Open sallytay opened 2 years ago
garethrees
commented
2 years ago I think there are three main groupings to address:
garethrees
commented
2 years ago While there's an overlap, I think we ought to have a /help/privacy page that's about PII, and a /help/takedown (name TBC) page that's about the removal of non-PII that's been requested or released.
RichardTaylor
commented
2 years ago I think there are three main groupings to address:
PII of people making requests on our site ("Users") « This group could be expanded to include those reading/browsing the site
PII of people responding to requests on our site ("FOI Officers")
PII of people mentioned in requests/responses ("Third Parties"?)
I think we should try and avoid duplicating text and having to maintain it in two places, so that might mean separate pages for eg. legal basis (relevant to all groups), and Children and Young People's Data (relevant to groups 1 and 3) etc.
WilliamWDTK
commented
2 years ago While responding to an issue, it has come to my attention that our text at https://www.whatdotheyknow.com/help/privacy#legal_basis, at the least, has some errors.
Current:
In most cases our legal basis for processing personal information is "legitimate interest" (this is as laid out in 6(1)(f) – of the UK GDPR. We believe that we are pursuing a legitimate interest in processing personal data to provide our service to benefit of our users and the benefit of society. There is a benefit to our users in that we offer an easy way to make, track and publish Freedom of Information requests. The service also has a benefit to the public as any information released in response to the request is publicly available in a historic archive for anyone to use. There is also a benefit to authorities responding to requests, in that the automatic publication of the requests reduces duplicate requesting.
Suggested:
In most cases, our legal basis for processing personal information is "legitimate interest" (this is as laid out in 6(1)(f) – of the UK GDPR). We believe that we are pursuing a legitimate interest in processing personal data to provide our service to the benefit of our users and the benefit of society. There is a benefit to our users in that we offer an easy way to make, track and publish Freedom of Information requests. The service also has a benefit to the public, as any information released in response to the request is publicly available in a historic archive for anyone to use. There is also a benefit to authorities responding to requests, in that the automatic publication of the previous requests may reduce duplicates.
RichardTaylor
commented
2 years ago William has noted a missing bracket after GDPR and is proposing a change in phrasing from
the automatic publication of the requests reduces duplicate requesting.
to
the automatic publication of the previous requests may reduce duplicates.
I would support inserting a "may", making it:
the automatic publication of the requests may reduce duplicate requesting.
RichardTaylor
commented
2 years ago William's change also notes
to provide our service to benefit of our users
is missing a "the", it should become
to provide our service to the benefit of our users
RichardTaylor
commented
1 year ago We might also want to stress to readers why what we log and retain is important. It might not be obvious to all that we are from time to time required by law to disclose personal data we hold about our users.
What we hold matters because whatever we hold could be obtained by eg. the police in connection with investigating crime, by other public bodies in connection with their functions or by anyone who obtains a court order requiring the disclosure of the information.
We imply we might, release certain information if required to do so by law, but don't expand on this.
Comment from https://github.com/mysociety/whatdotheyknow-theme/issues/870
/help/privacy is already quite long (almost 5,000 words, and 7 sheets of A4) - would you favour splitting it into a few pages to aid readability? If so, this might be an opportune time to add a page giving particular focus on this topic.
New ticket created to review the content and look to improve the page.