search

mrbotcr / py3ClimMob

ClimMob is software for agricultural citizen science
https://climmob.net/
GNU Affero General Public License v3.0
5 stars 2 forks source link

Data Privacy and Terms of Service Policies #290

Open MarManrow opened 2 months ago

MarManrow commented 2 months ago

MrBot has prepared this draft on Data Privacy and Terms of Service policies on 2023.

https://docs.google.com/document/d/1e8Lrl9BbdAqIcI--RhXRWDcU7nyV9baQ/edit https://docs.google.com/document/d/1OQ_l1Tvd0bvdo3tID4HMtNaWZH5HzsfJ/edit

I compared them with ILRI´s Privacy Statement and it seems we will need to bring more detail on determined areas, as follows:

Data Collection and Access:

ILRI: Collects only the minimum amount of personally identifiable data necessary and restricts access to this data to only those who need it. ClimMob: Does not specify a similar practice of minimal data collection and controlled access in its policy. It’s important to ensure that ClimMob also limits data collection to what is necessary and restricts access accordingly. Affirmative Consent:

ILRI: Requests affirmative consent and provides detailed information on data collection purposes, transfer, storage duration, and rights to amend or delete data. ClimMob: Does not mention explicit affirmative consent or provide detailed information on data usage, transfer, or storage. The policy should include clear consent practices and detailed explanations similar to ILRI’s. Data Subject Access Rights:

ILRI: Provides the right to access, amend, and delete data, with responses typically within one month and in a commonly used electronic format. ClimMob: Mentions user rights in a more general sense but lacks specifics on response times, format, and conditions under which requests can be made or denied. Breach Notification:

ILRI: Has a breach notification system in place to inform data subjects within 72 hours of becoming aware of a breach. ClimMob: Does not specify a breach notification process or timeframe. Implementing a clear breach notification policy is crucial for alignment. Third-Party Data Filing Systems:

ILRI: Ensures third-party systems comply with confidentiality and non-disclosure agreements. ClimMob: Does not address third-party data handling or service agreements in detail. It should include measures to ensure third-party compliance. Data Retention and Deletion:

ILRI: Provides specific retention periods for different types of data and procedures for data deletion upon request. ClimMob: Includes some information on data deletion, but should specify retention periods and detailed deletion procedures in alignment with ILRI’s practices. Contact Information:

ILRI: Provides clear contact details for privacy-related queries. ClimMob: Should ensure that similar contact information is provided for users to address data privacy concerns.

MarManrow commented 6 days ago

Our data privacy policies and terms of service must be aligned with the data access and anonymization protocols developed in issue #124 . The documents listed in the description of this issue must be updated to date by MrBot and validated by the corresponding authority in the alliance.