On 05/08/2014 18:23, [email protected] wrote:
On Monday, August 4, 2014 6:47:19 AM UTC-7, Gijs Kruitbosch wrote:
On 22/07/2014 11:22, Gijs Kruitbosch wrote:
On 19/07/2014 00:33, Alina Hua wrote:
REAL CHOICES (removed)
Previous: Educate users whenever we collect any personal information
and give them a choice whenever possible.
Context: Eliminated based on feedback that the difference between
choice and control wasn't clear, and that the conversation has moved
to control, rather than choice.
<snip>
USER CONTROL
Previous: Do not disclose personal user experience without the user's
consent. Innovate, develop and advocate for privacy enhancements that
put users in control of their online experiences.
New: Establish enhancements that allow individuals to control their
data and online experiences
Context: Removed the sentence about consent, because it is more of an
example of enabling control. Removed "advocate for" to simplify and to
focus on direct engineering action. Added 'control their data'.
These two changes together make it seem like we're removing guarantees
about not disclosing user data without consent. I guess that's not the
aim of these changes, but removing statements along the lines of "we
won't share/disclose without consent, unless required by law" combined
with the "post-Snowden" web (as called out in your original post) makes
me uncomfortable.
What can we still guarantee our users, and can we spell that out? The
proposed language is fuzzy and has (looking with my engineering eyes) no
hard requirements of any kind.
~ Gijs
The response here was:
RESPONSE: We are considering either �Develop and advocate for a Web
that puts users in control of their data and online experiences. � or
�Push for a Web that puts users in control of their data and online
experiences.� These are thought to incorporate choice and education
(from the �Real Choices� principle that was removed� [)] while
indicating the actions we take.
I feel this ("we will push for a Web ...") doesn't address the removal
of what seems like a solid guarantee about our own products, which
aren't *part* of the web per se (ie I would say Firefox lets you browse
the web, while not itself being "part" of the web).
That being said, we would seem pretty hypocritical if we pushed for a
web that was based on user consent and didn't build our products that
way, so to a certain degree I guess it makes sense. However, I feel we
should be leading the charge here, including how we (guarantee we) deal
with private user data in our own products, rather than having our
sentiments about the web imply (rather than state) things about how our
own software behaves.
~ Gijs
Hi Gijs,
You raise a very good point and we'd like to incorporate it. What do you think
of this wording?
USER CONTROL
Develop products and advocate for best practices that put users in control of
their data and online experiences.
Hi Stacy,
Thanks! And yes, I think that that is an improvement in the sense of
being more explicit about what Mozilla does about this issue.
I also realized that we seem to have both "privacy principles" and a
"privacy policy", and I guess that as long as we are explicit enough
about what we (don't) do in the policy, we don't need to go into detail
too much in the "principles". Perhaps I would also have been less
worried if I'd realized this earlier - there was no mention of this
distinction in the start of the thread. :-)
Thank you for your hard work on this!
Gijs
_______________________________________________
governance mailing list
[email protected]
https://lists.mozilla.org/listinfo/governance
