New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Data privacy statement #607

Open
Sliverriver opened this Issue Sep 1, 2017 · 4 comments

Comments

Projects
None yet
4 participants
@Sliverriver
Copy link

Sliverriver commented Sep 1, 2017

general information :

The laws for germany are quite confusing , since the more details law description is more valid then a general law.
At the moment there is the Telemediengesetz, das Telekommunikationsgesetz and the BDSG which are probably replaced in May from a european law for data privacy.

My understanding so far:
If a users signs up for a website then he has to be informed beforehand about the kind of information that is stored about him or that can be linked to him, also he has to be informed if his information is shared with other entities outside the page and which users can see his information.

The information stored needs to be connected to the functionality. There has to be a reason why this information is stored. Example : If you are a store shelling shoes , storing the personal information for each users shoe size is relevant. But if you ask the user for the size of his hand, this would be personal information that doesn't relate to your business and you have no use in storing.

The reason doesn't have to be super important it just has to be logical and in context and understandable for anyone who wants to sign up why you are doing it.

The level of detail for data privacy statements varies and has to be more researched.

Under some conditions you need a data privacy officer

Die Verpflichtung, einen Datenschutzbeauftragten einzusetzen, gilt für:
alle öffentlichen Stellen (§§ 12 ff. BDSG)
alle nicht-öffentliche Stellen – Unternehmen – (§§ 27 ff. BDSG)
mit mehr als neun Mitarbeitern,
die personenbezogene Daten automatisch verarbeiten (§ 4f Abs. 1 BDSG).

--- feature request:
For anyone running the fs tool on their site a user can sign up for the tool. Hence the feature to show different necessary information that the user has to agree on. This should be only modified by someone who is running / hosting the tool and doesn't impact groups or their conditions they come up with.
If this text is changed , every user has to agree to it again on next sign up, or he can't use the tool.

as someone who is running the site / tool you have to take care for yourself to be up-to-date to on any changes on private data laws.

Question - should we fokus on the german laws or try to find orientation right away on the european ones?

@tiltec

This comment has been minimized.

Copy link
Member

tiltec commented Sep 1, 2017

I had a look into Discourse, they offer three places that are admin-editable (per site):

  • Terms of service statement
  • Privacy statement
  • Footer

https://meta.discourse.org/t/disclaimer-section-on-the-about-page/25461

The ToS and Privacy statement are linked in the login window.

Maybe we can more or less copy that approach? We don't have a site admin interface yet though.

@tiltec

This comment has been minimized.

Copy link
Member

tiltec commented Mar 14, 2018

I think @NerdyProjects was interested in drafting a data privacy statement for karrot that we could use on karrot.world (and offer to other people that want to self-host). How do you currently feel about it?

I don't know exactly what requirements it needs to fulfill, but many people are currently talking about GDPR which might become the gold standard for data privacy in the next years: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Separately from the legal concerns, I have the feeling that we should mention the following things:

  • group members have access to your profile data
  • aggregate data (means not personally identifiable) is collected for statistical purposes
  • server admins have full data access
  • user account can be removed, which deletes all profile data but keeps messages & feedback & history activity in anonymized way
@tiltec

This comment has been minimized.

Copy link
Member

tiltec commented Oct 31, 2018

A privacy statement is important for the Play Store too, see #984

@djahnie

This comment has been minimized.

Copy link
Member

djahnie commented Oct 31, 2018

In September I had an online service generate one for us: https://yunity.slack.com/archives/C1P0ECU8G/p1537537866000100

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment