Revise privacy policy

Review and revise the privacy policy for CiviCRM and adjust as needed to reflect current trends. This includes adoption of GDPR standards and may also spawn related tasks such as adding GDPR extension to c.o.

Current policy at: https://civicrm.org/privacy-policy

assigned to @josh

assigned to @Detlev and unassigned @josh

added 1 deleted label

changed milestone to %Community Summit & Sprint 2019

mentioned in issue marketing/events/community-summit-2019#10 (closed)

There is no single or mandatory format for a Privacy policy. I really like, that CiviCRM.org's Privacy Policy is short and streamlined (unlike the Privacy Policy of e.g. Facebook, that hides relevant information within hundreds of pages of legalese!)

Saying this, there are still some points to be addressed, that privacy sensitive people would expect regarding GDPR.

1. In general, the following information should be contained in a privacy policy:

• Contact information of responsible person/organisation: OK
• Purpose of data processing: only implicite, but imo OK
• legal basis for processing of personal data: only implicite, but imo OK
• Which information will be stored: contained in "Protection of Certain Personally-Identifying Information" and "Privacy on specific CiviCRM sites"
• Is the user required to enter his data - or is it optional? -> this could be accomplished with the above listing of the stored information
• How long will the information be stored: to be amended
• Information about user rights:
  • Right of objection / right of revocation:** to be amended and highlighted in some way**
  • Right of access to personal information: to be amended
  • Right to correct or delete personal information: OK
  • inform the user, that he can place a complaint at the authority, where the user is situated (the address of the authority needs not to be contained): to be amended
• Description of the legimate interest, why civicrm.org is processing the information: only implicite, but imho OK
• Listing of the third persons, that receive personal information, together with a short description, why this is happening and why it is necessary: to be amended, as follows
  • Google:
    • Google Analytics
    • Google Fonts (this should better be done locally, which is not difficult to achieve)
  • Fontawesome
  • PayPal?? Credit Card Provider?? Has to be completed!
• Location of servers: United States of America to be amended

2. Additionally, there are a few practices resp. contents of the Privacy Policy that should be changed:

• Google Analytics: It should be made sure, that only an anonymized (shortened) IP address is transferred to Google

• Apache log files: Unfortunately, default behaviour is logging the complete IP. This should be switched to logging a shortened (anonymized) IP

• Newsletter subscription: Of course, we use double opt-in - and should refer to that in the Privacy Policy

• Children's Privacy: GDPR sets age restrictions for children below 16 - this should simply be changed in the Privacy Policy

• "...we use third-party advertising companies to serve ads..." Do we really? I am using an adblocker and do not know. But I think, we shouldn't use ad networks. And put that off the paragraph "Sharing of information with third parties"

This said, I would propose the following changes to the Privacy Policy - minimizing the changes and expecially keeping the current structure:

Privacy Policy: keep as is

Aggregated Statistics: keep as is

Protection of Certain Personally-Identifying Information: keep as is

Privacy on specific CiviCRM sites:

Delete this: "Your IP address may be used to identify duplicate user accounts (which are forbidden under the forum rules)."

Instead insert the following: "IP address will be stored anonymized, except within error logs, where they might be necessary to ensure proper functioning of our websites."

Add after the last bullet point:

• We follow the concept of data avoidance and data minimization. Therefore, we are saving personal information only as long as required for the purpose, or, if applicable, as long as legally required. After data is no longer required, we will delete or disable this data routinely.

• "Only fields marked as mandatory are required to be filled in."

Cookies: keep as is

Sharing of information with third parties: Should be changed - see draft below (language should be reviewed)

With the exception of the issues discussed in this paragraph we do not share your information with third parties:

• To provide statistical analysis of our website traffic and user interaction, we are using Google Analytics.
• In order to provide our website with a consistent graphical appearance, we are using Google Fonts and Fontawesome.
• Payment information will be forwarded to the respective payment processing companies.
• Your information may be disclosed when we are legally required to by a US court order, to verify or enforce compliance with the policies governing our website and applicable laws, or to protect against misuse or unauthorized use of our website.

Children's Privacy: Change "13" to "16"

Future changes: keep as is

Questions or comments: keep as is

assigned to @josh and unassigned @Detlev

mentioned in issue infra/gitlab#24 (closed)

I think there are issues in CiviCRM's Privacy Policy beyond those identified here - I'll undertake a full review when I'm back at my desk/in the office.

Feel free to assign this to me so I remember :-) @josh.

removed milestone

assigned to @MikeyMJCO and unassigned @josh

Bumping this, as it was flagged on the 2020 Summit call that the Privacy Policy on c.o. ideally needs revising for better GDPR compliance before registration opens, tho it sounds here like it's quite close. cc @josh @MikeyMJCO

mentioned in issue civicrm-website#127 (moved)

Related: infra/civicrm-spark/-/issues/3

unassigned @MikeyMJCO

assigned to @josh

mentioned in issue infra/civicrm-spark#3

The privacy policy has been updated and is reflected at: https://civicrm.org/about/privacy-policy

closed