Re: More diagnostics data from desktop

[J Fernyhough]

On 07/03/18 20:43, Jeremy Bicha wrote:
> Notably, in the very first email in this thread, Will Cooke
> specifically said IP addresses will never be stored with this data. 

That doesn't mean it's not collected and so can be ignored. The
"collected" data must be "processed" to remove the IP address (unless
you can access a TCP/IP-based web service without revealing your IP
address?).


> In my opinion, the basic hardware data collection being proposed is
> completely insufficient to identify people.

Respectfully, GDPR compliance isn't based on opinions. It needs to be
studied and processes implemented to ensure compliance, i.e. it needs to
be taken seriously, even for statistical data:

"(162) Where personal data are processed for statistical purposes, this
Regulation should apply to that processing. Union or Member State law
should, within the limits of this Regulation, determine statistical
content, control of access, specifications for the processing of
personal data for statistical purposes and appropriate measures to
safeguard the rights and freedoms of the data subject and for ensuring
statistical confidentiality. Statistical purposes mean any operation of
collection and the processing of personal data necessary for statistical
surveys or for the production of statistical results. Those statistical
results may further be used for different purposes, including a
scientific research purpose. The statistical purpose implies that the
result of processing for statistical purposes is not personal data, but
aggregate data, and that this result or the personal data are not used
in support of measures or decisions regarding any particular natural
person."

Note that this specifically mentions processing with the result of
aggregate non-personal data.

J



signature.asc
Description: OpenPGP digital signature
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: More diagnostics data from desktop

[J Fernyhough]

(cross-posting because ubuntu-devel is moderated and this may not reach
that list)

On 07/03/18 11:46, Jeremy Bicha wrote:
> What proposed collected data do you think should be considered
> personal data for GPDR purposes?
> 

"What constitutes personal data?

"Any information related to a natural person or ‘Data Subject’, that can
be used to directly or indirectly identify the person. It can be
anything from a name, a photo, an email address, bank details, posts on
social networking websites, medical information, or a computer IP
address." [1]

And more specifically:

"(26) The principles of data protection should apply to any information
concerning an identified or identifiable natural person. Personal data
which have undergone pseudonymisation, which could be attributed to a
natural person by the use of additional information should be considered
to be information on an identifiable natural person. ..."

"(30) Natural persons may be associated with online identifiers provided
by their devices, applications, tools and protocols, such as internet
protocol addresses, cookie identifiers or other identifiers such as
radio frequency identification tags. This may leave traces which, in
particular when combined with unique identifiers and other information
received by the servers, may be used to create profiles of the natural
persons and identify them." [2]

Hence, if you _ever_ record an IP address, you are recording "personal
data" and must be able to demonstrate you are meeting the requirements
of the GDPR **even if you pseudonymise that data**. Given the proposal
extends to storing a full hardware specification it's very easy to see
how that could be used as "additional information" or "other identifiers".


Regarding consent:

"(32) Consent should be given by a clear affirmative act establishing a
freely given, specific, informed and unambiguous indication of the data
subject's agreement to the processing of personal data relating to him
or her, such as by a written statement, including by electronic means,
or an oral statement.

"This could include ticking a box when visiting an internet website,
choosing technical settings for information society services or another
statement or conduct which clearly indicates in this context the data
subject's acceptance of the proposed processing of his or her personal
data. Silence, pre-ticked boxes or inactivity should not therefore
constitute consent.

"Consent should cover all processing activities carried out for the same
purpose or purposes. When the processing has multiple purposes, consent
should be given for all of them. If the data subject's consent is to be
given following a request by electronic means, the request must be
clear, concise and not unnecessarily disruptive to the use of the
service for which it is provided." [2] (Split to highlight central section)


Given the discussion is about about large-scale systematic data
collection Ubuntu/Canonical should also be aware of:

"Does my business need to appoint a Data Protection Officer (DPO)?

"DPOs must be appointed in the case of: (a) public authorities, (b)
organizations that engage in large scale systematic monitoring, or (c)
organizations that engage in large scale processing of sensitive
personal data (Art. 37).  If your organization doesn’t fall into one of
these categories, then you do not need to appoint a DPO." [1]


Essentially, the onus here is on Ubuntu/Canonical to demonstrate any and
all data collection meets the requirements of the GDPR. This is a bigger
issue than most people realise.



References

[1] https://www.eugdpr.org/gdpr-faqs.html
[2] http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679



signature.asc
Description: OpenPGP digital signature
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: More diagnostics data from desktop

[J Fernyhough]

On 15/02/18 10:05, Will Cooke wrote:
> On 14 February 2018 at 18:37, Alistair Buxton  > wrote:
> 
> > * Information from the installation would be sent over HTTPS to a 
> service
> > run by Canonical’s IS team.  This would be saved to disk and sent on 
> first
> > boot once there is a network connection.  The file containing this data
> > would be available for the user to inspect.
> 
> So you ask the user during install. Then the data is sent on first
> boot. At what point can the user inspect the data, given that some of
> it can't be collected until after installation is finished? It seems
> like the first opportunity will be after it has been sent, unless you
> ask the user a second time. So why not just ask them on first boot,
> when you have already gathered all the data? That way user can inspect
> the data there and then before deciding how to answer.
> 
> 
> Yes, I think the first opportunity would be after it has been sent.  I'm
> generally against asking more questions on login though, I think it
> would be clunky.

Am I reading it correctly that you will allow the user to see what data
had been gathered from the system only _after_ it has been sent? That
comes across as needlessly sneaky.

Surely it could be deferred until the after the user has had the
opportunity to agree properly?

As an existing implementation, the Steam client has a perfectly good way
of doing this - it pops up a dialogue box, asks whether it can send
system data, shows the data that would be sent, and explains why it is
useful and why you should consider allowing it.


On 14/02/18 15:22, Will Cooke wrote:
> Any user can simply opt out by unchecking the box, which triggers one
> simple POST stating, “diagnostics=false”.

This doesn't scan right either - you're collecting data about someone
opting out of data collection?


I can see the reasons behind collecting data but let's not make the
collection process needlessly aggressive. That's just going to make
people defensive and find ways of disabling/avoiding it entirely (e.g.
network blocks) instead of considering how it can help Ubuntu in the
long-run.

An overly-aggressive approach also makes it much more difficult for
other projects to implement statistics collection without users equating
it with user tracking/telemetry/spying/etc. and complaining vociferously
(even without any real understanding of what the process means - just
the presence of the words "data collection" is enough to generate an
awful lot of noise).


J



signature.asc
Description: OpenPGP digital signature
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: User Advocacy in Ubuntu

[J Fernyhough]

On 17 December 2013 20:23, Benjamin Kerensa  wrote:
>
> I'm hoping to solicit feedback on this proposal and the idea of having a
> feedback tool built into Ubuntu.
>

(Advance warning: some blunt sentences)

Wasn't this the purpose of Brainstorm, which was closed earlier in the
year? How would an advocacy group produce a different result than
Brainstorm in producing "popular" ideas that are ignored or judged as
against the desired Ubuntu direction?

I'd also suggest a very good place to get feedback would be the Ubuntu
Forums which until recently pointed out that "developers don't read
these forums" - although this text has changed I haven't seen any
developers posting there.

How about consolidating existing aspects rather than perpetuating a
NIH approach?

WRT a "feedback" tool, how about a link to a section on the forum
called - I don't know - "feedback" ? Then others can chime in with
comments, criticisms, refinements, solutions, etc. rather than having
a closed system? Or a dedicated web application with voting system so
popular items can get more exposure - like the old Brainstorm system?
Wait... :D

J

-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel