ArchWiki talk:Privacy policy

Meaning of "Arch Linux"

In Arch Linux, we describe "Arch Linux" as a software distribution, but in this document it's more like the aggregate of the related web services. Should we say it explicitly? -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

Should we list exactly and comprehensively which services this policy covers? -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

Arch Linux is the non-profit incorporated under Software in the Public Interest. Any and all services we provide would be subject to the policy. Jasonwryan (talk) 00:57, 4 March 2019 (UTC)

Legal liability

Who is legally responsible in case of violations? -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

Arch Linux :) (see above) Jasonwryan (talk) 00:58, 4 March 2019 (UTC)

Public information

From User:Jasonwryan/Privacy Policy#Public forums reminder, "Please remember that any information that is disclosed in these areas becomes public information". Should we define "public information" (also mentioned in User:Jasonwryan/Privacy Policy#Your rights under GDPR in the EEA) and clarify that the posting user is the sole responsible subject for any consequences derived from leaking personal information in those areas? ArchMap/List is a notable case. -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

I was about to add that the wiki (or at least its talk pages) should be added to the first sentence which lists the forums providing public information, but on second thought, it might be easily confused with content released into the public domain. So I think that proper definition of "public information" is really needed. -- Lahwaacz (talk) 19:00, 3 March 2019 (UTC)

I don't see a need to: public information is the opposite of personal/private. Content posted to the boards, wiki, MLs etc., constitutes public information. Jasonwryan (talk) 19:50, 3 March 2019 (UTC)

OK this seems clear enough, closing. -- Lahwaacz (talk) 08:01, 25 October 2020 (UTC)

Jurisdiction

From User:Jasonwryan/Privacy Policy#Sharing your personal data, "As required by law": law of what country or countries? -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

The country where Arch can be served, ie., US. Jasonwryan (talk) 19:51, 3 March 2019 (UTC)

Rights under GDPR

From User:Jasonwryan/Privacy Policy#Your rights under GDPR in the EEA:

"especially when you access the website": we have several web services, see also #Meaning of "Arch Linux", I wouldn't call it a "website". -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

This will be solved in the Gitlab version. -- Lahwaacz (talk) 08:52, 25 October 2020 (UTC)

"subject to some limitations": should we expand on the limitations? -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

No - that would be too exhaustive. Jasonwryan (talk) 19:53, 3 March 2019 (UTC)

"Please understand, however, the rights enumerated above are not absolute in all cases": what does "not absolute in all cases" mean? -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

See above :) Jasonwryan (talk) 19:53, 3 March 2019 (UTC)

Notice of changes

User:Jasonwryan/Privacy Policy#Changes to this Privacy Policy: should we include an effective date in the document? Should we define how much of a notice will we give before "material changes" take effect? -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

I had one in originally, and then thought that the wiki will automagically capture this anyway. Perhaps we should include Last Formal Revision? Or Last Major? Jasonwryan (talk) 19:54, 3 March 2019 (UTC)

Storage security

User:Jasonwryan/Privacy Policy#Our commitment to data security: should we describe also where and how securely personal data is stored, not only transferred from the clients? -- Kynikos (talk) 18:04, 3 March 2019 (UTC)

This will be improved in the Gitlab version. -- Lahwaacz (talk) 08:53, 25 October 2020 (UTC)

Sharing your personal data

In User:Jasonwryan/Privacy Policy#Sharing your personal data, the third point on "research activities" should explicitly mention anonymization or pseudonymization (assuming that's true of course). -- Lahwaacz (talk) 18:54, 3 March 2019 (UTC)

Vague language in "Cookies and other browser information"

"you must understand that the use of cookies may be necessary to provide certain services, and choosing to reject cookies will reduce the performance and functionality of the site" is very vague. It should at least give some examples, otherwise it sounds more like FUD trying to dissuade users from choosing not to provide data to the maintainers (which impression is also supported earlier in the same section where all cookie uses named are really for data collection, not functionality directly beneficial to the users). Stepnem (talk) 12:38, 19 July 2019 (UTC)

I have made it clear we only use cookies for persistent logins (1). Jasonwryan (talk) 03:38, 20 July 2019 (UTC)

Thanks, but I don't see how your edit made anything clearer: there's no mention of persistent logins in (1), and what about (2) and (3)? Are those not true? If "we only use cookies for persistent logins" is true, why not just say so explicitly and delete all three items, as they would make no sense in that case? Even if your sentence above is actually to be interpreted as "as far as services of direct benefit to users are concerned (i.e., other than data collection), we only use cookies for persistent logins", your edit hasn't made that clear. Please be explicit. How about at least changing "However, you must understand that the use of cookies may be necessary to provide certain services (see 1. above), and choosing to reject cookies will reduce the performance and functionality of the site." to "You will not be able to use the persistent login functionality in that case."? Stepnem (talk) 07:54, 20 July 2019 (UTC)

As far as I am concerned, it is clear. The cookies are used for three reasons, the first of which is the only one that is relevant to a degradation in user functionality if cookies are disabled. Jasonwryan (talk) 08:02, 20 July 2019 (UTC)

As far as I am concerned, it is clear. That's great, but I don't think you are the target audience of the article. 'Remind us of who you are and to access your account information (stored on our computers) in order to provide a better and more personalized service. This cookie is set when you register or "sign in" and is modified when you "sign out" of our services.' If this is equivalent to "we only use cookies for persistent logins" my English must be failing me, but if so, why not use the shorter version directly? Stepnem (talk) 08:27, 20 July 2019 (UTC)

I too think it is sufficiently clear. This is a legal document which describes what Arch services do in general, not the exact behaviour of each and every Arch service. The latter would be too long, equally "vague" and we would have to update it each time the functionality of Arch websites is changed. Closing. -- Lahwaacz (talk) 08:35, 25 October 2020 (UTC)

Superseded

Once https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/93 is merged , the official privacy policy will be https://gitlab.archlinux.org/archlinux/service-agreements/-/blob/master/privacy-policy.md.

We will need to:

1. Create an interwiki prefix for https://gitlab.archlinux.org/archlinux/service-agreements/-/blob/master/ with forwarding enabled. Already done: archlinux-service-agreements:.
2. Edit MediaWiki:Privacypage and change it to archlinux-service-agreements:privacy-policy.md.
3. Edit ArchWiki:Privacy policy and redirect it to archlinux-service-agreements:privacy-policy.md: #redirect [[archlinux-service-agreements:privacy-policy.md]]

-- nl6720 (talk) 11:27, 29 September 2020 (UTC)