Loomio
May 27th, 2018 15:14

Personal Data Treatment

Ilja Baert
Ilja Baert Public Seen by 337

We created a Personal Data Treatment section on the privacy-policy-wiki-page[1]
This is how we know things to be now.

Are there things that need to change? (Both in text as well as in practice)

[1] https://wiki.pirateparty.be/Pirate_Party_Belgium:Privacy_policy

Valerie D.

Valerie D. May 27th, 2018 19:08

Nice and clear, thanks!
When relevant, I would also mention who has access to the data: For instance, mention that for the Finance only the "treasure keeper" has access, no one else.

HgO

HgO May 27th, 2018 19:28

I've just added "When you register to the wiki" at the beginning of the Wiki section (it sounds clearer to me like that).

For the wordpress, we forgot to talk about the stats plugin. We should investigate to see if the stats are anonymous or not...

@valeried Hmm that's not so easy, because
1. We still have two treasure keepers. Although Toon is not active anymore, he still has access to the data ( @patrickinstalle correct me if I'm wrong )
2. Patrick might delegate the access to the data to people he entrusts...

So I don't really know how to explains all this on the wiki page...

HgO

HgO May 28th, 2018 11:58

In the Finance section

I propose to add :

If provided, we also keep the email for a period of two years.

I also suggest to add a sentence that explains that we show an history of the transactions, but those are anonymized.

It is also unclear how long do we need to keep the transactions. Actually, the funny thing is that I don't think banks are GDPR-compliant, as we couldn't ask them to remove a transaction x) Maybe there is some exceptions for the banks in the GDPR ? :monkey:

On a meta-level, I wonder if it's a good idea to ask people to provide an e-mail address in the transaction. We could for instance create a form on the website to let people subscribe to the GA invitations...

In the Wordpress section

Do we need to say for how long do we keep the personal data ? At the moment, it is : as long as you don't request your mail to be removed :D

Also, in case we forget to send a newsletter, I would suggest to add :

Inactive mail addresses (i.e unsubscribed, bounced and unconfirmed) will be completely removed before sending each monthly Newsletter, or within two months.

Finally, for the stats plugin we have an issue because the personal data are stored in database. Those data are : IP, web browser, operating system, date, page visited before (when available). They seem to be kept forever :(

Ilja Baert

Ilja Baert May 28th, 2018 16:11

@valeried @hgo
I do feel mentioning who has access could help for transparancy as well as give a sense of security (i.e. I know that my data is only accessible by one or very few people) but I'm very reluctant to mention explicitly who has access, even in title, because it's an "attack vector". A bad actor can now easily find who to target in order to break into the system.

Maybe we could add that "access to the (non-anonymised) financial data is kept to a minimum (and will never be shared to 3th parties)". This is general enough so that access can still be delegated to other pirates (and ONLY other pirates) when needed, but clearly states that we do try to keep acces to a minimum.

Then again, this isn't only true for financial data, so maybe we should put it more general? (And maybe again explicitly for financial data, since this is sensitive information?)

Ilja Baert

Ilja Baert May 28th, 2018 16:23

If we can justify two years, then Ok.

I would like not having the email in the payments. It's a data-leak in my opinion + your proposal is less work on the long run ;)

For wordpress, we could make it explicit that we assume that active mailadresses are addresses of people who still want to recieve the newsletter. Unless we want to ask people to 'renew' their subscription very x time, but that seems like to much hassle to me.

I agree with adding the "monthly Newsletter, or within two months."

What's the stats plugin? What does it do? Do we need it/can we remove it?

Ilja Baert

Ilja Baert May 28th, 2018 16:29

I like that the titles link to the respective platforms ^

The Finance could be linked to https://finance.partipirate.be/doku.php?id=public:start
I only have one concern (other then the y-axis not having values on it :thinking: ); Payments are shown with Date, Amount, Initials, Location and Notes. I think we should scratch either Initials or Location. Both seem overkill and adds possibility of identification.

Valerie D.

Valerie D. May 28th, 2018 17:40

ok for me. Just that it sounds as if all this data, whatever type, is accessible to the same people while they are accessible to different ones...

HgO

HgO June 1st, 2018 10:05

If we can justify two years, then Ok.

Supposing we do a GA every year, we would need to keep the email addresses for at least one year. As a GA could occur in January of one year, and another in December the next year, we would need two years to be sure.

Also, you can confirm this by experience : between October 2016 and May 2018, there were just less than two years (because we missed the 2017's GA, but well, it happens).

I'm not sure if we would need to justify ourselves tho, but I wouldn't mind if we do.

I would like not having the email in the payments. It's a data-leak in my opinion + your proposal is less work on the long run ;)

Ok, I'll make a proposal on the test website (or if anyone wants to do that, s·he is welcome)

For wordpress, we could make it explicit that we assume that active mailadresses are addresses of people who still want to recieve the newsletter.

Mmmh could you be more concrete ? I don't see what you mean there :/

Unless we want to ask people to 'renew' their subscription very x time, but that seems like to much hassle to me.

Agreed :p

I agree with adding the "monthly Newsletter, or within two months."

Done

What's the stats plugin? What does it do? Do we need it/can we remove it?

It's just a plugin that makes... stats ' I don't know what to say more, you can see the results there : https://pirateparty.be/wp-admin/index.php?page=cpd_metaboxes

The stats are interesting when we publish a post, to see how well it performs, but otherwise I don't care much.. What is your thought about this plugin @josse and @vanecx ?