Privacy Policy #7040
Comments
|
Where can I find the link to the privacy policy in the user interface? I don't think that this issue should be closed by commit ada4fb5. Leaving the question about the usage of resources from graph.facebook.com aside, the privacy policy is still not sufficient. I compared it to my checklist and was not able to tick all the boxes:
I recommend to include a list of all third party content providers, their contact details and where their privacy policies can be found. This can, once provided by Editor Layer Index, generated automatically. Otherwise you likely have to answer a couple of more questions in your privacy policy which I did not mention in the list above. See article 14 GDPR for further information. Thinking a bit more about the issue, it does not look as a useful way for websites, where iD is deployed, to link to your privacy policy. They might have different logging enabled at their website (duration, stored information). Maintaining a second privacy policy is something I would avoid because it might make it difficult to comply with the requirement of clear and plain language. Instead, it would be better for iD to provide a clear list of things to include in privacy policies if one deploys iD. For your public development instances, a privacy policy might still be a good idea but I wonder why you choose to link to the lasted version of the master branch and not to the version of the privacy policy at the date of the release. If you (or ELI as dependency) remove something in future, an older version of iD links to an incomplete privacy policy, doesn't it? [1] This includes a postal address. [2] That's point (f) of article 6(1) GDPR. [3] i.e. all responsible entities of third party content iD loads from third party sites [4] I think it is best practice to do so. [5] You already linked to the privacy policies of some third-party providers but [6] Links to source code files for a list of satellite imagery and street-side imagery sources are likely not meeting this requirement. [7] That's usually copy and paste text and more or less part of all privacy policies. [8] You have to inform the subject about their right but if you operate a simple website, your response on such requests will very likely be "I can't identify you in my logfiles.". |
|
@Nakaner Thanks for checking the privacy policy.. If you concerns please contact the LWG and @kathleenlu09 . We on the iD side are not experts in this stuff. |
oh - this I can answer.. We added another pane to the side for User Preferences and Privacy, and it includes a link to the privacy policy:
Also, a message is shown at startup like this:
The text in English is: When user uses iD for the first time:
When policy has been updated, splash screen will show again and the message reads:
|
|
Having the privacy policy on the splash screen is good but I expect such a link either in a "About" menu or just as a small link in the footer of the window. Users should always be able to find it and using "here" as a link is hiding it a bit. I think the whole privacy topic is not sufficiently addressed by iD yet, not all the boxes are checked at the moment. That's why I ask to reopen this GitHub issue. |
|
@Nakaner please write to LWG at legal@osmfoundation.org regarding any requested changes you have to the privacy policy. |
|
What about changing the default to opt in, rather than opt out? That's often viewed as better security & privacy? |
My personal views on this— Apps make a range of connections. Some are fundamental to how the app works and are essentially required, like iD's connections to OpenStreetMap and imagery providers. Some are superfluous and should be opt-in, like analytics trackers (which iD doesn't have). I see the icon loading as somewhere in the middle. It's not integral but it makes the mapping experience better. So my own feeling is that it should be turned on by default, but I understand that others may come to a different conclusion. For that matter, I don't know why we'd let iD make any connection that we're not comfortable turning on by default. But people have different comfort levels so it's a tricky issue! |
|
Can I state something that I presumed was obvious? I think the problem is the use of Facebook. I think a lot of reasonable objections to requesting third party images, are not the general idea (as you say, noone complains about aerial imagery), but the fact that it includes Facebook. Facebook have a horrible track on privacy & they are too powerful. Lots of people I know (not german hacker geeks who go to CCC, regular people (most people I know in Karlsruhe fall into that category actually)!) just don't trust Facebook or have Facebook accounts.
I've mapped betting shops in towns in middle England (Peterborough). If a regular local had used iD to do that, Facebook would probably start showing them pro-Tory ads (which can be lies). Someone adding data to OSM should not have that risk. That area was a [battleground constituancy](https://news.sky.com/story/general-election-2019-why-peterborough-is-a-key-electoral-battleground-11856401) and flipped from Labour to Conservative by ~2,500 votes a few weeks ago. Loading an image from Wikimedia Commons doesn't have the same risk.
"tracking analytics" is not an bad description of http requests to Facebook IMO.
…On 24 December 2019 16:28:42 CET, Quincy Morgan ***@***.***> wrote:
> What about changing the default to opt in, rather than opt out?
