On Fri, Jan 23, 2015 at 6:06 PM, Benjamin Kerensa <[email protected]> wrote:
> On Fri, Jan 23, 2015 at 5:51 PM, Yvan Boily <[email protected]> wrote: > >> No, the scope is clearly stated with "Mozilla’s Data Privacy Principles >> continue to inform how we build our products and services, manage user >> data, and select and interact with partners – while shaping our public >> policy and advocacy work.", from the blog post. >> >> IRC logs *are* user data. irc.mozilla.org *is* a Mozilla service. Both >> are subject to Mozilla policies. >> > > Either way I do not think logging irc conflicts with any of those > principles especially if a policy is in place and documented. > *NO SURPRISES* Changing to opt-out logging on a per-channel basis is a shift away from the advertised state of logging in relation it irc.mozilla.org as published here <https://wiki.mozilla.org/IRC>. That would be a surprise for most people. *USER CONTROL* Providing opt-in logging at a channel owner level would be better, as long as the channel makes it clear by sending a notice to the user when they join that it is publicly logged. *LIMITED DATA* Hard to comply with this one; when we have numerous other sources of truth for technical work (repos, wiki, mdn, mailing lists), I would argue that we don't need to retain this data, but in the case that we do, I would think that at the least, anonymizing it is a requirement to uphold this part. It is notoriously hard to properly anonymize communications, especially chat based communications where usernames could be common subjects of discussion. *SENSIBLE SETTINGS* I think that defaulting to not logging is a more sensible setting considering the legacy of "We don't log" on the service. *DEFENSE IN DEPTH* I don't think this necessarily applies to the case at hand. > Also FWIW I can think of entire sites we have for contributors that do not > meet those data privacy principles so I really doubt they had contributors > in mind writing that. > > In the context of this discussion, other sites failing to adhere to policy is not terribly relevant, but please send me a list of the sites you think don't meet those requirements off list and I will follow up. _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
