A Proposal for Wikimedia’s New Privacy Policy and Data Retention Guidelines

Shields, circa 1870

Privacy policies play a vital role in protecting the privacy of users. At the Wikimedia Foundation, our Privacy Policy is particularly important to us, because it is a key way we protect our users and reflect their values. It also has a broad impact, because it protects and governs the information of over twenty million registered users and 490 million monthly unique visitors.

Our current Privacy Policy was approved by the Wikimedia Board of Trustees in October 2008 and has not been updated since. Given the growing concern over privacy, especially on the internet, it is important to have an updated policy which reflects both technological advances and the evolving legal issues surrounding new technology.

So, almost eight months ago, we started a conversation with the Wikimedia community about key privacy issues. Based on that conversation, we crafted a new draft Privacy Policy and introduced it to the community for feedback about five months ago. And, thanks to that feedback, we created and discussed Wikimedia’s first Data Retention Guidelines. Today, we are closing the community consultations on the new draft Privacy Policy and Data Retention Guidelines. [1]

The new proposed Privacy Policy will now be presented to the Wikimedia Board of Trustees for review before its next meeting in April 2014. If approved, it will replace the 2008 Privacy Policy.

We would like to thank the many community members who participated in the discussions. The new proposed Privacy Policy and Data Retention Guidelines would not be what they are today without your help. (You can actually see the changes to the drafts in the Policy’s and Guidelines’ wiki revision histories that happened as a result of your feedback!) We received hundreds of questions, comments, and suggestions. In fact, the discussion on the Privacy Policy, along with the related Data Retention Guidelines and Access to Nonpublic Information Policy (whose consultation is also closing today) totaled approximately 195,000 words, making it longer than the Fellowship of the Ring! Together, we have created a transparent Privacy Policy draft that reflects our community’s values.

We’d like to go over some of the ways that our new proposed Privacy Policy differs from our old Privacy Policy (the “2008 Policy”). One thing that has not changed is our goal of collecting as little information as possible, but we have made a wide variety of improvements to strengthen our commitment to users, including:

  • More detail and transparency. Our old Privacy Policy did not provide a great deal of specific information about what kind of data we collected or how we collected and used it. The new proposed Privacy Policy and Data Retention Guidelines explain these points in detail, so that users have a better understanding about their privacy on Wikimedia Projects.
  • The permitted use of different types of technologies. The 2008 Policy covered IP information and cookies. The new proposed Policy, on the other hand, explains how information is collected from mobile devices, tracking pixels, JavaScript, and “locally stored data” technologies, so that we can improve the Projects.
  • Never selling user data. The 2008 Policy doesn’t mention this. While long-term editors and community members understand that selling data is against our ethos, newcomers have no way of knowing how our Projects are different from most other websites unless we tell them. The new proposed Policy spells out that we would never sell or rent their data or use it to sell them anything.
  • New glossary and FAQ. The new proposed Policy includes a glossary that helps users familiarize themselves with wonky technical terms such as API and metadata. It also includes an FAQ to help users understand details about Wikimedia Sites, our privacy practices, and data collection technologies. For example, the FAQ provides examples of the types of technology we use to collect data, and explains to users how they can limit some of the information that is collected about them.
  • Inclusion of new activities. We started new projects and features (like notifications, surveys, and feedback tools) after the adoption of the old Policy, so unsurprisingly the old Policy doesn’t address them. The new proposed Policy explains how notifications are used and how you can opt out as well as how we may use information collected in surveys.
  • Limited data sharing. The old Policy narrowly states that user passwords and cookies shouldn’t be disclosed except as required by law, but doesn’t specify how other data may be shared. The new proposed Policy expressly lists the limited ways in which all data may shared, including with our essential volunteers. It permits providing non-personal data to researchers who can share their findings with our community so that we can understand the Projects and make them better. We have also added a Subpoena FAQ as a resource for users to learn about subpoenas generally and what they can do in the unlikely event their information is subject to a subpoena.
  • Scope of policy. The 2008 Policy states its scope in general terms, which could be confusing or ambiguous. The new proposed Policy explains in detail when the Policy does and doesn’t apply.
  • New Data Retention Guidelines. While not formally part of the new proposed Privacy Policy, for the first time, we have a formal document, drafted in close consultation with engineering, outlining what our data retention practices are and should be. In creating these Guidelines, we tried to be as thorough as possible in specifying how long particular types of personal information will be kept.

The proposed Privacy Policy and the Data Retention Guidelines are the result of an organization-wide effort — staff from many departments helped us create these documents, and we would like to thank everyone who participated. In particular, we would like to thank Erik Möller and the entire engineering team for their continued support and participation throughout this process.

Michelle Paulson, Legal Counsel

Geoff Brigham, General Counsel

 

  1. Although we are closing the formal community consultation on the Data Retention Guidelines, we welcome community members to continue the discussion. The Guidelines differ from policies in that they do not require approval from the Board to be implemented and can be continually updated and improved. We intend for these Guidelines to evolve and expand as time goes on.