That's often viewed as better security & privacy?>
>
My personal views on this—>
>
Apps make a range of connections. Some are fundamental to how the app
works and are essentially required, like iD's connections to
OpenStreetMap and imagery providers. Some are superfluous and should be
opt-in, like analytics trackers (which iD doesn't have).>
>
I see the icon loading as somewhere in the middle. It's not integral
but it makes the mapping experience better. So my own feeling is that
it should be turned on by default, but I understand that others may
come to a different conclusion.>
>
For that matter, I don't know why we'd let iD make any connection that
we're not comfortable turning on by default. But people have different
comfort levels so it's a tricky issue!>
>
-- >
You are receiving this because you are subscribed to this thread.>
Reply to this email directly or view it on GitHub:>
#7040 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
For the avoidance of doubt, I have no idea of the political views of the iD developers, and I'm sure there is no grand conspiracy for them to help any political party in the UK. (which is an absurd conspiracy theory, I shouldn't have to type that)
It's just important to think though the unintended consequences of design decisions.
…On 24 December 2019 17:47:58 CET, Rory McCann ***@***.***> wrote:
Can I state something that I presumed was obvious? I think the problem
is the use of Facebook. I think a lot of reasonable objections to
requesting third party images, are not the general idea (as you say,
noone complains about aerial imagery), but the fact that it includes
Facebook. Facebook have a horrible track on privacy & they are too
powerful. Lots of people I know (not german hacker geeks who go to CCC,
regular people (most people I know in Karlsruhe fall into that category
actually)!) just don't trust Facebook or have Facebook accounts.
I've mapped betting shops in towns in middle England (Peterborough). If
a regular local had used iD to do that, Facebook would probably start
showing them pro-Tory ads (which can be lies). Someone adding data to
OSM should not have that risk. That area was a [battleground
constituancy](https://news.sky.com/story/general-election-2019-why-peterborough-is-a-key-electoral-battleground-11856401)
and flipped from Labour to Conservative by ~2,500 votes a few weeks
ago. Loading an image from Wikimedia Commons doesn't have the same
risk.
"tracking analytics" is not an bad description of http requests to
Facebook IMO.
On 24 December 2019 16:28:42 CET, Quincy Morgan
***@***.***> wrote:
>> What about changing the default to opt in, rather than opt out?
>That's often viewed as better security & privacy?>
>>
>My personal views on this—>
>>
>Apps make a range of connections. Some are fundamental to how the app
>works and are essentially required, like iD's connections to
>OpenStreetMap and imagery providers. Some are superfluous and should
be
>opt-in, like analytics trackers (which iD doesn't have).>
>>
>I see the icon loading as somewhere in the middle. It's not integral
>but it makes the mapping experience better. So my own feeling is that
>it should be turned on by default, but I understand that others may
>come to a different conclusion.>
>>
>For that matter, I don't know why we'd let iD make any connection that
>we're not comfortable turning on by default. But people have different
>comfort levels so it's a tricky issue!>
>>
>-- >
>You are receiving this because you are subscribed to this thread.>
>Reply to this email directly or view it on GitHub:>
>#7040 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
@kathleenlu09 I am writing this response intentionally in the public on GitHub, not by email because I – in the spirit of the Organised Editing Guidelines which have a similar requirement – want to stay this discussion to be transparent because it affects the rights of OpenStreetMap contributors. This is the same checklist without the footnotes but with references to the individual articles of GDPR:
I forgot to mention the following issues and point to keep in mind of the privacy policy:
|
|
@Nakaner iD (the app) does store some data in the user's browser storage, but we (the developers) don't have access to it. Maybe we could make this clearer, because most of your unchecked boxes (like about the period that the data is stored and request for removal) don't make any sense for an app like iD. We don't store or process any users personal data. |
|
It seems that you, @bhousel, did not have the background knowledge I assumed when I wrote my comments above. If a web server writes access logs with IP addresses (and iD's JavaScript code is served by a web server), it store personal data because IP addresses – even those assigned dynamically by your ISP – are personal data. See the decision on that by ECJ for further reference. Given that the configuration of the logging is different on each web server – even if it is just the duration of storage (how Logrotate was configured etc.) – it does not make a lot of sense to have a unique iD Privacy Policy. Instead, iD would be much better if it its developers provided the information to be added to the privacy policy of the organisation deploying iD. |
