- Never selling user data. The 2008 Policy doesn’t mention this. While long-term editors and community members understand that selling data is against our ethos, newcomers have no way of knowing how our Projects are different from most other websites unless we tell them. The new proposed Policy spells out that we would never sell or rent their data or use it to sell them anything.
- New glossary and FAQ. The new proposed Policy includes a glossary that helps users familiarize themselves with wonky technical terms such as API and metadata. It also includes an FAQ to help users understand details about Wikimedia Sites, our privacy practices, and data collection technologies. For example, the FAQ provides examples of the types of technology we use to collect data, and explains to users how they can limit some of the information that is collected about them.
- Inclusion of new activities. We started new projects and features (like notifications, surveys, and feedback tools) after the adoption of the old Policy, so unsurprisingly the old Policy doesn’t address them. The new proposed Policy explains how notifications are used and how you can opt out as well as how we may use information collected in surveys.
- Limited data sharing. The old Policy narrowly states that user passwords and cookies shouldn’t be disclosed except as required by law, but doesn’t specify how other data may be shared. The new proposed Policy expressly lists the limited ways in which all data may shared, including with our essential volunteers. It permits providing non-personal data to researchers who can share their findings with our community so that we can understand the Projects and make them better. We have also added a Subpoena FAQ as a resource for users to learn about subpoenas generally and what they can do in the unlikely event their information is subject to a subpoena.
- Scope of policy. The 2008 Policy states its scope in general terms, which could be confusing or ambiguous. The new proposed Policy explains in detail when the Policy does and doesn’t apply.
Michelle Paulson, Legal Counsel
Geoff Brigham, General Counsel
Although we are closing the formal community consultation on the Data Retention Guidelines, we welcome community members to continue the discussion. The Guidelines differ from policies in that they do not require approval from the Board to be implemented and can be continually updated and improved. We intend for these Guidelines to evolve and expand as time goes on.
* So many people helped us on this project. Special thanks go to Toby Negrin, Luis Villa, Dario Taraborelli, Roshni Patel, Megumi Yukie, James Alexander, and Jorge Vargas, without whom these privacy documents and consultations would not have been possible.