WordPress Privacy Policy (draft)

[Brad]

I can understand Mark's and other WP people's point of view and really appreciate his participation and insight but it seems to error on the side of WordPress.org' needs (which is completely understandable).

Others like myself believe that the users choice should trump the needs of WordPress if it involves data that many would consider private. I would guess most WP users are not developers, don't even know what PHP is and would be very hesitant about editing a file. A simple opt out would be great. Stats would not be gathered from those sites so they couldn't game the system. Overall it would have a negligible affect on the information WP needs.

Lynn Pope (Elpie)'s blog has a nice write up on this topic and some good comments from Mark Jaquith and others below it:

http://lynnepope.net/wordpress-privacy

[Jeffro]

If at least what mark proposed as something he would be for in the last comment in that post actually happened, that would go a long way in ending most of the discussion surroundng the issue. I'd be happy to move on if It happened.

[chipbennett]

I think we now should stand back a little (at least some days). Matt has made some very reasonable comments and to me they signal that there is a possibility for dialogue.

Privacy policies aren't written over night and because of Automattic's sponsorship (and hosting), Matt's ownership of the domain (and his footer link), I think it is nothing more than reasonable now to allow them to make the first step. At the end of the day they are the ones who get sued if and also we do not know if there will be a WordPress Foundation and how far those plans have evolved already.

Matt has shown with his comments, and also in the past, that he can be considerate and AFAIK he is the first one to admit that he isn't perfect. Personally I think that there is a possibility to dialogue now and tbh. it wouldn't surprise me if Matt would himself get advise from the EFF/SFLC.
If not, we have to continue being 'watchdog' and might have to request advice from these organisations ourselves.

Indeed, that is the likely next step. At least with Matt's most recent comments, there seems to be some movement toward implementing an acceptable form of disclosure. This attempt at drafting a WordPress Privacy Policy was started toward that end. I can't write code (very well, if at all), but this is something I can do. Once it's polished up and thrown "over the wall" (e.g. put up on Trac), what is done with it is out of our control. But, we will have made the effort.

As for the draft itself? It's scary. Scary when read by Joe Average.
What do I mean?

Of course privacy is a serious topic, but a policy should not scare off. This one does because it is focused way too much on 'WP does this', not what happens with the data and reassuring the user that data will not be used for anything else (than improve the platform).

To be frank, legal requirements and general propriety take precedence over the fragile sensitivities of "Joe Average" in this instance.

Besides, which is more scary: a clear statement of what data are transmitted and what is done with those data, or the situation we have currently, where data transmission and retention are bandied about across several internet media, with no clear statement?

Aren't far more people currently ill-at-ease, as compared with the circumstance in which such a privacy policy exists, and is disclosed to every WordPress user?

The draft Privacy Policy is focused on what WordPress (and api.wordpress.org) does with user data, because that's the point of a privacy policy: how the involved entity handles user data.

Have you read the Firefox privacy policy? Do you find it to be scary?

Read it, and then re-read this one. They should appear to be awfully similar, because I used that one as the starting point for this one.

If this one appears to be more scary than the Firefox privacy policy, perhaps the reason is that considerably more user data are involved here.

Explanation: Yesterday I promoted the option of adding a line above the Install button

WordPress does send data to help us improve the platform/software to wp.org. Read more [insert link to /privacy-policy.php here]here[/end link], where you can also opt-out of this process'

This would also be shown in the dashboard upon first login (for those who installed via Fantastico)

After some sleep on this, I think this is 'too offensive' and would rather go for something along these lines.

To help us improve the platform/software WP does check for newer version on a regular base. You can read more about this process and cancel your participation to this here

But this new statement is misleading. "[Checking] for newer version" does not "help us improve the platform/software". Further, there is nowhere that a user can click to "cancel...participation".

To say "WordPress does send data" (as in your original statement) is not scary. It is required disclosure for transmission of user data to a third party.

We need this Privacy Policy and opt-out possibility but at the same time I think it is important that WP maintains this 'human face/factor' and stays a friendly platform. Most people really don't care actually and those who do, they will click the link and read.

I would favor something like the following:

WordPress periodically sens certain user data to api.wordpress.org in order to perform update checks and to help improve WordPress products and support. See the WordPress Privacy Policy for more information.

Clear, concise, and to the point. Not scary.

Disclaimer: I do know that in some countries this one line would not be sufficient but at least it's a first step.

