Is telemetry legal in EU? #19910
Replies: 5 comments 8 replies
-
@why-this-code-works and @wojtekxtx to answer your question, it is. The question you've raised was initially addressed by the Storybook maintainers, as a great chunk of them are based in Europe, including myself. So with that in mind, the team spun up the project with that mind and took great lengths not to collect personal information. If both of you check the documentation, more specifically here you'll see no personal information is being collected. Hope I was able to shed some light on the question. Hope both of you have a great weekend |
Beta Was this translation helpful? Give feedback.
-
Seems like Storybook had a bit of an aw shucks, switch-and-bait telemetry play here? Why don't you make it optional, i.e., opt-out? Yes, privacy laws are a big concern here, but also the moral integrity of software development as a whole. Can you imagine working behind a corporate firewall and explaining to your supervisor why your laptop is trying to phone home to an unknown third party every day? Do you provide a privacy policy? How do you handle breaches? Where (physically) is the data stored? Which entities are involved in storing and processing this data? Will this data be shared with third parties? Why do I need to provide an extra environment variable to completely stop Storybook from phoning home and disregarding the intent of the user, setting Re hashing IPv4 addresses: Since there's only 2^32 bit for them, it's not a lot of hashes there? |
Beta Was this translation helpful? Give feedback.
-
Hashed IPv4 addresses are not anonymous, they can be easily enumerated by checking the entire IPv4 space, and then hashing them, and then you have a full rainbow table. This is, quite honestly stupid, the telemetry here cant be proven to not log IP addresses aswell, as the server code isn't opensource, and its also running on your own infrastructure rather then a serverless host with deploy from Git options. |
Beta Was this translation helpful? Give feedback.
-
Is this new feature legal and in compliance with GDPR?
As I understand GDPR, the users' consent is needed to collect this kind of "marketing" data.
In other words, telemetry should be opt-in not opt-out.
Could you please clarify the legal aspects and compliance with the EU laws?
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions