Re: [OSGeo-Discuss] [OSGeo-Conf] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

2015-12-18 Thread Marc Vloemans 
+1 Steven

This proposed solution can help keep the LOC going while others work out a 
proposal. Analysis-paralysis could hamstring our whole organisation for too 
long.

Vriendelijke groet,
Marc Vloemans


> Op 18 dec. 2015 om 23:06 heeft Steven Feldman  het 
> volgende geschreven:
> 
> It looks like we are going to need a privacy policy (data protection etc) and 
> possibly a separate policy on email (the two are not the same).
> 
> I don’t think this something that Conference Committee can or should do. This 
> is definitely one for the Board. I understand that this is an important issue 
> for Maxi and perhaps some other board members so hopefully they can produce 
> draft versions of the policies, publish them on the wiki and then invite 
> comment from the wider community. I doubt this will be simple to resolve 
> given the multiple jurisdictions and cultures that we encompass.
> 
> Hopefully that can be completed in a couple of months but I recognise that 
> these discussions can take a while. In the meantime perhaps including Ian’s 
> simple draft text "by submitting your email address you consent to us sharing 
> your details for the purpose of keeping you informed of future similar 
> events.  You can unsubscribe from these communications at anytime using the 
> unsubscribe links provided.” in our registration forms would be a good stop 
> gap.
> 
> I suggest that we continue to use MailChimp (because it has an unsubscribe 
> capability) and we should avoid sharing any further contact details amongst 
> ourselves or with external bodies until the new policies are in place. 
> 
> Cheers
> __
> Steven
> 
> 
>> On 18 Dec 2015, at 09:40, Massimiliano Cannata 
>>  wrote:
>> 
>> All,
>> I believe the point is not if it was nice or not to receive a message for 
>> being aware of events (that we will be aware in any case thanks to the 
>> social media and mailing lists) but rather if it is appropriate (or even 
>> legal?) perform these unsolicited mail campaign and the sharing of these 
>> data among person on private and non-regulated way.
>> We all know that having the data, it doesn't mean having the right to 
>> distribute it to 3rd party.
>> 
>> @Ian: I also don't think a single line of acknowledgement while registering 
>> cover the issue. 
>> For instance your proposal of a "non-active OPT-IN" it seems to me not in 
>> line with the EU regulation discussed in these days here (but i'n not a 
>> lawyer):
>> http://www.europarl.europa.eu/news/en/news-room/20151217IPR08112/New-EU-rules-on-data-protection-put-the-citizen-back-in-the-driving-seat
>> (thanks Helli for the link!)
>> 
>> 
>> I request, and will add in the next board meeting agenda, to have a deeper 
>> discussion and agreement at OSGeo level.
>> Because I think that the privacy protection is a matter larger then the 
>> FOSS4G only and is of concern to the whole OSGeo community as it may apply 
>> to several cases.
>> 
>> I feel that OSGeo shall define like for the Code of Conduct a Privacy Policy 
>> that applies all over the community and that members shall agree to follow 
>> when they participate in the community.
>> 
>> 
>> my 0.1 cent,
>> Maxi
>> 
>> 
>> 
>> 
>> 
>> 
>> 2015-12-18 10:00 GMT+01:00 Ian Edwards :
>>> I support Paul and Steven's approach (and thank them for their actions to 
>>> help keep the community aware of events) -- but I think it's also certainly 
>>> the case that there is always a set of people on our mailing lists who have 
>>> a strong preference that their details are not shared in a way they do not 
>>> agree to up front - In fact, I'm sure we would all include ourselves in 
>>> this category as the type of "spam" we may receive becomes less relevant to 
>>> our interests.
>>> 
>>> Another way to reach a constructive outcome may be to discuss on the 
>>> conference dev list an update to the FOSS4G Handbook/Cookbook with 
>>> guidelines on opting out when submitting your details.  My preference would 
>>> be a statement that does not require a lot of effort from our volunteer 
>>> organisers, something like:
>>> 
>>> "by submitting your email address you consent to us sharing your details 
>>> for the purpose of keeping you informed of future similar events.  You can 
>>> unsubscribe from these communications at anytime using the unsubscribe 
>>> links provided."
>>> 
>>> 
>>> ===
>>> Ian Edwards
>>> 
>>> 
 On Thu, Dec 17, 2015 at 10:28 PM, Cameron Shorter 
  wrote:
 Hi Maxi,
 I love the constructive research that you have started here.
 
 Email privacy was not as topical when foss4g email lists started getting 
 collected, and tracing technologies such as mail chimp were as assessable 
 as mail chimp is now. So we are right to retrospectively develop our 
 policy in this area.
 
 If you are up for it, I suggest following a similar process to what we did

Re: [OSGeo-Discuss] [OSGeo-Conf] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

2015-12-18 Thread Jody Garnett 
To add another 5 cents (Canada no longer has pennies) - this tension is
felt by the projects (with the devel and user lists). We occasionally have
to step in and ask that job postings and the like be moved else where.

Thanks for framing this is perspective with code of conduct.
On Fri, Dec 18, 2015 at 7:34 AM Marc Vloemans 
wrote:

> +1 Steven
>
> This proposed solution can help keep the LOC going while others work out a
> proposal. Analysis-paralysis could hamstring our whole organisation for too
> long.
>
> Vriendelijke groet,
> Marc Vloemans
>
>
> Op 18 dec. 2015 om 23:06 heeft Steven Feldman  het
> volgende geschreven:
>
> It looks like we are going to need a privacy policy (data protection etc)
> and possibly a separate policy on email (the two are not the same).
>
> I don’t think this something that Conference Committee can or should do.
> This is definitely one for the Board. I understand that this is an
> important issue for Maxi and perhaps some other board members so hopefully
> they can produce draft versions of the policies, publish them on the wiki
> and then invite comment from the wider community. I doubt this will be
> simple to resolve given the multiple jurisdictions and cultures that we
> encompass.
>
> Hopefully that can be completed in a couple of months but I recognise that
> these discussions can take a while. In the meantime perhaps including Ian’s
> simple draft text *"by submitting your email address you consent to us
> sharing your details for the purpose of keeping you informed of future
> similar events.  You can unsubscribe from these communications at anytime
> using the unsubscribe links provided.”* in our registration forms would
> be a good stop gap.
>
> I suggest that we continue to use MailChimp (because it has an unsubscribe
> capability) and we should avoid sharing any further contact details amongst
> ourselves or with external bodies until the new policies are in place.
>
> Cheers
> __
> Steven
>
>
> On 18 Dec 2015, at 09:40, Massimiliano Cannata <
> massimiliano.cann...@supsi.ch> wrote:
>
> All,
> I believe the point is not if it was nice or not to receive a message for
> being aware of events (that we will be aware in any case thanks to the
> social media and mailing lists) but rather if it is appropriate (or even
> legal?) perform these unsolicited mail campaign and the sharing of these
> data among person on private and non-regulated way.
> We all know that having the data, it doesn't mean having the right to
> distribute it to 3rd party.
>
> @Ian: I also don't think a single line of acknowledgement while
> registering cover the issue.
> For instance your proposal of a "non-active OPT-IN" it seems to me not in
> line with the EU regulation discussed in these days here (but i'n not a
> lawyer):
>
> http://www.europarl.europa.eu/news/en/news-room/20151217IPR08112/New-EU-rules-on-data-protection-put-the-citizen-back-in-the-driving-seat
> (thanks Helli for the link!)
>
>
> I request, and will add in the next board meeting agenda, to have a deeper
> discussion and agreement at OSGeo level.
> Because I think that the privacy protection is a matter larger then the
> FOSS4G only and is of concern to the whole OSGeo community as it may apply
> to several cases.
>
> I feel that OSGeo shall define like for the Code of Conduct a Privacy
> Policy that applies all over the community and that members shall agree to
> follow when they participate in the community.
>
>
> my 0.1 cent,
> Maxi
>
>
>
>
>
>
> 2015-12-18 10:00 GMT+01:00 Ian Edwards :
>
>> I support Paul and Steven's approach (and thank them for their actions to
>> help keep the community aware of events) -- but I think it's also certainly
>> the case that there is always a set of people on our mailing lists who have
>> a strong preference that their details are not shared in a way they do not
>> agree to up front - In fact, I'm sure we would all include ourselves in
>> this category as the type of "spam" we may receive becomes less relevant to
>> our interests.
>>
>> Another way to reach a constructive outcome may be to discuss on the 
>> conference
>> dev
>> 
>> list an update to the FOSS4G Handbook
>> /Cookbook
>> with guidelines on opting out when submitting your details.  My preference
>> would be a statement that does not require a lot of effort from our
>> volunteer organisers, something like:
>>
>> "by submitting your email address you consent to us sharing your details
>> for the purpose of keeping you informed of future similar events.  You can
>> unsubscribe from these communications at anytime using the unsubscribe
>> links provided."
>>
>>
>> ===
>> Ian Edwards
>>
>>
>> On Thu, Dec 17, 2015 at 10:28 PM, Cameron Shorter > .shor...@gmail.com> wrote:
>>
>>> Hi Maxi,
>>> I love the constructive

Re: [OSGeo-Discuss] [OSGeo-Conf] OSGeo Privacy Policy: [was FOSS4GNA - Someone is watching you :-o]

2015-12-18 Thread Steven Feldman 
It looks like we are going to need a privacy policy (data protection etc) and 
possibly a separate policy on email (the two are not the same).