Considering that WordPress consulting exists outside the US, and that WordPress is used outside the US - in several cases, in just such jurisdictions for which the one line would not be sufficient, that's a non-trivial disclaimer, no?

[chipbennett]

I can understand Mark's and other WP people's point of view and really appreciate his participation and insight but it seems to error on the side of WordPress.org' needs (which is completely understandable).

Others like myself believe that the users choice should trump the needs of WordPress if it involves data that many would consider private.

And this is distilled one of the critical differences of viewpoint.

Unfortunately, according to industry standard, the prevailing viewpoint is wrong. User data belong to the user, and good behavior requires disclosure and an opt-out mechanism for transmission of user data to third parties.

The nature of the data ("public", "private", "personally identifiable", "anonymous", etc.) is entirely irrelevant. The only salient point is that the data belong to the user.

I have yet to see Matt or Mark address this point.

I would guess most WP users are not developers, don't even know what PHP is and would be very hesitant about editing a file. A simple opt out would be great. Stats would not be gathered from those sites so they couldn't game the system. Overall it would have a negligible affect on the information WP needs.

That is certainly the ideal (and, in my opinion, opt-out of data retention is a requirement).

I understand, though, that coding changes will be required to separate data transmitted/used solely for update checks, and data transmitted for retention/aggregation, since those data sets overlap. A single data array (as is currently sent) would no longer be sufficient.

So, it will require a bit of work to sort it out properly. But it's still the right thing to do.

[chipbennett]

If at least what mark proposed as something he would be for in the last comment in that post actually happened, that would go a long way in ending most of the discussion surroundng the issue. I'd be happy to move on if It happened.

It would also cause the issue to disappear almost entirely for me, too - provided that the linked privacy policy is explicit (such as the one drafted here), and directly relating to WordPress, rather than just a link to the WordPress.org privacy policy (which, in terms of disclosing WordPress user data transmission, is insufficient, IMHO).

Such a privacy policy would resolve most issues for me personally, as I consent to my WordPress user data being retained and aggregated in the manner, and for the purposes, described.

However, in order to resolve the issue fully, a mechanism to opt out of data retention needs to be provided.

(I've conceded the point of providing mechanisms in core for opting out of update checks, as I don't believe they pose a privacy risk, and understand the argument for requiring such mechanism being implemented via plugin.)

[Brad]

Wanted to post this in both threads as its relevant:
http://lynnepope.net/data-wordpress-sends

[ifranky]

To be frank, legal requirements and general propriety take precedence over the fragile sensitivities of "Joe Average" in this instance.

Besides, which is more scary: a clear statement of what data are transmitted and what is done with those data, or the situation we have currently, where data transmission and retention are bandied about across several internet media, with no clear statement?

Aren't far more people currently ill-at-ease, as compared with the circumstance in which such a privacy policy exists, and is disclosed to every WordPress user?

Only a very small number of people read privacy policies. The use of incorrect wording upon first login/installation could result in people deciding not to use the platform as they can not be bothered to read legalese. Although (and I repeat) I am 200% pro changing the actual status, last we want make people hesitate more to use the platform.

What we are trying to obtain is rather revolutionary compared to other software: add a clear line upon install. Think about it. What does other software most of the time do? Use a EULA during the install process, who reads those (congrats if you are one of the probably 0.02%).
As Matt said, it takes a lot of perseverance to find the Firefox one (especially for Matt I have to add a reference to John Mayer's sound engineer here ;))

We are trying to have a mention on first page and when it comes to the point I am all about reducing UX clutter.

But this new statement is misleading. "[Checking] for newer version" does not "help us improve the platform/software". Further, there is nowhere that a user can click to "cancel...participation".

IANAL. I want Joe Average to be the person we write for. S&P 500 companies? Yeah they will first ask their legal department anyway before deciding upon a platform. Expand the actual Privacy Policy on WP.org with as much as legalese as you want and add a link to it 'somewhere'. Case closed, see Firefox example.

We ask for more.