    * So many people helped us on this project. Special thanks go to Toby Negrin, Luis Villa, Dario Taraborelli, Roshni Patel, Megumi Yukie, James Alexander, and Jorge Vargas, without whom these privacy documents and consultations would not have been possible.

25 Show

25 Comments on A Proposal for Wikimedia’s New Privacy Policy and Data Retention Guidelines

Sabrina Vizcaino 3 months

Valoro el hecho de querer aplicar una política de privacidad mas rígida pues muchos de los documentos de wikipedia contienen errores provocados por los mismos usuarios, aun así, creo que las opiniones de usuarios que si tengan conocimiento pleno de un tema en particular y observando su nivel de preparación académico, deberían de ser tomadas en cuenta para la perfección del documento sin que el mismo sea alterado directamente

Francisco 3 months

Un saludo cordial.
Decir que no entiendo Ingles, por lo tanto no se en que términos y condiciones va a cambiar la política de privacidad de vuestra pagina WEB, a través de la encuesta realizada, es decir que querria que se tradujera tambien al Castellano o Español. At..WIKIPEDIA…….GRACIAS

clarence nalls 3 months

I am concerned with googles practice of listing information regarding individuals that may not be true which could damage ones reputation. Such as, information regarding disciplinary proceeding regarding an attorney that my be false without giving the affected person an opportunity to respond. Such practice should be stopped.

Doctor 4 months

Some of us appreciate you all taking a clear, deliberate, and most importantly accountable policy when it comes to user security. This place in internet history is an especially murky and uncertain one, where the Utopian fools, cowboys, and salesmen have rather unflatteringly metastasised into mutually assured, multiplicitous beast. Seeded in the psychology what used to be just one of many search engines. Now obsessed with a subjective definition (and subsequent dominion) of all topology of the landscape, (to the point where many people will never understand or see beyond what has been framed for them – hypothetically: You were a Web Host or Small Business, and were refused a listing by Google at the behest of an influential agency or party. You made the robots.txt list- For a for all intents and purposes: You Do Not Exist – and you will struggle to posit a public reality the contrary) This omnivore in altruist’s clothes has created and refined both models of data aggregation, user targeted advertising and especially good at expertly deflecting any criticisms of violations of their user rights ( picture of Magna Carta for internet missing : that’s a 404 )implicit in their systems. (the same thing that seems to allow repeated gross ethical misconduct: lack of precedent or legislation makes all rights simply implied.) It is the emulation of their corporate dollar driven profiling of the ontological and semantic web, now used for and by both the social networks ( see:The flailing minutiae / cult of personality bubble) .and corporate modern web. And it is the progenitor of the worst of it. The once uninitiated NSA, now the peak of it’s crypto-fascist dream. So thanks for drawing a line in the sand. It’s amazing that Wikipedia still has not caved in/”Been acquired” there aren’t many institutions with ethics left intact once they reach your place. Thank you. Some of us see what you are doing, and some of us are listening.

Ralph Dratman 4 months

With respect to the likelihood or otherwise of a subpoena being issued against user information stored by Wikipedia, your assertion that such was “unlikely” was, I must assume, referring to the probability that any given specific user (for example, the reader of this document) would ever be subject to such. On the other hand, I’d guess the aggregate probability that some one or more users among all the wikipedia users will at some future time be subject to such subpoena is not negligible.

lola 4 months

Gracias por avisar

Jonathan Pineda 4 months

Thank you.

Steve 4 months

Wikipedia needs a better policy as regards transparency regarding the actions of its administrators. Some may be over zealous in some regards. It might be helpful for users to see statistics on administrative actions and be able to vote for which ones they value most and least with the objective of setting administrative limits, so many per week per administrator on the ones valued least.

Sxxxx Wxxxx 4 months

I’m disappointed I didn’t come across this sooner. It would have been the perfect opportunity to ONCE AGAIN voice my concern and disappointment that Wiki has gone the way of our democracy; at times to the highest bidder. Suggesting a few more fixes to cure their edit process might have helped the +90% of Wikipedia that serves its purpose…

As central a resource as Wiki is, it’s not quite the incredible, compounding central database it could have been. Whether it’s a policy issue or some short-coming of all wiki-s, it seems when subsequent corrections/edits don’t sit well with a special interest or a corporate sponsor — even if properly annotated and referenced — changes can go missing, routinely, again and again, over months, continually, as if a well funded machine was able to maintain their talking points over the balanced and unbiased maintenance of information. All while Wikipedia sat by and did little to nothing. Public safety issues or other concerns aside, this is sides taking plain and simple, of which Wikipedia unwittingly or not has become a tool and not the right side of history we’d all expect.

