Re: [OSGeo-Discuss] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

[Moritz Lennert]

On 17/12/15 20:28, Jody Garnett wrote:

We have a different understanding of foss4g Maxi.


I imagine that this is a reaction to

> On Thu, Dec 17, 2015 at 4:08 AM Massimiliano Cannata
> wrote:
>> 4- FOSS4G is the OSGeo's label of their Free and Open Source
>> Software For Geospatial conferences

?

I know this has a long history of discussions behind it, including on 
this list, but still: could you elaborate on your reaction, Jody ? This 
seems a very fundamental part of this whole discussion, here.


Moritz



___
Discuss mailing list
Discuss@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

[Ian Edwards]

I support Paul and Steven's approach (and thank them for their actions to
help keep the community aware of events) -- but I think it's also certainly
the case that there is always a set of people on our mailing lists who have
a strong preference that their details are not shared in a way they do not
agree to up front - In fact, I'm sure we would all include ourselves in
this category as the type of "spam" we may receive becomes less relevant to
our interests.

Another way to reach a constructive outcome may be to discuss on the conference
dev

list an update to the FOSS4G Handbook
/Cookbook
with guidelines on opting out when submitting your details.  My preference
would be a statement that does not require a lot of effort from our
volunteer organisers, something like:

"by submitting your email address you consent to us sharing your details
for the purpose of keeping you informed of future similar events.  You can
unsubscribe from these communications at anytime using the unsubscribe
links provided."


===
Ian Edwards

On Thu, Dec 17, 2015 at 10:28 PM, Cameron Shorter  wrote:

> Hi Maxi,
> I love the constructive research that you have started here.
>
> Email privacy was not as topical when foss4g email lists started getting
> collected, and tracing technologies such as mail chimp were as assessable
> as mail chimp is now. So we are right to retrospectively develop our policy
> in this area.
>
> If you are up for it, I suggest following a similar process to what we did
> for getting the OSGeo Code of Conduct in place.
> 1. Research best practice policies. Find one that meets OSGeo community
> requirements (ideally addressing the majority of the ideas on this email
> thread)
> 2. Ideally find something that has been adopted and maintained as best
> practice among many organisations. (This is the Open Source Way).
> 3. Reference it, copy it verbatim, tweak it, or collate with other
> sources, (possibly into a wiki page)
> 4. Propose to OSGeo community for adoption. Collate feedback, tweak.
> 5. Have OSGeo adopt the policy.
>
> Warm regards Cameron
>
>
> On 18/12/2015 4:26 am, Daniel Kastl wrote:
>
> Hi,
>
> I wanted to share some thoughts, because I don't want that Maxi's concerns
> are buried under lots +1's, that "we are just doing our best for a
> successful FOSS4G". Maybe Maxi's initial email was a bit strong and
> contained the  "LocationTech" keyword ;-)
> I don't think anyone (and for sure not Maxi) wants FOSS4G or OSGeo not to
> be successful, and nobody is against marketing.
>
> However doing something with good intent doesn't mean, that it's right,
> right?
> If there is a privacy policy, we need to respect it and handle personal
> data (like email addresses) accordingly. If there is no privacy policy, we
> probably should have one, because there are at least a few countries I
> know, where not being able to opt-out or receiving unwanted emails can
> become a legal issue quickly (and cost money).
>
> I remember a few months ago the discussion about Code of Conduct, where
> some people thought, we don't need that, because we're well-educated and
> friendly people, respecting each other, etc.. A code of conduct wasn't
> something I cared about that time, because maybe it's not common in
> countries where I live. But I learned, that it's an important document for
> North American countries. And I think the privacy topic is a widely
> discussed issue in European countries, and we have some lessons learned
> about services/organizations trying to track us.
> So that's maybe the reason, why some are not so happy to click an
> encrypted link with tracking ID (and whatever else). While I think you
> already get tracked, when you open the email and the transparent image gets
> loaded.
> Speaking as a Japanese citizen, it's even seen as bad practice here to
> sent HTML emails, so almost every commercial email is text only with
> beautiful ASCII art and is really hard to look at.
>
> While reading this thread I had the following questions actually:
> - Is the collected database of email addresses available on request for
> every local chapter?
> - If a local chapter passes it to some third party organization (in this
> case LocationTech, but replace it with any other name), what happens with
> these addresses later? Are they now merged with the "LocationTech Tour"
> database or the whole Eclipse address pool, etc.?
> - If I didn't open my email, because I'm not from North America, will I be
> removed from the database and future announcements?
>
> I think most email addresses collected from further events were for
> registration purpose. There is no way to register without giving OSGeo an
> email address.
> And even if we won't harm anyone, we didn't ask those people, if they
> would like to opt-in for a newsletter-like service.
> So I 