"click to cancel participation". D'uh, of course there is not but isn't that what we are trying to obtain? So in the case the 'oneliner' comes there should be one (also: I think it would be not too hard to discover that I referred to previously mentioned "[insert link to privacy policy here]"
It's difficult. It's about trying to find the middle being being a welcoming platform, software to use and going all legalese on someone. The latter is why privacy advocates are usually not liked, because they only storm head forward, and often Joe Average even doesn't have a clue what they are on about. It's why it were tech journalists and bloggers who managed to raise the awareness about privacy issues on Facebook. Not lawyers.
Sure, they might only have changed because there have been several complaints, but if it weren't for the buzz in the media no one would have noticed and/or bothered (again only speaking about "Joe Average", probably not most people involved in this thread)

To say "WordPress does send data" (as in your original statement) is not scary. It is required disclosure for transmission of user data to a third party.

Not to you, not to me. Most people though still live in the era where 'sending data' is similar to their PayPal data being phished. And it's a good thing that they think like that because too many phishers are out there and too many people still get caught. That 'paranoia' first must be maintained before we can push to a next level. Lowest common factor is who we have to think of and write for.

I would favor something like the following:

WordPress periodically sens certain user data to api.wordpress.org in order to perform update checks and to help improve WordPress products and support. See the WordPress Privacy Policy for more information.

Clear, concise, and to the point. Not scary.

You're a better author than I am. :)

Considering that WordPress consulting exists outside the US, and that WordPress is used outside the US - in several cases, in just such jurisdictions for which the one line would not be sufficient, that's a non-trivial disclaimer, no?

I in principle agree with all your replies and again, agreed. But it would be a first step. Besides, when I log in to Eopen I see 2 different versions of Windows XP Professional 32Bit: standard and 'N'. It still is left to the user to know/decide that I am in Europe and the EU required a version without Windows Media Player. Maybe the team could decide to go a similar path as the platform continues to grow and becomes more popular. Who knows, their decision.

Right now, I am pro change. Every step is an improvement.

Then we'll look at what is needed next. ;)

[chipbennett]

Only a very small number of people read privacy policies. The use of incorrect wording upon first login/installation could result in people deciding not to use the platform as they can not be bothered to read legalese. Although (and I repeat) I am 200% pro changing the actual status, last we want make people hesitate more to use the platform.

What we are trying to obtain is rather revolutionary compared to other software: add a clear line upon install. Think about it. What does other software most of the time do? Use a EULA during the install process, who reads those (congrats if you are one of the probably 0.02%).
As Matt said, it takes a lot of perseverance to find the Firefox one (especially for Matt I have to add a reference to John Mayer's sound engineer here ;))

We are trying to have a mention on first page and when it comes to the point I am all about reducing UX clutter.



IANAL. I want Joe Average to be the person we write for. S&P 500 companies? Yeah they will first ask their legal department anyway before deciding upon a platform. Expand the actual Privacy Policy on WP.org with as much as legalese as you want and add a link to it 'somewhere'. Case closed, see Firefox example.

We ask for more.

I think the burden here is on WordPress to provide clear, concise disclosure. Will more than 5% of people who install WordPress bother to read the disclosure? Probably not - but WordPress will have done its part with repsect to disclosure.

So, Joe Average probably won't read it in the first place.

But, even if he does, the disclosure will only seem "scary" if the amount of data being transmitted is itself "scary". (I don't think it reaches that threshold; reasonable minds may disagree.)

"click to cancel participation". D'uh, of course there is not but isn't that what we are trying to obtain? So in the case the 'oneliner' comes there should be one

Ideally? Of course.

But, at least in this thread, I'm trying to present information that is accurate according to current practice. So, unless and until a data-retention opt-out is implemented, there is really no need to discuss wording/placement of that opt-out.

(also: I think it would be not too hard to discover that I referred to previously mentioned "[insert link to privacy policy here]"

Not sure of your point on this one. I think we're in agreement on linking to the Privacy Policy?

It's difficult. It's about trying to find the middle being being a welcoming platform, software to use and going all legalese on someone.

But, the legalese has to exist somewhere, because transmission/retention of user data is a legal concern.

Is it possible to paraphrase the legalese for readability for Joe Average? Of course - but such paraphrase doesn't preclude the existence of the legalese.

In fact, I would say that the one/two line blurb presented during installation (at least, as discussed in this thread) would qualify as just such a paraphrase.

[ifranky]

Agreed on every level. We both want the same just look at things from a slightly different angle.

The Senior Contract Lawyer who sits at the other end of the table here, she wants more legalese though, even in the 'one-liner' we propose. I guess it's good she doesn't use WP, I now told her to analyse the Myspace privacy policy and shut up (she uses MS for her music band) :D