jywarren
commented
10 years ago Closed jywarren closed 10 years ago
jywarren
commented
10 years ago 
shapironick
commented
10 years ago Just a quick clarification the second paragraph is mine and based on domestic chemical exposure folks. Those that are first going to visit the site via activist lists are the most likely to want to not have qualms about going public, i think
jywarren
commented
10 years ago Cool; are you thinking a toggle like this or something? http://www.bootstrap-switch.org/
shapironick
commented
10 years ago Perfect! Yup--if you think that would work.
jywarren
commented
10 years ago OK, here's a first draft on privacy control... i want to make a expandable "LEARN MORE" section below though.
jywarren
commented
10 years ago And maybe showing this "public" switch on every page, or showing whether you are public in a persistent way... this in the upper left of the header may be overkill:
Maybe I'll try a PUBLIC/PRIVATE badge of some sort.
jywarren
commented
10 years ago OK, thinking of text for the privacy page; I'm working on the text here: http://publiclab.org/wiki/wherewebreathe
I just put in some draft text but I'm trying to be really concise and clear:
shapironick
commented
10 years ago This is really really great!
Do you think that maybe we could have this switch page right after registration and then it will also be under the submit button on every questions and whichever one they choose at the beginning will be their present on the switch but they can change it for each question? They have the option of changing that preset at any time on the privacy page when logged on. That brings up another question should people be able to pull all of their public answers into the private space and vice versa?
Maybe "be careful of the potentially identifying information you decide to share" to be more specific?
and could we tinker with the Know who's reading:
"You can decide to share privately with our team of epidemiologists and social scientists, and the information you supply will only be used for scholarly purposes and in a non-identifying manner."
I think Nicole is really excited about publishing papers that have both data and narrative and so am I.
jywarren
commented
10 years ago Hi Nick - if you have edits for the privacy text (which would be great because I was mostly thinking about design issues, not really thoroughly drafting the text itself), could you make your edits on this page, so we can track versions etc in a structured way? http://publiclab.org/wiki/wherewebreathe Thanks!
I think we have to make a decision about whether to have private/public distinction on a per-question basis, especially in the first version. Also, we want to avoid ambiguity -- be sure the per-question prompt clearly affects privacy just for that question vs. overall privacy. Does the overall switch change every question's setting, or does it "override" them? If only some questions are private, what does the switch show? is there a "Some are private" state? So i like being clear, but maybe we need to just have per-question privacy and a button which just turns them all private at once, rather than a "master" switch. Emphasis on this being simple so people really know what their setting is.
shapironick
commented
10 years ago Great! Changes uploaded to the wiki. Just getting used to this cross-platform work system.
+1 "per-question privacy and a button which just turns them all private at once, rather than a "master" switch" That sounds good.
jywarren
commented
10 years ago Yeah, sorry to sprawl a bit but the wiki's a better place to do "drafts" of content. Moving this to implementation, so last call for additional changes before coding begins.
shapironick
commented
10 years ago Works for me!
jywarren
commented
10 years ago Should users be able to completely delete their accounts and all associated data? Would we cross-check in the future against already-exported data or would some persist in the data downloads if a user deletes themselves after someone's already downloaded it? I guess if we're allowing anyone to download/view the bulk data, we have to alert the user that others may have downloaded it in aggregate even if they delete it. That'll just mean that it's no longer available from the site.
shapironick
commented
10 years ago That's a really good question. From a user rights perspective is it illusory to say that they will be able to delete all associated data? As anyone could write a script that downloads the bulk data once a day and have everything. From a researcher perspective, I wouldn't want research data to be able to be destroyed from epi database. I don't know of any studies where that is done. Maybe we would be the first? or maybe we could run an analysis at the end to see if we had let people who deleted their account delete their data from the epi database how that would have or have not biased the results so further studies in the future could do a full deletion technique. Also I'm sure some people will want to delete their profile without deleting data in the epi data base. This researcher impulse is greedy, and something that would be interesting to question. are robust epi data and total data control at odds?
We are only making available in raw form the publicly answered questions, right?
Maybe we could let them a) move all public to private (which would take their data out of all future public downloads) b) delete their account (but not delete their data from our private research repository). People should be able to download all of their own data, right?
On the privacy page I think we may need a few more lines about how we can use the data that is shared just with the WWB research team. Something like "Data will be used in scholarly publications and meetings. This data will mostly be shared with academic audiences in statistical form, but if individual stories are discussed an additional pseudonym will be used so as not to identify user names."
Also they may ask us to make sure users know that they are free to withdraw from the project at any time and without having to give a reason. We will need some sort of button that moves the users from the privacy page into the survey. We should think about how to word that button so the IRB will be happy but also so it doesn't sound overly ominous like most IRB forms.
jywarren
commented
10 years ago Thanks, nick, sorry, just getting back online after travel. I think it's untenable to say we can chase down all copies and scrub the data. I think we have to either not allow deletion, or mention at the deletion interface that this will only delete future copies that people download. Maybe rename it "unlist" and say that the WWB site will stop listing it, not implying deletion everywhere. Maybe like your idea of "withdrawing", we could have the button say "Close my account" and say their data won't be used in graphs on the site, or listed on the site, but that we can't do anything about people (and researchers) who've already downloaded the aggregate data and may publish it.
What do you mean by raw form?
Yes to downloading all your own data, very much so.
Can you add the extra lines for the privacy page to the wiki page you'd created?
shapironick
commented
10 years ago Thanks Jeff. I've updated the wiki to reflect these extra lines. By raw data I meant data that is not in aggregate form like a graph. If people are able to pull data from the aggregate forms i wonder if that will get strange as the data held by the research team could have different averages to the data publicly displayed. not pushing against that but just flagging it as a potential issue in the future.
On Wed, Jul 16, 2014 at 7:47 PM, Jeffrey Warren notifications@github.com wrote:
Thanks, nick, sorry, just getting back online after travel. I think it's untenable to say we can chase down all copies and scrub the data. I think we have to either not allow deletion, or mention at the deletion interface that this will only delete future copies that people download. Maybe rename it "unlist" and say that the WWB site will stop listing it, not implying deletion everywhere. Maybe like your idea of "withdrawing", we could have the button say "Close my account" and say their data won't be used in graphs on the site, or listed on the site, but that we can't do anything about people (and researchers) who've already downloaded the aggregate data and may publish it.
What do you mean by raw form?
Yes to downloading all your own data, very much so.
Can you add the extra lines for the privacy page to the wiki page you'd created?
— Reply to this email directly or view it on GitHub https://github.com/publiclab/wherewebreathe/issues/2#issuecomment-49201432 .