kauedesousa
commented
2 years ago Software development with Data Protection by Design and by Default https://www.datatilsynet.no/en/about-privacy/virksomhetenes-plikter/innebygd-personvern/data-protection-by-design-and-by-default/?print=true
MarManrow
ClimMob should comply to the regulations on data privacy (EU and SSA Countries). For this we should make sure that sensitive information (farmer name, telephone, precise GPS coordinates, etc) are not shared or distributed by ClimMob. With @jacobvanetten we have discussed some possible approaches.
Omit precise location of GPS coordinates ClimMobTools has a function called
rmGeoIdentity()which can be used to remove the precise location of coordinates by picking a random point around a buffer area of the original point https://agrdatasci.github.io/ClimMobTools/reference/rmGeoIdentity.html This function could be applied internally to all GPS coordinates and then the random points will be used in the report, API calls and ordinary downloads.Omit names and other ids Names, telephone, etc, should not be displayed in the API calls. We could add a variable when creating a question in the Library. Sensitive question (Y/N), explain what is a sensitive question and why it is important that the user indicates when a question is sensitive or not. Then all the sensitive questions are omitted in the API calls and can be only accessed via an authentication process.
Sensitive information is never published on Dataverse or BrAPI
If the user wants the original data In that case this data could be made available by an authentication process (password + SMS or e-mail? or maybe link to Google Authenticator API https://www.rfc-editor.org/rfc/rfc6238?). Then the data (or link to download the data) could be sent to the email (like GBIF?), with a message saying that the user is receiving a link to access the original data and that now they are responsible to comply with the privacy regulations (check whether handing over the liability is doable)