On 2/26/20 2:32 AM, Ben Cooksley wrote:
As we're changing how we use the data (to now include a distribution
component) we would need to invalidate all existing consents given by
users (for which no mechanism exists for us to do so, as we never
expected to need to change the policy) and I think we would have to
discard all the data we have already collected as well.
Unfortunately, as the system includes no mechanism for the server to
communicate which revision of the privacy policy the user agreed to,
we would also have to come up with a way of blocking all old clients
from communicating with the system altogether (as we have no way of
telling if it is an old consent the software is relying on or a new
one) so you'd only start getting data in the system once users had
gone through a full update cycle.
That seems like an oversight we should correct regardless of whether or
not we release any data. It is not likely that the terms will *never*
change.
Nate
