smolt privacy policy
Christopher Blizzard
blizzard at redhat.com
Wed Feb 21 03:19:22 UTC 2007
On Mon, 2007-02-19 at 12:08 -0600, Mike McGrath wrote:
> I've created a first draft of the smolt Privacy Policy. Please note: It
> is not a legal document, it's the Infrastructures policy of how we'll be
> protecting the information.
>
> http://hg.fedoraproject.org/hg/hosted/smolt?f=d7efe18be592;file=doc/PrivacyPolicy
>
> It is also my intention to add package lists in the very near future. I
> believe this policy covers that. Please let me know what you think not
> just in terms of content but also wording, formatting, etc.
>
> -Mike
Thanks, Mike! I believe there are some regulations we have to contend
with that are imposed by the EU. We'll have to get someone from legal
involved at some point.
That aside, I think what you have is a good start. I would start by
listing out what we're collecting, how we connect that to people (or
not) and how we're going to use it. And start out with why we're doing
it so that people understand our motivation. Or, another way to put it,
what is the acceptable use policy for the information and how it affects
others.
Google's privacy policy is pretty good for its format. (I won't comment
about the content.)
http://www.google.com/privacypolicy.html
The EFF has some decent resources:
http://www.eff.org/Privacy/
But that aside, I think that we need to lay down some ground rules for
what we want to have as outcomes. Here are my personal views on what we
should try to explain in the policy:
1. That we collect information about the hardware you have in your
machine as well as things that are connected to your machine.
2. That information is linked with a unique identifier, if the user
chooses to provide one. This identifier is only there to determine if a
driver breaks or gets better over time. (It's not just about leverage,
it's also about quality metrics we can add later.)
3. That unique identifier is never connected to an IP address.
4. Information about hardware is only released to the public in
aggregate. That is, we will never release information about a specific
users, only about trends and groups of users.
5. That anyone who has access to the raw data that makes up the
aggregate will be required to enforce this policy and will not release
specific information to the public.
--Chris
More information about the fedora-advisory-board
mailing list