|
Hi @Nakaner, it appears that you are making some unwarranted or incorrect assumptions. The decision of whether the organization deploying iD wants to incorporate the information about iD into its main privacy policy, or to link to iD's privacy policy, is up to that organization. As iD is an open source project, anyone in the world could choose to deploy it, with or without informing iD's maintainers, and the deployer also chooses how long to store logs, etc., and has the responsibility of noting that in its own privacy policy. |
… master. (#97) * Update address format in China * Add field for `ref:vatin` (close #6880) * Add field for `mapillary` tag (close #7064) * Change Mapillary Photo ID field name to Mapillary Image ID * Add field for `wikimedia_commons` tag (re: #7064) * Add fields to `man_made=petroleum_well` Deprecate `man_made=gas_well` and `man_made=oil_well` * Add terms to several playground presets * Update temaki to v3.2.0 (close #7089) * Update taginfo.json temaki icons endpoints to ideditor repo * Ensure identifier field link button has proper state on init * Add tooltips to mapillary map features layer icons (close #7079) * Fix issue where a new row would not appear last after deleting multiple rows from the raw tag editor (close #7087) * Reload API status automatically when a response indicates a probable change in status (close #6650) Make API status messages more informative (close #7021) Add manual Retry button to "unable to connect" API status message (close #5864) * Fix checkbox alignment and padding (close #7091) * Revalidate after reversing ways via the One Way field * Remove `leisure=social_club` deprecation due to possible mixed usage (re: #6252) * Add licensing information to the ai features dialog. * Update to temaki v3.3.0 (close #7094) * Add "trees" as a search term for Natural Wood and Managed Forest (closes #7097) * User lighter green fill for `golf=green` (closes #7101) This also adds fill styles for the other light-green things like cemetaries vineyards, etc.. For some reason they didn't have fill styles before so only the strokes were being styled light green. * Only show flag country field when flag:type=national (close #7099) * Add unsearchable preset for `demolished:building=yes` (close #7098) Render features with a status prefix in the provisional styles (e.g. dashed outline) * Update to temaki 3.4.0 (close #7102) * Make point markers more circular with larger icons (close #6163) Tweak the grey style of points linked to wikidata * fix issue #7090 An easier way to recreate the issue is by creating two ways of different type then select both and undo one of the lines. This patch removes the removed selected ids from the editor by manipulating _entityIDs in historyChange(). * Fix stale UI when undoing/redoing between single and multiselections (re: #7090) * Taper the point marker shape somewhat (re: #6163) * Revert circular markers (open #6163) * Fix issue #84: Change feature count tracking to operate across AI source types (#85) Fix AI Feature maximum-count-per-changeset logic to include all AI features, not just roads. * Fix performance issue where breathe behavior would be called for each selected element instead of just for the surface (close #3571) * Add `brand` field to more common NSI presets (re: #6507) * Use `tunnel=culvert` on waterways when using the "add a tunnel" crossing ways fix (re: #6617) * Fix mapillary detection selection rendering in Firefox and Safari (close #6804) Fix mapillary feature detection tooltips (re: #7079) * Add `connectivity` preset (close #7105) * Add icon and tooltip for mapillary detected billboards * Don't style untagged multipolygon member lines as area boundaries if they also have belong to non-multipolygon relations (close #6787) * Store selected mapillary image by its key rather than its object Properly sort selected mapillary signs and features above unselected ones * Fix lint warning * Rely more on mapillary selected photo key than photoviewer datum Remove mapillary map feature selection outline when closing photoviewer * Fix code tests to represent moved multipolygon line classes behavior * Update ImproveOSM overlay endpoints for transition to Grab (close #7110) * Add "Ride" to name of `attraction=drop_tower` preset Add terms to various presets * Update to temaki v3.5.0 * For Mapbox Satellite, use the Tiles API way of determining tilesize https://docs.mapbox.com/api/maps/#static-tiles * Update icon for Underground Power Cable preset * Show all OSM entity options when searching for a number without a prefix (close #7112) * Search all downloaded features instead of just visible ones on 2.x (re: #6516, re: 4801404) * Revert c6db769 - back to Raster API (again) The image quality is better from this one * Allow squaring multiple features at once (close #6565) * Rename rendererMap.editable function to more precise rendererMap.editableDataEnabled Make coreContext.editable function also account for whether user is in modeSave * Allow viewing and editing the tags/relations of selected features at any zoom level in 2.x (re: #5001) * Update unsquare way fix annotations * Prevent partial rendering of selection style when showing only selected features at low zooms * Lower matchScore of generic Boundary preset to be below that of the Administrative Boundary preset (close #7118) * Enable zoom-to-center of multiple selected entities (close #6696) * Update shortcut documentation for possibility of zooming multiple selected features * Prevent opening edit menu in wide selection * Fix typo in comment * 2.x: Highlight relation members in yellow when a relation is selected, including in a multi-selection (re: #5766, re: cf29355) * Correctly remove yellow member highlight when removing member from select relation (close #6772) Don't exit select mode when panning selected feature out of view Return false when checking selected IDs and switching between single and multiselect in modeSelect * Implement cleaner solution for removing breathe styling from deselected features * 2.x: Use keyboard styling for shortcuts in tooltips (re: #6574, re: a579e35) * Remove duplicate function * 2.x: Don't render multipolygon members in yellow when the multipolygon is selected (re: #6558, re: 4ab9712) * Cherry pick b45dc7e * Change preferred geometry type for various presets (re: c4a469e) * Update preferred geometry type for several presets * Remove documentation reference to old CSS class * Rename Suggested Hashtags field to just Hashtags * Remove extraneous whitespace * Fix issue where the raw member editor did not have the expected padding (close #7115) * Add Rail Yard preset (re: #7119, re: #6694) * increase width of input field * Fix typo in orthogonalize.too_large.multiple * Fix missing structure tool icons (close #7124) * Fix typo in orthogonalize.too_large.multiple * Add derived data for prior merge * Update generic preset names to be categorical (e.g. "this is a Tourism Feature" instead of "this is a Tourism") * Rename demolished/building preset to represent that it is unsearchable * Add unsearchable preset and field for `disused:railway` (re: #7119) * Fix filename of amenity=karaoke_box preset * Deprecate railway=* + abandoned=yes or disused=yes (close #7119) * 2.x: Make toolbar horizontally scrollable when it overflows (re: #6755, re: 7545f67) Generalize tooltip into popover control Use the same popover control for tooltip as the preset browser and tools list popovers Smartly position the preset browser popover and menu bar tooltips to stay fully onscreen Position most tooltips closer to their controls Fix small gap that could appear between a tooltip and its arrow Allow wider toolbar tooltips * Remove duplicate CSS * Improve popover variable names * Fix issue where the Buildings walkthrough could not be completed * Add hacky fix for left-positioned popovers not appearing correctly on first appearance * Avoid eslint warning for console statements in build scripts * Add Preferences Pane, Third Party Icon toggle, link to policy (re: #7040) * Add privacy policy and link to it (re: #7040) * Update temaki to 3.6.0 * Add preset for waterway=fish_pass * Update name and terms for car sharing and car pooling presets * Update name and terms for car sharing and car pooling presets * Update icons for generic public transport platform presets * es6 preset_icon.js * Don't show denomination field if religion=none (close #7135) * Update marked to 0.8.0 (close #7113) Update fast-json-stable-stringify to 2.1.0 (close #7121) * Remove old, unused implementations of favorite, recent, and search-to-add preset toolbar items * Fix capitalization on some j-bar and t-bar presets * increase width of input field * Add derived data for t-bar preset name change * Use constant width for unsquare building degree threshold input (re: #7126) * Update d3 to v5.14.2 (close #7049) * Update rollup-plugin-visualizer to 3.3.1 (close #7054) * Use foreach instead of for loops for clarity Also rename `loc` to `point` (elsewhere in iD code `loc` is a lon/lat) * Comment routeSegments * Put a changelog in the Privacy Policy * Start the 2.17.0 changelog * Reset `showing-img` class on update selection * Honor the user's third party icon preference * Add privacy policy version check to context and splash screen (closes #7040) A few other minor things in this commit - migrated several ui modal files to ES6 syntax - switched the splash link from ideditor.org -> ideditor.blog * Add "pilates" as search term for "leisure": "fitness_centre" (closes #7137) * Contributing notes on ES6 * Use temaki-beach icon for Coastline preset * Add terms to Cycle Barrier preset * Rename "Firepit" preset to "Fire Pit" and add terms and fields * Add derived data * Add to 2.17.0 changelog * Continue 2.17.0 changelog * Update temaki to v3.7.0 (close #7142) Update icon for bunker presets (close #7139) Update icon for Boat Store and Boatyard presets * Update changelog * Add Carlings to wiki commons logo list * Revert references to the v3 UI in the Keyboard