Alina Hua schrieb:
The updates are a response to change within Mozilla and beyond. In four years, Mozilla has grown and expanded with new products and services that didn't exist in 2010. In 2014, the world around is often described as "post-Snowden", after his revelations sparked an international debate about Internet privacy and surveillance.
I find it a bit awkward that we refer to "the Snowden revelations" here, and acknowledge that privacy is more a more sensitive topic since then, and in the actual changes remove all references to the word "privacy" completely (note that we just recently *added* that word explicitly to our Manifesto).
Previous: Mozilla Privacy Principles New: Mozilla Trust & Safety Principles Context: Intended to be broader than privacy, yet inclusive of both privacy and security. The term Trust & Safety is used by Twitter, EBay, Airbnb and others.
One issue I see is that non-native English speakers will not understand how the new title is actually inclusive of privacy - without the "context" explanation here, I would actually not see those as principles referring to "privacy" when that word is not present.
Previous: Only use and share information about our users for their benefit and as spelled out in our notices. New: Use information in a way that is transparent and benefits the user. Context: Removed the word "only" because there may be disagreement over whether "only" covers indirect benefits (ex: collecting data that helps improve your experience). Did not remove 'user benefit', although received some feedback that it doesn't fit well with no surprises. Replaced "as spelled out in our notices" with transparent, because it is broader than just notices, and transparency may also be achieved through user experience.
As others have explained, the removal of "only" loses the context of using information exclusively this way. With the "new" text, I could believe that's only one of the contexts we are using data in.
REAL CHOICES (removed) Previous: Educate users whenever we collect any personal information and give them a choice whenever possible. Context: Eliminated based on feedback that the difference between choice and control wasn't clear, and that the conversation has moved to control, rather than choice.
Back in the days, "choice" was even one of the base principles in our mission (mostly geared towards "choice of browsers"), it's sad to see see it go in more places, given that not all users have the same needs and customization is still one of the strengths of Firefox compared to other products. Also, I wonder why we let go of the whole "educating the user" part. On the Foundation side, we are trying hard to educate people about the web, do we not want to have that as an overall goal here as well? The less users know about the ability to chose more privacy, the less they will care about it.
LIMITED DATA Previous: Collect and retain the least amount of user information necessary. Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users or developers. New: Collect what we need, de-identify where we can and delete when no longer necessary. Context: Replaced "collect and retain the least amount" with the broader "collect what we need". Removed "only when it benefits" seemed broad enough that most things would fall in one of the three. Considered adding "collect only" but concerns about differences in definition (ex: indirect benefit vs. direct benefit). Replaced "share anonymous aggregate data" with "de-identify" because it goes beyond sharing - also includes storing. Added data deletion as an important part of limited data. These three pieces, limited collection, de-identification, and deletion are areas where businesses will need to have strong processes in place to honor these.
Shortening this is a good idea. That said, as others have pointed out "what we need" doesn't say much as one can easily say "...but we *need* everything". In the end, I'm pretty sure that Google and others believe they need all the data they collect. Our previous "the least amount of user information necessary" did draw a much clearer line here and challenged everyone to design features in a way that by default they collect less rather than more, and we already collect a lot more information (e.g. through opt-out/in features like FHR, Telemetry and even crash reporting) than we actually use.
USER CONTROL Previous: Do not disclose personal user experience without the user's consent. Innovate, develop and advocate for privacy enhancements that put users in control of their online experiences. New: Establish enhancements that allow individuals to control their data and online experiences Context: Removed the sentence about consent, because it is more of an example of enabling control. Removed "advocate for" to simplify and to focus on direct engineering action. Added 'control their data'.
I love that. The new stance is much clearer. Personally, I think privacy is all about control over data, so pointing this out explicitly is awesome. That said, the "Do not disclose" is sad to go away but didn't feel in the right place in this principle. It would feel better in the "choices" topic if it still existed.
TRUSTED THIRD PARTIES (relocated) Previous: Make privacy a factor in selecting and interacting with partners. Context: Incorporated into the introduction as "select and interact with partners". All principles inform how we work with partners, so this does not need to be a standalone principle.
The introduction is quite often seen as less strong than actual principles. Removing this from this place might be seen as a precursor of Mozilla switching services it uses to partners that are less privacy-sensitive or are seen as more of a threat to privacy.
IN-DEPTH DEFENSE (added) New: Innovate multi-layered security controls and practices, many of which are publicly verifiable by our global community. Context: Initially called "Multi-Layered Security", but based on input from Security members, the new term -- "Defense In Depth" -- more accurately describes Mozilla's security approaches and practices. Considered "open source community" but shortened to "global community".
That's a nice addition, but IMHO feels more like a security and less than a privacy topic, whereas the other principles feel like not being targeted on security, so it feels to me like it would make the list fall apart into "the others" and "this one".
All in all, I think it's great that we think about this document and our stances on privacy overall. Shortening the principles for more clarity is very welcome. We just need to make sure the brevity doesn't cut out things that are important to state.
KaiRo _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
