I understand that European externally meta privacy laws are pretty strict, and it would be nice to be able to comply with them. However, that would have a number of nasty side effects.
Not in my understanding - data that is not sorted or processed by name is not covered AFAIK. So simple lists such as bookmarks, forum posts, etc. are not protected. Running stats for performance purposes would not bring the ADB into the arena.
Quote:
and can be very easily compiled into a database which you would have no knowledge of at all.
If someone externally takes bookmarks data they can only analyse it with reference to an editor's username not their real name so it is unlikely to be a legal issue. The issue, internally, is that the data can be cross-referenced (albeit manually) to real names which brings it into scope.
Quote:
Here we have a small group of editors (some of whom aren't actually opposed to the ADB, just mindful that somebody else might be) who have opted to take the devil's advocate approach and employ slippery slope fallacies...
It isn't a devils advocate approach to point out that there may be legal implications regardless of where this database is located if it is more than a list and is to be analysed (other than for maintenance) or processed. You cannot brush that under the carpet IMO but there is a difference in statements about whether it is a simple unsorted list or being processed. I like the database but I don't think it is unreasonable to ask for answers to specific questions nor unconstructive to suggest ways that may allay fears of misuse such as a charter (call it meta guidelines if that takes it away from the lawyers).
Advice and statements in threads have never been a substitute for guidelines, part of the reason for this thread in the first place.
Trying to be constructive, how about for guidelines:
(i) No-one shall access personal data on the Affiliations database except to consider applications for new permissions, to consider the granting or recommendation of new permissions (such as editall), or in the course of an established abuse investigation. The database may also be used to identify affiliated editor(s) where it is necessary to report a problem with a site.
(ii) If challenged by Staff or a meta editor, anyone accessing personal data on the Affiliations database must provide an acceptable reason for that access.
(iii) Staff may run statistical and other queries on the data for the purposes of maintenance and improvement, and also where necessary to identify possible abuse of the data on the Affiliations database.
(iv) Editors are responsible for ensuring the data contained in the Affiliations database is complete, correct and up to date and should make any amendments required.
(v) Breach of privacy as regards the Affiliations database is considered a serious abuse of priviledges and will be dealt with accordingly.
(vi) Where it is found that an editor's privacy has been compromised the affected editor must be fully informed so that they can take whatever remedial actions are possible to minimise damage to their interests.
I am sure that would cover virtually everyone's concerns, from the potential use of the system, to privacy, to the trust thing being two ways (if the editor side is covered by official guidelines so too should be the meta side), to the degreasing of slippery slopes.
