Suggested improvements based on privacy assessment

[lammel-hub]

Is your feature request related to a problem? Please describe. Based on previous discussion in #93 re RVS, I see that the current privacy policy is not fully up to date, and that users lack informed consent in some cases.

Describe the solution you'd like I suggest some small, but relevant updates to Assistant, Assisted and the privacy policy. See attached document.

Describe alternatives you've considered Regulatory requirements need to be met, so it has been made with a focus on "minimal effort, but still legal".

Additional context Dayon-PrivacyStatement.1.odt

[lammel-hub]

amended the suggested texts for Assistant and Assisted, please use this version instead. Simplest approach identified. Dayon-PrivacyStatement.3.odt

[RetGal]

Ok, I'll have to think this trough. With your suggestion for the updated privacy webpage I totally agree. But to put additional "popups" into the application just to please the GDPR rules of EU? And what about the equivalent rules of Switzerland, Canada, Swaziland etc? Add another dialog for each of those as well?

I mean, I'm probably respecting the privacy of Dayon!s user more than most of the apps and services out there! I'm not interested at all in the users (meta) data. I don't intend to collect, analyze, sell or otherwise monetize any of them. And in my experience, most people don't care about their privacy these days: They are more than willing to disclose personal data and their entire private lives to the public or to large (mostly US) companies that gratefully exploit their data and turn it into money.

I hope you don't misunderstand me! I am very grateful for your suggestions and advice on how Dayon's rudimentary privacy statement can be harmonized with EU regulations. I just think the addition of "nag screens" that most people probably would just click away without ever reading them is overkill, pretty useless and mostly just annoying - especially for all the users living outside the EU.

[lammel-hub]

Thank you for considering all of my wildly different suggestions to Dayon! these past few weeks, and I am glad that you appreciate the suggested updated privacy webpage. 🙏

Regarding to the suggested pop up window, I fully understand where you come from and let me be clear: you make the decision on how to progress, these are only my thoughts.

Hoping it is OK, I would like to provide you with some context and further thoughts on the suggested approach.

• I mentioned GDPR in the privacy assessment because I happen to live in a member state. Since Dayon! is available for download in the EU, the regulation is mandatory to follow regardless of where the publisher is located (GDPR applies to any person, business, or organization that collects or processes personal data from any person in the EU).
• GDPR is the most widely adopted privacy regulation in place today. It Is not only followed by the EU Member states, but in practice the following countries and states have similar statutes: Andorra, Faroe Islands, Guernsey, Iceland, Isle of Man, Jersey, Liechtenstein, Norway, United Kingdom (also after Brexit!), Switzerland, Bahrain, Israel, Qatar, Turkey, Kenya, Mauritius, Nigeria, South Africa, Uganda, Japan, South Korea, New Zealand, Argentina, Brazil, Uruguay, Canada, California. Furthermore, the EU-US Data Protection Umbrella Agreement concluded in 2016 introduced high privacy safeguards for transatlantic law enforcement cooperation. This was amended in 2023 with new binding safeguards introduced to ensure better GDPR protection against US intelligence agencies.
• How will this help for other jurisdictions than the EU (and others mentioned above)? I intentionally wrote the suggested texts for the privacy web page and apps without mentioning GDPR for the following reason: Most privacy regulations across the world share a common basic principle; users should be informed if their data is collected, analyzed or monetized (some have “opt-in rules” where users must agree before data is processed [EU], others have “opt-out rules” where users must actively ask for and block data processing [e.g. some US states]). This means the suggested texts are never "non-compliant", regardless of jurisdiction.
• I fully agree that Dayon! probably is one of the most privacy considerate apps for remote assistance. The fact that you do not want to collect, analyze or spread the data is actually a good argument for why you should put up the window to inform the user. Be proud and let them know! perhaps this is a better text for the suggested pop up window (bear with me!!) “Dayon! is designed with respect for your privacy. No data is collected, analyzed, sold or otherwise monetized in any way. Please note: If using Tokens to connect, your IP address will be stored in a separate Token server and be automatically deleted no longer than 7 days after its last use. The sole purpose is to enable the Token functionality.”
• I see what you mean with regards to people selling out their data! The way I suggested the pop up window to be presented was with a (pre-selected) tick box that would allow the user to hide the screen after seeing it once. This was to avoid annoyance with those who do not care.
• Having said all this, I think it would be a shame if Dayon! did not meet the regulation, when the app is so obviously privacy friendly and it seems quite easy to meet the requirements on informing the user (while also letting them hide the screen after the first time, if they feel like it).

Hoping you will reconsider, but I fully respect any decision you make. 😊

[lammel-hub]

Here you find my version of the privacy statetment for the RVS I have donated: https://dayon.helioho.st/privacy/

[RetGal]

Great! Maybe after or together with #106 we could make the "privacy" link inside the system information dynamic. So it would point to the xx_privacy.html files within the path of the configured RVS server. So the ext folder would then also contain those templates, where only the placeholder for the "data processor" would have to be replaced.

[lammel-hub]

Great way forward!