It’s been years since I’ve bothered editing, or donating (since), yet the in-depth and unbiased exposé of even the issues of plastics, Excitotoxins (MSG, Aspartame, etc), GMO, the toxic adjuvants in vaccines, and a whole host of other now common “controversies” is evidentiary and still up for grabs or a slanted treatment. Unfortunately and because of this, and completely contrary to what I’d hoped; I have to wonder their intentions and their charitable status, while ostensibly at times a special interest driven mouthpiece for corporate sponsors…

Trevor Webb 4 months

In reference to comment 13, I hope there is still some facility for correcting wicki entries. For example I am an aviation historian with 50 years experience and a masters degree and often find, usually minor, errors.

levi van dijk 4 months

if you want details to be safe use pen , paper and mechanical storage. people are too lazy to “spy” or forcefully record information in books and literal files. i personally dont trust any digital information to be truly “private”. im an industrialist who prefers mechanical contraptions more so than electronically functioning technology.

i guess metaphorically when referring to technology i prefer the “indomitable divide” to the “cutting edge”.

John Couch 4 months

Julie Krauel – the reason your school won’t allow Wikipedia or any other web source to to be used is that they are not original data. The thing that is great about Wikipedia is that the reputable articles have footnotes. Go to them for your sources.

Julie krauel 4 months

Why won’t school allow this site for reports?

Julie krauel 4 months

Mr. Crout,
What do you mean?
Jkrauel

Julie krauel 4 months

Let me explain myself. I am learning more & more about the web. Especially since after being hacked of all my personal info in Oct. 13 I don’t know who to.hold responsible? I was simply now making a comment about Google+ note allowing you to take your name off of all”public just profile.” When you have to sign up to get better apps. I would like all my info private…thank you. I will show my first name.. My kids Uuse your site for reports but now are banned to get any info. From you for reports. Why? I was wondering if you could tell me? Also the other apps. I. Meantioned was Google Hangouts where up to get10 people can join in. They don’t mention and listen to your calls sms as invisible??? If I wanted to spy on someone I would install that app. I was wondering not bragging on Google I was wondering if there were ways around having your info private but when it says it will be. Just as aiki said my email was kept private? WIKI not very trustworthy afterall. Great comment to make me look bad when I was wondering simply asking for help. You DEFINITELY DO NEED A NEW PRIVACY POLICY! ASAP!

Julie krauel 4 months

I am not trusting of this site automatically showing my info as public just for signing in. Google makes you pretty much have too to get other apps free. Is there a way you can avoid this? I made all private but I know a lot of people that do not know about that site and handouts with invisible listeners on your calls sms beware to all these apps are spyware & sneaky!:-*

James Carr 4 months

The main reason I use wikimedia is for educating myself on different subjects ! I don’t use it very often,but when I do you seem to have the most useful facts on the ole inner web . Today I was searching for some army & navy info on my Uncle and Dad .I have a few unanswered questions and they’re both passed on,so it being Memorial Day I thought I would try and get a little information. But with everything going on in this world of ours this day and time you can’t be to careful!!! I understand completely. Thank you,I think wikimedia is doing a great job !!!

Javier ezequiel grob 4 months

Entiendo que Wikimedia sea mejor que Wikipedia, si seria mas mejor que sea privado y no en publico. Servira un mejor ejemplo que tenga mejor información en Wikimedia que en Wikipedia y que tenga los mismos idiomas o mas mejores y nuevos idiomas que los idiomas anteriores. Puede que eso sirva como un mejor ejemplo de transparencia para que todos en los países del mundo en Sudamérica, Norteamérica, Europa, África, Asia y Oceanía (Australia). Puede que sea un mejor detalle como que este Wikimedia permita que la organización muestre el verdadero respecto hacia todos los clientes de todo el mundo y que nosotros podamos valorarlo que su privacidad pueda haber sido de una vez por todas por genuina, pero ahora es la retorica y espero que esto signifique que no esto se pueda cambiar o que esto pueda alterar toda la información proporcionada por el wikimedia.

NESTOR SANTIN VELAZQUEZ 4 months

La trascendencia sin precedente de este proyecto es patente. Es como un sueño de la alfombra voladora, pero en el terreno de la ciencia y la técnica. El carácter multidisciplinario y plural, y al mismo tiempo objetivo en la construcción de contenidos no debe ser afectado, idealmente. Tampoco el carácter gratuito (No profit)aunque yo he colaborado modestamente (minúsculas cantidades de dinero) y estoy dispuesto a seguir colaborando, según mis posibilidades. Este proyecto ya es fundamental para la humanidad. Me gustaría colaborar con información de mi región y país, pero lo haría sólo en temas en los que pudiera aportar algo nuevo o desconocido. Mientras esto se materializa, gracias, gracias, gracias.

Dawn Tuskey 4 months

Wow. Impressive. Wikimedia is leading by example. Never selling the little bit of info I share & you collect is a big one to me. It’s gotten to the point where I’m wondering if & how I should copyright & trademark my name & other personal info.

Leave a Reply

Your email address will not be published. Required fields are marked *