On 22/06/2018 00:40, Criss Ittermann wrote:
What I see as material problems are:
Removing people from Diffs — mentioned in a thread on the PmWiki Users
list — if they request their data to be completely removed from the
site. That can be tricky — there's a difference between being an
author (of an original article or section thereof, thus possessing
copyright to the creation) vs. editor. Removing a diff in the middle
of a chain of diffs can materially change a wiki page in ways that
don't work. If someone fixed a typo, it's now a typo again — and that
would be OK I suppose. But if someone added a paragraph that was
later edited & added-to — now the context for further changes is
missing.
You don't need to remove their edits (the diffs), their edits are not
personal information. Personal information in page history are only
their name and IP address.
We need to write a recipe that takes an author identifier (username or
e-mail) and possibly an IP address (although some IP addresses may
forward thousands of users), then reads all pages with full history and
pseudonymizes or anonymizes these bits: just rewrites the "author" and
"host" page attributes with some string like user20180627T1322.
As long as it is impossible to guess or recover the personal information
from the files on your server by other users, or in case of a breach, it
may be enough.
Making sure all email & comment forms have a required checkbox (not
checked already) asking permission to share/email/store personally
identifying information. Though that's pretty easy if you know how to
use PmForm.
If you use "explicit consent" as sole legal basis for collection and
processing of personal information you need to explain each and every
different purpose for this collection and processing, with individual
checkboxes, where people may select some or all checkboxes.
Note that besides "explicit consent" there are 6 other cases for legal
basis for this -- if you are in at least one of these cases, you don't
require explicit consent.
One of these cases is "legitimate interest of your company or a third
party" (for example usage statistics, software troubleshooting), another
one is "legal obligations" (for example it is required by law to store
the server access logs for 2 years, and they contain the IP address
which is considered personal information by the GDPR), and yet another
one is "fulfill contractual obligations with person", and "perform tasks
at person's request" (for example they request the creation of an
account, or request notifications, or request password recovery).
That means, if you have some "terms of use" which may be considered a
contract, one single checkbox may be enough.
At any rate, you need a simple, plain text summary of your use of
personal information.
Getting explicit permissions before setting ANY cookies (not "if you
use this site you agree to cookies....") which should be in a pop-up
with a checkbox, and the permission has to be tracked though I have no
idea how you'd trace it (just on IP?).
For a PmWiki cookie, only a session ID, and probably the "Author" cookie
are considered personal information, you can send other cookies without
the need for consent.
If you have a legitimate interest (usage information, editor
accountability, security, troubleshooting), you don't need explicit
consent.
BTW the IP address is also personal information, it is crazy that by law
we have to store the server access logs with the IP address, and people
need to consent before. This is a Catch 22 abomination, when someone
opens the site, the server immediately stores the log entry, and if they
do not consent the server stores another log entry.
I believe the people who wrote the parts about cookies and IP addresses
were somewhat ignorant about how the internet works, and they did not
get help, which was stupid.
And you can't say "using this site constitutes you agree to our
privacy policy or terms of service" — you need a material checkbox
agreeing to it, with a link, and that checkbox use has to be tracked
somehow (just like email form & comment form permission, and just like
the cookie-setting issue — everything has to be tracked).
If the software is written in a way that it refuses to go forward unless
the checkbox is checked, wouldn't this be enough?
A neat thing WordPress did is they have plug-ins supply "Suggested
wording" for privacy policies to cover that they're in use on the
site. When the user is on the back-end there's help documents for
creating a privacy policy, and for example Akismet suggests some
wording for your privacy policy. WordPress overall gives suggested
wording (which covers general cookies, and mentions that you have to
put your analytics etc. into the document).
Indeed, you probably need to mention that you outsource analytics to
external companies and embed content from other platforms like videos or
maps.
There is a JS program that can be useful, Tarteaucitron ("Lemon pie" in
French):
https://github.com/AmauriC/tarteaucitron.js
It can be configured to delay the loading of external resources like
analytics and videos until the visitor accepts these individually and
explicitly, and the visitor can see and delete individual cookies.
Petko
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
