Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add mention of GDPR in indicator 7 #20

Merged
merged 3 commits into from
Nov 16, 2020
Merged

Add mention of GDPR in indicator 7 #20

merged 3 commits into from
Nov 16, 2020

Conversation

lacabra
Copy link
Contributor

@lacabra lacabra commented Oct 20, 2020

This PR continues the conversation started in #2, from this comment thread

@Lucyeoh
Copy link
Contributor

Lucyeoh commented Oct 29, 2020

In accordance with the new governance.md protocol below I am commenting on this issue to document and exploring the implications of accepting or rejecting the proposed change. This should trigger a two week community input period that will end November 12th, 2020.

Recommendation: Add mention of GDPR, alongside other examples, to the form but make no changes to indicator 7 of the standard. 
Reason: Standards are helpful for people completing the questions but are not inherent to defining digital public goods and so should not be included in the standard itself. 

Prompt "Perhaps the GDPR could be adopted as an exemplar to follow for the time being?"

Options:

  1. Add GDPR into indicator 7 as an example aka.
**7. Adherence to privacy and applicable laws** | The project must state that
to the best of its knowledge it complies with relevant privacy laws (for example 
the General Data Protection Regulation (GDPR)), and all applicable international 
and domestic laws.
  1. Add GDPR into indicator 7 as an requirement aka.
**7. Adherence to privacy and applicable laws** | The project must state that
to the best of its knowledge it complies with relevant privacy laws (including 
the General Data Protection Regulation (GDPR)), and all applicable international 
and domestic laws.
  1. Add GDPR as a prompt on the collection form standard-questions but do not add it to the standard itself.
* Does this project comply with all relevant privacy laws such as the General Data Protection Regulation (GDPR)?

Implications of accepting the recommendation and adding GDPR as an exemplar in the form:

  • Gives a concrete example of the kinds of policies to consider and sets a bar.
  • Doesn't add specifics to the Standard (designed to create consensus around whether something is a digital public good)
  • GDPR is a regulation in the European Union (EU) and the European Economic Area (EEA) and GDPR became a model for many national laws outside EU, including Chile, Japan, Brazil, South Korea, Argentina and Kenya. The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR

Implications of adding GDPR into indicator 7:

  • Is very Eurocentric, could be mitigated by listing other policies from other continents as well such as Framework for Cyber laws for the East African Community, Supplementary Act A/SA.1/01/10 on Personal Data Protection Within ECOWAS for the Economic Community of West African States (ECOWAS) et al.
  • Sets "the bar" fairly high in some areas so we might want to take a bit more time to consider the language around this as the could exclude some very interesting startup-projects.
  • Not enforceable - we have no way of knowing whether they're complying with GDPR.

**We invite you to leave your comments for or against the removal of 9a below. This two week community input period will end November 12th, 2020. **

During this period we will inform the members of the Alliance's Internal Strategy Group (ISG) giving them an equal chance to comment. The final decision will require consensus from the 2 co-leads and 2 technical leads.

@lacabra lacabra mentioned this pull request Nov 13, 2020
@lacabra lacabra added this to the Nov 16-27 milestone Nov 13, 2020
@Lucyeoh
Copy link
Contributor

Lucyeoh commented Nov 16, 2020

Decision: To add to the standard-questions "description"

"For example the General Data Protection Regulation (GDPR) or frameworks for the East African Community, Supplementary Act A/SA.1/01/10 on Personal Data Protection Within ECOWAS for the Economic Community of West African States (ECOWAS) et al."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants