Feature: Don't ask for personal data every survey (for the same account/email)

[dzienisz]

Feature: Don't ask for personal data every survey (for the same account/email)

[SachaG]

Interesting idea! But I think there's a high enough chance that people's personal details might change that it makes sense to ask again. It would be nice to offer an option for prefilling, but it's probably not super-high on our roadmap at this point because it would be tricky to do it the right way.

[dzienisz]

Yep, I think pre-filling would be great!

[eric-burel]

I will check how it's done today in our database architecture, but not allowing that removes a lot of burden for us: GDPR doesn't hold for sufficiently anonymized data, for the good reason that there is nothing to protect because we don't manage your personal data/can't link the demographics data of one response with a specific person.

[eric-burel]

Yeah I confirm we don't store anything in the user model, closing for now as won't-do for the reason above. Good suggestion though, we'll keep that in mind if we work on a more complete account system some day.

[dzienisz]

It's interesting because you are data product and people agree to send and publish their data?

[eric-burel]

I am basing my reasoning on paragraph "26" of GDPR preamble (not sure if it's a paragraph or what) but basically it says there is no reason to apply the GDPR for anonymous data, as the anonymisation removes the link between the data and an actual identifiable person.

• Doesn't mean this dispense us from handling the data ethically, just that it's not technically personal data, but more "research data" if you wish.
• GDPR still apply to your user account specifically of course, but it barely has any data so it's easy to handle (a hash of your email, a creation data, that's about it). I am talking about the results here, that currently contains the demographic data.

Given that we hash the email, we really have no idea who said what. Only the user can access their own response back by authenticating to the application. However I don't know if self-access is a breach to anonymisation, I suspect it can be, that's also why I am not 100% sure of what I am saying, so take that with a pinch of salt.

Anyway this boil down to the less data we store about you outside of the question, the less legal stuff and security risks we have to take into account. The data still exists in responses, but when we normalize them we also add another layer of anonymization, using a specific id that is different from the email hash.

Regarding the "data product", data are anonymized and made public, so technically, this is really a "survey" in the purest meaning of the term, we are closer to an academic study than a product.

@SachaG we may want to double check all that

Edit: edited a bit for clarity