Shortcuts menu Remove unused preset favoriting functionality * Add util function for generating classes/ids from any string * Update derived data * Fix issue where presets with special characters in their names could not be dragged around in the toolbar * Skip loading gravatars if user has third party icons deselected * Sort "Foot Path" and "Cycle Path" above "Cycle & Foot Path" when searching "foot" or "cycle" * Update icon for Water Slide preset * Use typeCombo field for Utility field on Marker presets * update address format in Bolivia * update phone format in Bolivia * Update to temaki v3.8.0 * Show Parking Lot preset ahead of more specific presets in search * Add terms to various lodging presets * Disable operations, copy, and paste during low-zoom selection * Update to name-suggestion-index 3.5.0 (closes #7157) * Properly update undo/redo button tooltips when undoing/redoing (close #6872) * Add new presets for nsi 3.5.0 - craft/cleaning.json - shop/camera.json - shop/flooring.json - shop/pottery.json - shop/tool_hire.json * update address format in Bolivia * update phone format in Bolivia * Update changelog * Update changelog * Update changelog * npm run translations and add Occitan language to Multilingual Name field (close #7156) * npm run imagery * vA.B.C * Revert "vA.B.C" This reverts commit 1e90212. * v2.17.0 * Fix errant CSS * Added peruvian phone format * Add peruvian address for urban and rural areas * Update AU phone format * Fix errant wetland area CSS * Make link to privacy notice in splash screen translatable (closes #7171) * Arabic + Latin Bidi labels * numerals fix * Add natural=geyser preset * Add more fields to the tourism=camp_site preset (close #7169) Add Backcountry Camping Area and Group Camping Area presets Add Hot Water field to the Shower preset Deprecate low usage `showers` tag in favor of `shower` * Add Bottle Filling field to Drinking Water preset * Deprecate low-usage `women` and `men` in favor of `female` and `male` * Fix eslint error (re: #7182) * Added a preset for shop=doors * Remove old layer translations re-added in prior merge * Deprecate entrance=main_entrance (re: #7174) * Add Emergency Exit preset * Update icons for various building presets (re: #7068) * Update Kiosk preset icon (re: #7068) * Update editorconfig for JavaScript syntax * Update icon set URLs in presets readme * Add warnings about duplicate keyboard shortcuts when building translations (close #7185) Update translations * Fix JavaScript error that could cause validation warnings to appear unexpectedly (close #7166) Add code test to account for deprecated tags with no replacement * Make the Churchyard preset unsearchable (re: #7187) * Add terms to cemetery, graveyard, and religious area (re: #7187) * Deprecate various `entrance` values (re: #7174) * Add more fields to leisure presets * Update icons for residential areas * Fix syntax error and standardize indentation from #7159 * Add Baby Nursing Area field (close #7152) * Update D3 to 5.15.0 (close #7191) Update rolup/plugin-buble to 0.21.0 (close #7151) * Add `gambling` field to gambling-related presets (re: #7198) * Filter out values with fewer 10 or fewer uses from combo field suggestions (close #7203) * Make brand preset subtitle normal weight * Remove duplicate Natural Features category entry * Fix ImproveOSM request payload - Seems that the expected payload has changed so now all error types use key "targetIds" - Also includes minor fix so that comments display in the UI immediately * Add Secondhand Clothing Store preset (close #7164) Add Used Car Dealership preset Deprecate clothes=second_hand when used with shop=clothes Co-authored-by: Quincy Morgan <quincylvania@users.noreply.github.com> Co-authored-by: Bryan Housel <bryan@7thposition.com> Co-authored-by: anonomis <simon.landeholm@gmail.com> Co-authored-by: Iman <iriman@users.noreply.github.com> Co-authored-by: Mikkel Kirkgaard Nielsen <memb_github@mikini.dk> Co-authored-by: Marco Antonio <marcoantoniofrias@gmail.com> Co-authored-by: Diego Sangunietti <5572928+sguinetti@users.noreply.github.com> Co-authored-by: Phil Wyatt <tastrax@users.noreply.github.com> Co-authored-by: Nick Doiron <ndoiron@mapmeld.com> Co-authored-by: hikemaniac <31667811+hikemaniac@users.noreply.github.com> Co-authored-by: SilentSpike <silentspike100+Github@gmail.com>
We've been working with @kathleenlu09 from the LWG on a privacy policy for iD which will bring us in compliance with the GDPR. Thank you Kathleen for all your work on this!🙇
Though this work has been ongoing since September and this has been mentioned in other channels and in the LWG minutes, we should have an issue here for visibility too.
The key points for iD will be:
This is also separate from #5017, which is about making any GDPR related changes for the OSM API. Also worth mentioning that this privacy policy wouldn't cover any forks or other instances of iD that handle data differently - such as RapiD or frodrigo/iD. Those organizations will need their own privacy policy.
The text was updated successfully, but these errors were encountered: