Bug#1001647: visidata phones home
Anja
anja.kefala at gmail.com
Mon Mar 3 02:53:26 GMT 2025
Hi Christoph,
Thanks for pointing out GDPR-specific compliance measures that VisiData is
missing. I began looking into it, and I'm aiming to update our privacy
policy this week.
My understanding is that "legitimate interests" requires a straightforward
opt-out mechanism (which VisiData does provide), but doesn't require
opt-in. We're going to ensure we meet legitimate interests compliance.
My plan is:
* to add language related to "legitimate interests" as the GDPR legal basis
* automate the deletion of individual data the day after the daily usage
counts are calculated
* create a process for data access and deletion requests if a person wants
their data deleted earlier
Again, thank you for drawing our attention to this!
Best,
Anja
On Sat, 1 Mar 2025 at 16:37, Christoph Berg <myon at debian.org> wrote:
> Re: Anja
> > The creator of VisiData goes into great depth here about his decision to
> > enable motd by default: https://github.com/saulpw/visidata/issues/913
> >
> > The privacy page is here: https://www.visidata.org/privacy/.
>
> This privacy policy is incomplete. You are collecting PII (the IP
> address of users of the program, not just the website visitors), but
> there is no data protection officer defined, no contact address for
> enquiries, etc. As you probably have users in Europe, the GDPR apply,
> and this is a violation.
>
> Collecting PII needs a legitimate reason, and the one stated here "we
> like to have numbers of users" sounds nice to have, but I really don't
> see it outweighing the interest of the user to remain private.
>
> TBH, you are on very slippery ground here and would be far better off
> by turning this off for legal reasons.
>
> As already mentioned, there is the Debian popularity contest (which is
> opt-in), and it does have visidata numbers:
>
> https://qa.debian.org/popcon.php?package=visidata
>
> This is how this works in Debian. Please you can keep the feature, but
> make it opt-in.
>
> There is no written policy for this yet, but every other package I
> know with such a feature has turned it off in the packaging.
>
> Thanks.
>
> Christoph
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-science-maintainers/attachments/20250302/89ef95ea/attachment.htm>
More information about the debian-science-maintainers
mailing list