Re: [OSGeo-Discuss] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

[Massimiliano Cannata]

All,
I believe the point is not if it was nice or not to receive a message for
being aware of events (that we will be aware in any case thanks to the
social media and mailing lists) but rather if it is appropriate (or even
legal?) perform these unsolicited mail campaign and the sharing of these
data among person on private and non-regulated way.
We all know that having the data, it doesn't mean having the right to
distribute it to 3rd party.

@Ian: I also don't think a single line of acknowledgement while registering
cover the issue.
For instance your proposal of a "non-active OPT-IN" it seems to me not in
line with the EU regulation discussed in these days here (but i'n not a
lawyer):
http://www.europarl.europa.eu/news/en/news-room/20151217IPR08112/New-EU-rules-on-data-protection-put-the-citizen-back-in-the-driving-seat
(thanks Helli for the link!)


I request, and will add in the next board meeting agenda, to have a deeper
discussion and agreement at OSGeo level.
Because I think that the privacy protection is a matter larger then the
FOSS4G only and is of concern to the whole OSGeo community as it may apply
to several cases.

I feel that OSGeo shall define like for the Code of Conduct a Privacy
Policy that applies all over the community and that members shall agree to
follow when they participate in the community.


my 0.1 cent,
Maxi






2015-12-18 10:00 GMT+01:00 Ian Edwards :

> I support Paul and Steven's approach (and thank them for their actions to
> help keep the community aware of events) -- but I think it's also certainly
> the case that there is always a set of people on our mailing lists who have
> a strong preference that their details are not shared in a way they do not
> agree to up front - In fact, I'm sure we would all include ourselves in
> this category as the type of "spam" we may receive becomes less relevant to
> our interests.
>
> Another way to reach a constructive outcome may be to discuss on the 
> conference
> dev
> 
> list an update to the FOSS4G Handbook
> /Cookbook
> with guidelines on opting out when submitting your details.  My preference
> would be a statement that does not require a lot of effort from our
> volunteer organisers, something like:
>
> "by submitting your email address you consent to us sharing your details
> for the purpose of keeping you informed of future similar events.  You can
> unsubscribe from these communications at anytime using the unsubscribe
> links provided."
>
>
> ===
> Ian Edwards
>
>
> On Thu, Dec 17, 2015 at 10:28 PM, Cameron Shorter  .shor...@gmail.com> wrote:
>
>> Hi Maxi,
>> I love the constructive research that you have started here.
>>
>> Email privacy was not as topical when foss4g email lists started getting
>> collected, and tracing technologies such as mail chimp were as assessable
>> as mail chimp is now. So we are right to retrospectively develop our policy
>> in this area.
>>
>> If you are up for it, I suggest following a similar process to what we
>> did for getting the OSGeo Code of Conduct in place.
>> 1. Research best practice policies. Find one that meets OSGeo community
>> requirements (ideally addressing the majority of the ideas on this email
>> thread)
>> 2. Ideally find something that has been adopted and maintained as best
>> practice among many organisations. (This is the Open Source Way).
>> 3. Reference it, copy it verbatim, tweak it, or collate with other
>> sources, (possibly into a wiki page)
>> 4. Propose to OSGeo community for adoption. Collate feedback, tweak.
>> 5. Have OSGeo adopt the policy.
>>
>> Warm regards Cameron
>>
>>
>> On 18/12/2015 4:26 am, Daniel Kastl wrote:
>>
>> Hi,
>>
>> I wanted to share some thoughts, because I don't want that Maxi's
>> concerns are buried under lots +1's, that "we are just doing our best for a
>> successful FOSS4G". Maybe Maxi's initial email was a bit strong and
>> contained the  "LocationTech" keyword ;-)
>> I don't think anyone (and for sure not Maxi) wants FOSS4G or OSGeo not to
>> be successful, and nobody is against marketing.
>>
>> However doing something with good intent doesn't mean, that it's right,
>> right?
>> If there is a privacy policy, we need to respect it and handle personal
>> data (like email addresses) accordingly. If there is no privacy policy, we
>> probably should have one, because there are at least a few countries I
>> know, where not being able to opt-out or receiving unwanted emails can
>> become a legal issue quickly (and cost money).
>>
>> I remember a few months ago the discussion about Code of Conduct, where
>> some people thought, we don't need that, because we're well-educated and
>> friendly people, respecting each other, etc.. A code of conduct wasn't
>> something I cared about that time, because maybe it's not common in
>> countries where I live. But I learned, that 

