Review pro terms

[katska]

review these terms that Matthew has given a first pass adapt in OAF/Australia context righttoknow.org.au/pro/pages/legal

see https://github.com/openaustralia/righttoknow/issues/749

[katska]

@mlandauer I think this looks pretty good. There's just one part that maybe we could be more specific about - which is the part "We take your privacy seriously. We will use the personal data that you provide to us solely for the purpose of administering the service, and we will not disclose it to anyone else unless we are obliged to by law. "
I'm not requesting a change here, however I would appreciate a conversation with you, and then @benrfairless about our approach to this in broad terms.

[mlandauer]

@mlandauer I think this looks pretty good. There's just one part that maybe we could be more specific about - which is the part "We take your privacy seriously. We will use the personal data that you provide to us solely for the purpose of administering the service, and we will not disclose it to anyone else unless we are obliged to by law. " I'm not requesting a change here, however I would appreciate a conversation with you, and then @benrfairless about our approach to this in broad terms.

Any suggestions for improved wording?

[katska]

@mlandauer not at this stage no, I think it's a 'policy' issue that we need to discuss. I don't think writing some words that might constitute a policy and discussing them in github is necessarily the most efficient way of clarifying OAF/RTK's existing position or elaborating/arriving at a more nuanced description of this and communicating it. Do you have a preference that we do it through an issue?

That said, I'm happy to talk about where I'm coming from on this, which is I would appreciate if OAF are as clear as we can be about what "obliged to by law" means to us. Given that 'the law' is continually being tested and remade, maybe what would be useful would be to state something of a principle about the extent to which we defend privacy and our capacity to do so.

Also should we say something about the protections in place that safeguard the privacy of the requester. For example we can't share information we don't have, and FOI requests can be anonymous. In the case of a PRO account, is there a way to work with an anonymous user?

[benrfairless]

@mlandauer @katska can we possibly arrange an early morning call to go through this?

[katska]

yes! when are you available?

[benrfairless]

Let's move this chat to Slack :)

[katska]

Following a conversation with @mlandauer today, I suggest as much clarity as we can give around the principle of defending personal information. Replace 'We take your privacy seriously. We will use the personal data that you provide to us solely for the purpose of administering the service, and we will not disclose it to anyone else unless we are obliged to by law." with "We take your privacy seriously. We will use the personal data that you provide to us solely for the purpose of administering the service. we will not disclose your personal information to anyone else unless we are obliged to do so with a court order. We will do our utmost to defend personal information and wont disclose data where we believe that there will be harm caused (to the person) by handing over information, to the extent of our capacity."

How does that read to you? We might want to get legal advice on that.

[mlandauer]

After discussion with @katska we decided instead to just change the word "obliged" to "compelled" and leave the rest of the change out. The reason is that from a user perspective all that really matters is that we're saying that their personal information might be disclosed to a third-party if we're forced to by law to do that but otherwise we won't. All the extra words didn't really change that meaning.