I don’t think this something that Conference Committee can or should do. This 
is definitely one for the Board. I understand that this is an important issue 
for Maxi and perhaps some other board members so hopefully they can produce 
draft versions of the policies, publish them on the wiki and then invite 
comment from the wider community. I doubt this will be simple to resolve given 
the multiple jurisdictions and cultures that we encompass.

Hopefully that can be completed in a couple of months but I recognise that 
these discussions can take a while. In the meantime perhaps including Ian’s 
simple draft text "by submitting your email address you consent to us sharing 
your details for the purpose of keeping you informed of future similar events.  
You can unsubscribe from these communications at anytime using the unsubscribe 
links provided.” in our registration forms would be a good stop gap.

I suggest that we continue to use MailChimp (because it has an unsubscribe 
capability) and we should avoid sharing any further contact details amongst 
ourselves or with external bodies until the new policies are in place. 

Cheers
__
Steven


> On 18 Dec 2015, at 09:40, Massimiliano Cannata 
>  wrote:
> 
> All,
> I believe the point is not if it was nice or not to receive a message for 
> being aware of events (that we will be aware in any case thanks to the social 
> media and mailing lists) but rather if it is appropriate (or even legal?) 
> perform these unsolicited mail campaign and the sharing of these data among 
> person on private and non-regulated way.
> We all know that having the data, it doesn't mean having the right to 
> distribute it to 3rd party.
> 
> @Ian: I also don't think a single line of acknowledgement while registering 
> cover the issue. 
> For instance your proposal of a "non-active OPT-IN" it seems to me not in 
> line with the EU regulation discussed in these days here (but i'n not a 
> lawyer):
> http://www.europarl.europa.eu/news/en/news-room/20151217IPR08112/New-EU-rules-on-data-protection-put-the-citizen-back-in-the-driving-seat
>  
> 
> (thanks Helli for the link!)
> 
> 
> I request, and will add in the next board meeting agenda, to have a deeper 
> discussion and agreement at OSGeo level.
> Because I think that the privacy protection is a matter larger then the 
> FOSS4G only and is of concern to the whole OSGeo community as it may apply to 
> several cases.
> 
> I feel that OSGeo shall define like for the Code of Conduct a Privacy Policy 
> that applies all over the community and that members shall agree to follow 
> when they participate in the community.
> 
> 
> my 0.1 cent,
> Maxi
> 
> 
> 
> 
> 
> 
> 2015-12-18 10:00 GMT+01:00 Ian Edwards  >:
> I support Paul and Steven's approach (and thank them for their actions to 
> help keep the community aware of events) -- but I think it's also certainly 
> the case that there is always a set of people on our mailing lists who have a 
> strong preference that their details are not shared in a way they do not 
> agree to up front - In fact, I'm sure we would all include ourselves in this 
> category as the type of "spam" we may receive becomes less relevant to our 
> interests.
> 
> Another way to reach a constructive outcome may be to discuss on the 
> conference dev 
> 
>  list an update to the FOSS4G Handbook 
> /Cookbook 
> with guidelines on opting out when submitting your details.  My preference 
> would be a statement that does not require a lot of effort from our volunteer 
> organisers, something like:
> 
> "by submitting your email address you consent to us sharing your details for 
> the purpose of keeping you informed of future similar events.  You can 
> unsubscribe from these communications at anytime using the unsubscribe links 
> provided."
> 
> 
> ===
> Ian Edwards
> 
> 
> On Thu, Dec 17, 2015 at 10:28 PM, Cameron Shorter  > wrote:
> Hi Maxi,
> I love the constructive research that you have started here.
> 
> Email privacy was not as topical when foss4g email lists started getting 
> collected, and tracing technologies such as mail chimp were as assessable as 
> mail chimp is now. So we are right to retrospectively develop our policy in 
> this area.
> 
> If you are up for it, I suggest following a similar process to what we did 
> for getting the OSGeo Code of Conduct in place.
> 1. Research best practice policies. Find one that meets OSGeo