On Sun, 2009-11-15 at 20:35 -0500, Craig Andrews wrote: > I don't want to see StatusNet get a black eye over this when people > find out about it.
I don't know exactly what data's being collected, but in the UK if an organisation is collecting personally identifiable data, the person needs to be informed: 1. What data is being collected; 2. For what purpose it's being collected; 3. Who will have access to this data, and for how long. And, should the organisation wish to then use the data for a different purpose, or give access to different people, they need to seek and obtain consent from the person. Whatsmore, they are obliged to supply a copy of all data related to a person on the receipt of a written request from that person. (Though the organisation may charge a processing fee of up to £10 to deal with such a request.) Importantly also it is also required for the organisation to obtai8n the person's explicit consent before any of this data can be exported outside the EU. These are requirements of the Data Protection Act (1998) which is the UK implementation of the European Data Protection Directive. [aside: for the most part, the EU can't directly make laws over member states - instead it issues directives which require each member state to implement particular laws. Object-oriented programming analogy - it creates interfaces and requires member states to create classes that implement them.] Therefore it's likely that other EU states have similar requirements. If personally identifiable information is being collected, these legal requirements are very applicable to people running StatusNet instances within the EU; and possibly - IANAL - to people operating services outside the EU which allow EU citizens to access them. -- Toby A Inkster <mailto:[email protected]> <http://tobyinkster.co.uk> _______________________________________________ StatusNet-dev mailing list [email protected] http://lists.status.net/mailman/listinfo/statusnet-dev
