeoff is often between safety and _features_. That is to say, users want to do a certain thing or site owners want to provide a certain capability, but it's hard to do it in a way which also preserves their privacy. > REAL CHOICES (removed) Previous: Educate users whenever we collect > any personal information and give them a choice whenever possible. > Context: Eliminated based on feedback that the difference between > choice and control wasn't clear, and that the conversation has moved > to control, rather than choice. So the argument is that this issue is now covered by the "User Control" section? > LIMITED DATA Previous: Collect and retain the least amount of user > information necessary. Try to share anonymous aggregate data whenever > possible, and then only when it benefits the web, users or > developers. New: Collect what we need, de-identify where we can and > delete when no longer necessary. Context: Replaced "collect and > retain the least amount" with the broader "collect what we need". > Removed "only when it benefits" seemed broad enough that most things > would fall in one of the three. I think this actually was valuable due to what it excluded - it excluded benefit to _us_. That is to say, if we collected user information and simply sold it at a profit, that would _not_ be covered. Now, we just have "what we need", and so if we argue that Mozilla "needs" to make money to stay in business, we could argue that the practice just outlined was in line with the new principles. > Considered adding "collect only" but > concerns about differences in definition (ex: indirect benefit vs. > direct benefit). To add "only" was my immediate thought; I would be interested in more discussion about why this was left out. > USER CONTROL Previous: Do not disclose personal user experience > without the user's consent. Innovate, develop and advocate for > privacy enhancements that put users in control of their online > experiences. New: Establish enhancements that allow individuals to > control their data and online experiences Context: Removed the > sentence about consent, because it is more of an example of enabling > control. Removed "advocate for" to simplify and to focus on direct > engineering action. Added 'control their data'. "Establish enhancements" is an odd phrase. It also makes it sound like we don't do this at the moment, but hope to in the future. I hope that's not true :-) > TRUSTED THIRD PARTIES (relocated) Previous: Make privacy a factor in > selecting and interacting with partners. Context: Incorporated into > the introduction as "select and interact with partners". All > principles inform how we work with partners, so this does not need to > be a standalone principle. "Interact with" is weaker than "choose". "Choose" means "we might reject this partner if their privacy story sucks". "Interact with" could mean "having chosen this partner, we use the principles to make sure we do whatever they can manage on the privacy front (but if it sucks, that doesn't mean we change provider, because we did our best)". I like the idea that we would refuse to work with a partner who couldn't maintain the privacy of our users. > IN-DEPTH DEFENSE (added) New: Innovate multi-layered security > controls and practices, "Innovate" as a transitive verb sounds really like marketing-speak. > many of which are publicly verifiable by our > global community. "Many of which" seems weak. "Between me and my brother, we know everything!" "OK, what's the capital of Chad?" "Er... that's one my brother knows." Gerv _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
