On Mon, 2007-02-19 at 12:08 -0600, Mike McGrath wrote: > I've created a first draft of the smolt Privacy Policy. Please note: It > is not a legal document, it's the Infrastructures policy of how we'll be > protecting the information. > > http://hg.fedoraproject.org/hg/hosted/smolt?f=d7efe18be592;file=doc/PrivacyPolicy > > It is also my intention to add package lists in the very near future. I > believe this policy covers that. Please let me know what you think not > just in terms of content but also wording, formatting, etc. > > -Mike Thanks, Mike! I believe there are some regulations we have to contend with that are imposed by the EU. We'll have to get someone from legal involved at some point. That aside, I think what you have is a good start. I would start by listing out what we're collecting, how we connect that to people (or not) and how we're going to use it. And start out with why we're doing it so that people understand our motivation. Or, another way to put it, what is the acceptable use policy for the information and how it affects others. Google's privacy policy is pretty good for its format. (I won't comment about the content.) http://www.google.com/privacypolicy.html The EFF has some decent resources: http://www.eff.org/Privacy/ But that aside, I think that we need to lay down some ground rules for what we want to have as outcomes. Here are my personal views on what we should try to explain in the policy: 1. That we collect information about the hardware you have in your machine as well as things that are connected to your machine. 2. That information is linked with a unique identifier, if the user chooses to provide one. This identifier is only there to determine if a driver breaks or gets better over time. (It's not just about leverage, it's also about quality metrics we can add later.) 3. That unique identifier is never connected to an IP address. 4. Information about hardware is only released to the public in aggregate. That is, we will never release information about a specific users, only about trends and groups of users. 5. That anyone who has access to the raw data that makes up the aggregate will be required to enforce this policy and will not release specific information to the public. --Chris _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