Re: [OSGeo-Discuss] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

[Cameron Shorter]

Hi Maxi,
I love the constructive research that you have started here.

Email privacy was not as topical when foss4g email lists started getting 
collected, and tracing technologies such as mail chimp were as 
assessable as mail chimp is now. So we are right to retrospectively 
develop our policy in this area.


If you are up for it, I suggest following a similar process to what we 
did for getting the OSGeo Code of Conduct in place.
1. Research best practice policies. Find one that meets OSGeo community 
requirements (ideally addressing the majority of the ideas on this email 
thread)
2. Ideally find something that has been adopted and maintained as best 
practice among many organisations. (This is the Open Source Way).
3. Reference it, copy it verbatim, tweak it, or collate with other 
sources, (possibly into a wiki page)

4. Propose to OSGeo community for adoption. Collate feedback, tweak.
5. Have OSGeo adopt the policy.

Warm regards Cameron


On 18/12/2015 4:26 am, Daniel Kastl wrote:

Hi,

I wanted to share some thoughts, because I don't want that Maxi's 
concerns are buried under lots +1's, that "we are just doing our best 
for a successful FOSS4G". Maybe Maxi's initial email was a bit strong 
and contained the  "LocationTech" keyword ;-)
I don't think anyone (and for sure not Maxi) wants FOSS4G or OSGeo not 
to be successful, and nobody is against marketing.


However doing something with good intent doesn't mean, that it's 
right, right?
If there is a privacy policy, we need to respect it and handle 
personal data (like email addresses) accordingly. If there is no 
privacy policy, we probably should have one, because there are at 
least a few countries I know, where not being able to opt-out or 
receiving unwanted emails can become a legal issue quickly (and cost 
money).


I remember a few months ago the discussion about Code of Conduct, 
where some people thought, we don't need that, because we're 
well-educated and friendly people, respecting each other, etc.. A code 
of conduct wasn't something I cared about that time, because maybe 
it's not common in countries where I live. But I learned, that it's an 
important document for North American countries. And I think the 
privacy topic is a widely discussed issue in European countries, and 
we have some lessons learned about services/organizations trying to 
track us.
So that's maybe the reason, why some are not so happy to click an 
encrypted link with tracking ID (and whatever else). While I think you 
already get tracked, when you open the email and the transparent image 
gets loaded.
Speaking as a Japanese citizen, it's even seen as bad practice here to 
sent HTML emails, so almost every commercial email is text only with 
beautiful ASCII art and is really hard to look at.


While reading this thread I had the following questions actually:
- Is the collected database of email addresses available on request 
for every local chapter?
- If a local chapter passes it to some third party organization (in 
this case LocationTech, but replace it with any other name), what 
happens with these addresses later? Are they now merged with the 
"LocationTech Tour" database or the whole Eclipse address pool, etc.?
- If I didn't open my email, because I'm not from North America, will 
I be removed from the database and future announcements?


I think most email addresses collected from further events were for 
registration purpose. There is no way to register without giving OSGeo 
an email address.
And even if we won't harm anyone, we didn't ask those people, if they 
would like to opt-in for a newsletter-like service.
So I find it somehow OK (gray-zone) to use the existing address 
collection for marketing future global FOSS4G events (it's only once a 
year), but you need to understand that FOSS4G NA is a regional event, 
and that the emails probably haven't been filtered by region. If we 
continue this practice, will then every local FOSS4G be able to spread 
the word in the name of OSGeo using a collected address list of the 
past 10 years?


Personally I think, that as a community we can do much better 
marketing than using MailChimp.
Maybe it's a good idea to add an opt-in form to FOSS4G registrations, 
where people can sign up for event announcements, even with regional 
preferences eventually?


Best regards,
Daniel



On 18/12/15 01:09, Steven Feldman wrote:

+1,000,000 to what Paul has said

I also passed the FOSS4G 2013 list (which included names for 2011 and 
previous FOSSS4Gs) to the 2014 team in the spirit of fraternal 
support to future FOSS4Gs, I believe that was the right thing to do 
even though we neglected to have specific opt in/out option. No doubt 
they passed the extended list to 2015 and they have in turn shared 
with 2016. This is good not bad.


We need to separate the animus towards LT from the apparent horror at 
the use of a ‘commercial’ service like MailChimp. Those of us who 
earn our living from Open Source Geo need to promote 

[OSGeo-Discuss] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

[Massimiliano Cannata]

Dear Gert, deal all,
after a few days of discussion I would like to sum up some considerations
to re-focus to subject of my first e-mail and that in my opinion should led
OSGeo foundation to at least one or two argument for discussion.

1- Some FOSS4G events made use of "aggressive" marketing strategies using
mailing lists where the users didn't explicitly agree in being notified.

2- There are laws on privacy protection which are different  for different
countries/region (this is explained for example at this resource, but I'm
not a loyer: http://www.lsoft.com/resources/optinlaws.asp )

3- OSGeo act globally and should be respectful as much as possible of all
the existing rules

4- FOSS4G is the OSGeo's label of their Free and Open Source Software For
Geospatial conferences


Said that each person or organization is responsible for its acts (and is
free to behave as he/she/it prefer), I would like that OSGeo - and FOSS4G
that is with no doubt recognized as an OSGeo event - act in respect of a
well defined privacy protection policy with is
as much protective of privacy as possible.

Example of Privacy Policy can be found for example in:
- Apache foundation (http://www.apache.org/foundation/policies/privacy.html
)
- Eclipse foundation (https://eclipse.org/legal/privacy.php)
- Debian (http://www.debianit.com/privacy-policy/)
- Software Freedom Conservancy (https://sfconservancy.org/privacy-policy/)
- OpenStack (https://www.openstack.org/privacy/)


>From a short reading all of them seems state that they do not pass
information to third parties and do not use these information for sending
newsletter unless explicitly agreed.



So, if I raised you attention to this hot topic and in the future people
will be more sensitive and respectful of privacy when they act in the name
of FOSS4G or OSGeo I'm 1000% happy and accept any blame on me.


Best regard,
Maxi








2015-12-15 23:38 GMT+01:00 Gert-Jan van der Weijden - Stichting OSGeo.nl <
gert-...@osgeo.nl>:

> First: I took the opportunity to change the subject of this thread to a
> less shouting version (CAPS LOCK and spam live side-by-side on my
> email-irritation-scale)
>
>
>
>
>
> Second: Funny to see how the use of two different channels (mailing list
> vs. MailChimp) kind of reflect the different approaches to reach the -more
> of less- same goal.
>
> Any expanding organisation / movement / community comes to a point where
> the classical channels (like a mailing list) reach their limits,
>
> and "new" marketing (yuch! marketing==ugly & bad!) channels & methods may
> help to stretch beyond borders. Which comes at a cost (as Maxi tries to
> tell, I guess).
>
>
>
> Food for thought for the Board face2face meeting in January (and for the
> entire community) to determine
>
> - what our goals are
>
> - what our values are
>
> - and how these two compare to each other.
>
>
>
>
>
> Kind regards,
>
>
>
> Gert-Jan
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Van:* Discuss [mailto:discuss-boun...@lists.osgeo.org] *Namens *Rob
> Emanuele
> *Verzonden:* dinsdag 15 december 2015 21:51
> *Aan:* David Bianco
> *CC:* OSGeo Discussions
> *Onderwerp:* Re: [OSGeo-Discuss] FOSS4GNA - SOMEONE IS WATCHING YOU :-o
>
>
>
> Hey David,
>
>
>
> The emails on the mailing list were cultivated by past FOSS4G NA
> attendees, people opting in in other ways, and from lists that were given
> by members of this and last year's committee. If we're spamming people who
> didn't opt in, it is not intentional and apologies for the spam (the world
> certainly doesn't need more spam). We'll take a look at the list moving
> forward to try to prevent from sending emails to anyone who didn't opt in.
>
>
>
> Thanks,
>
> Rob
>
>
>
> On Tue, Dec 15, 2015 at 2:48 PM, David Bianco  wrote:
>
> I believe MailChimp has policies against adding emails to your list
> without a user's authorization.
>
>
>
> http://mailchimp.com/legal/acceptable_use/
>
>
>
> On Tue, Dec 15, 2015, at 10:16, Rob Emanuele wrote:
>
> Thanks for pointing out that it wasn't yet posted to OSGeo-Discuss, I just
> posted it.
>
> There's a one-click unsubscribe button from that mailing list, sorry for
> the spam!
>
>
>
> On Tue, Dec 15, 2015 at 12:31 PM, Massimiliano Cannata <
> massimiliano.cann...@supsi.ch> wrote:
>
> Just a funny note...
>
>
>
> Nice to see that LocationTech has a FOSS4G email ( WOW!)
>
>
>
> and.
>
> that all the link on the received e-mail are connected with my user_id (I
> have one? Yes)
>
>
>
> and
>
> that they are tracked (!!! without inform me !!!)
>
>
>
> and...
>
> that I have been added to a list that i'm not subscribed (
> http://mailchimp.com/about/mcsv/)
>
>
>
>
>
> But...
>
> Where did they get my e-mail from?
>
> why thy didn't simply post the news to the discussion-osgeo list?
>
> what do they want to track?
>
>
>
>
>
>
>
> *If you want to see the FOSS4G-NA without been traced here is the
> link https://2016.foss4g-na.org/ *
>
>
>
>
>
> 

Re: [OSGeo-Discuss] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

[Jody Garnett]

Thanks for the productive discussion - some of those privacy policies seem
to be website specific ( rather than for an organization as a whole ).

We just are rebooting the webcom so the timing is good for a privacy
discussion. It may be easier to start here and then branch out to project /
committee email lists and a foundation wide policy.

We have a different understanding of foss4g Maxi.
On Thu, Dec 17, 2015 at 4:08 AM Massimiliano Cannata <
massimiliano.cann...@supsi.ch> wrote:

> Dear Gert, deal all,
> after a few days of discussion I would like to sum up some considerations
> to re-focus to subject of my first e-mail and that in my opinion should led
> OSGeo foundation to at least one or two argument for discussion.
>
> 1- Some FOSS4G events made use of "aggressive" marketing strategies using
> mailing lists where the users didn't explicitly agree in being notified.
>
> 2- There are laws on privacy protection which are different  for different
> countries/region (this is explained for example at this resource, but I'm
> not a loyer: http://www.lsoft.com/resources/optinlaws.asp )
>
> 3- OSGeo act globally and should be respectful as much as possible of all
> the existing rules
>
> 4- FOSS4G is the OSGeo's label of their Free and Open Source Software For
> Geospatial conferences
>
>
> Said that each person or organization is responsible for its acts (and is
> free to behave as he/she/it prefer), I would like that OSGeo - and FOSS4G
> that is with no doubt recognized as an OSGeo event - act in respect of a
> well defined privacy protection policy with is
> as much protective of privacy as possible.
>
> Example of Privacy Policy can be found for example in:
> - Apache foundation (
> http://www.apache.org/foundation/policies/privacy.html)
> - Eclipse foundation (https://eclipse.org/legal/privacy.php)
> - Debian (http://www.debianit.com/privacy-policy/)
> - Software Freedom Conservancy (https://sfconservancy.org/privacy-policy/)
> - OpenStack (https://www.openstack.org/privacy/)
>
>
> From a short reading all of them seems state that they do not pass
> information to third parties and do not use these information for sending
> newsletter unless explicitly agreed.
>
>
>
> So, if I raised you attention to this hot topic and in the future people
> will be more sensitive and respectful of privacy when they act in the name
> of FOSS4G or OSGeo I'm 1000% happy and accept any blame on me.
>
>
> Best regard,
> Maxi
>
>
>
>
>
>
>
>
> 2015-12-15 23:38 GMT+01:00 Gert-Jan van der Weijden - Stichting OSGeo.nl <
> gert-...@osgeo.nl>:
>
>> First: I took the opportunity to change the subject of this thread to a
>> less shouting version (CAPS LOCK and spam live side-by-side on my
>> email-irritation-scale)
>>
>>
>>
>>
>>
>> Second: Funny to see how the use of two different channels (mailing list
>> vs. MailChimp) kind of reflect the different approaches to reach the -more
>> of less- same goal.
>>
>> Any expanding organisation / movement / community comes to a point where
>> the classical channels (like a mailing list) reach their limits,
>>
>> and "new" marketing (yuch! marketing==ugly & bad!) channels & methods may
>> help to stretch beyond borders. Which comes at a cost (as Maxi tries to
>> tell, I guess).
>>
>>
>>
>> Food for thought for the Board face2face meeting in January (and for the
>> entire community) to determine
>>
>> - what our goals are
>>
>> - what our values are
>>
>> - and how these two compare to each other.
>>
>>
>>
>>
>>
>> Kind regards,
>>
>>
>>
>> Gert-Jan
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *Van:* Discuss [mailto:discuss-boun...@lists.osgeo.org] *Namens *Rob
>> Emanuele
>> *Verzonden:* dinsdag 15 december 2015 21:51
>> *Aan:* David Bianco
>> *CC:* OSGeo Discussions
>> *Onderwerp:* Re: [OSGeo-Discuss] FOSS4GNA - SOMEONE IS WATCHING YOU :-o
>>
>>
>>
>> Hey David,
>>
>>
>>
>> The emails on the mailing list were cultivated by past FOSS4G NA
>> attendees, people opting in in other ways, and from lists that were given
>> by members of this and last year's committee. If we're spamming people who
>> didn't opt in, it is not intentional and apologies for the spam (the world
>> certainly doesn't need more spam). We'll take a look at the list moving
>> forward to try to prevent from sending emails to anyone who didn't opt in.
>>
>>
>>
>> Thanks,
>>
>> Rob
>>
>>
>>
>> On Tue, Dec 15, 2015 at 2:48 PM, David Bianco  wrote:
>>
>> I believe MailChimp has policies against adding emails to your list
>> without a user's authorization.
>>
>>
>>
>> http://mailchimp.com/legal/acceptable_use/
>>
>>
>>
>> On Tue, Dec 15, 2015, at 10:16, Rob Emanuele wrote:
>>
>> Thanks for pointing out that it wasn't yet posted to OSGeo-Discuss, I
>> just posted it.
>>
>> There's a one-click unsubscribe button from that mailing list, sorry for
>> the spam!
>>
>>
>>
>> On Tue, Dec 15, 2015 at 12:31 PM, Massimiliano Cannata <
>> massimiliano.cann...@supsi.ch> wrote:
>>
>> Just a funny note...
>>
>>