On 7/12/23 19:21, Demi Marie Obenour wrote:
1. The GDPR and similar regulations are 100% clear that consent must
be opt-*in*. Opt-*out*, as is proposed here, is not consent.
Therefore, this change is proposing collecting telemetry *without
user’s consent*.
I seems to me that there are two slightly different understanding of
'opt-in':
1. data collection is happening automatically, but there is a way to
'opt-out' and turn it off.
2. the user is asked for permission, and the default answer is
preselected as 'yes'
I think GDPR prohibits the first option, but the second one must be
allowed because it's like pretty much all GDPR-compliant implementations
i've seen
I understand that Michael's Telemetry proposal uses the second method.
Perhaps a criticism of the opt-out approach (even in the second form)
results from people believing that the consent at the installation time
is not fully informed---that somehow people don't understand the
ramifications and amount of data being shared. This is actually makes sense.
Such concern could be mitigated by scheduling a system notification
after several weeks or months, with a rough summary of the collected
data ( 'we shared X anonymized reports about Y,Z and W'), and offering a
link to a telemetry consent dialog.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
