Privacy Statement Updates September 2022 #582
Conversation
Updates to privacy statement
|
|
||
| | Section | What can you find there? | | ||
| |---|---| | ||
| | [Who is responsible for the processing of your information](#who-is-responsible-for-the-processing-of-your-information) | Subject to limited exceptions, GitHub is the controller and entity responsible for the processing of your Personal Data in connection with the Website or Service. | |
There was a problem hiding this comment.
Is the change from "Personal Data" to "personal data" a stylistic change?
I note that the paragraph above is still intact:
All capitalized terms have their definition in GitHub’s Terms of Service, unless otherwise noted here.
Presuming this capitalization change is unintentional, it has the unfortunate effect of decoupling "Personal Data" from the definition provided in the GitHub Terms of Service, which means that "personal data" is no longer as delineated there, but could well be anything.
If this is an intentional change, it would seem better made as a visible change to the Terms of Service. If the intent is not to change the Terms of Service but to arbitrarily expand "personal data" without drawing attention, well, that seems evil.
There was a problem hiding this comment.
Looking into this further -- it looks like "Personal Data" is defined these days in the GitHub Data Protection Agreement. Perhaps this was being decapitalized since it is not directly defined (afaict) in the GitHub Terms of Service?
There was a problem hiding this comment.
The collection of information and sale of it I think is something that has been going on for a long time. I think what matters is knowing what information we provide. But it's always good to know
There was a problem hiding this comment.
in a court of law, doesn't "Personal Data" mean "personal data" ?
lol
There was a problem hiding this comment.
Soy mario sl papa si tubieron q ver en esta acciion demla boluntad arreglenlo o se veran en lios no agan mad difisil las cosas y agan l9 correcto
There was a problem hiding this comment.
con-6e6988f8c9c3118904e77b05cc725e8954a4f65099dbb8b7785a31c8fb6e99a3
There was a problem hiding this comment.
Support account of bernardoomillo and angelica duran
Policies/github-privacy-statement.md
Outdated
| ### DNT | ||
|
|
||
| "[Do Not Track](https://www.eff.org/issues/do-not-track)" (DNT) is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third party tracking services. GitHub responds to browser DNT signals and follows the [W3C standard for responding to DNT signals](https://www.w3.org/TR/tracking-dnt/). If you would like to set your browser to signal that you would not like to be tracked, please check your browser's documentation for how to enable that signal. There are also good applications that block online tracking, such as [Privacy Badger](https://privacybadger.org/). | ||
| "[Do Not Track](https://www.eff.org/issues/do-not-track)" (DNT) is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third party tracking services. Some services may respond to browser DNT signals and follow the [W3C standard for responding to DNT signals](https://www.w3.org/TR/tracking-dnt/). If you would like to set your browser to signal that you would not like to be tracked, please check your browser's documentation for how to enable that signal. There are also good applications that block online tracking, such as [Privacy Badger](https://privacybadger.org/) or [uBlock Origin](https://github.com/gorhill/uBlock/). |
There was a problem hiding this comment.
Let me prefix this by stating that I am a complete layman.
Previously: *GitHub* responds to browser DNT signals and follows the W3C spec.
Now: Some random services, somewhere in the world, hosted by GitHub or somebody else *may* respond to browser DNT signals and follow the W3C spec.
Doesn't this change invalidate the whole paragraph and turns it into a generic wiki article?
There was a problem hiding this comment.
Dunno, they will stop respecting DNT but leave this paragraph and make it seem as if they do. This is just confusing.
There was a problem hiding this comment.
"Confusing" is one way to put it.
Edit:
@zzo38 articulated my personal opinion better than I could so I'll quote part of their comment here:
I also think that they should avoid using confusing privacy policies; the mention of DNT should either be kept as is if GitHub uses the DNT header to reduce tracking, or deleted entirely if GitHub does not use the DNT header. If it does so only in some cases, it should mention what cases these are. The privacy policy made sense before the change in the section about DNT, although the change mentioned above makes it confusing (as other comments already mention).
[..]
I have no problem with adding these non-essential cookies to the enterprise marketing pages, as long as the rest of GitHub can be used without it and it is documented which pages these are (and if the cookie domain is the same, also which cookies). Moving the enterprise marketing pages to a separate domain seems to me to be a good idea though, in order to be clearly distinguished (although a subdomain is probably good enough, in my opinion; as long as it is documented clearly which subdomains these are).
Emphasis are mine.
In my opinion, documented should mean being very specific and being part of a legally binding document like the privacy policy.
An example for not being specific is this part of the changes:
As described below, we may use non-essential cookies on certain pages of our website
GitHub is introducing non-essential cookies on web pages that market our products to businesses. These cookies will provide analytics to improve the site experience and personalize content and ads for enterprise users. This change is only on subdomains, like resources.github.com, where GitHub markets products and services to enterprise customers. Github.com will continue to operate as-is.
This change updates the Privacy Statement based on this new activity.
These updates will go into effect after the 30-day notice and comment period, on September 1, 2022.
See comment below with clarifications and changes made at the end of the comment period.
Comment on #582 Privacy Statement Updates September 2022
We want to thank everyone for their review and feedback on the Privacy Statement Update. We appreciate and share your passion for developer privacy. GitHub remains committed to having the highest privacy standards and will continue to center the needs of developers in all of our platform decisions. We intend for this to be a minimally invasive change that will enable us to provide the best tools to our users. In response to your comments, we are providing the following changes and points of clarification:
DNT and self-help browser extensions
Commenters raised questions about our language on DNT and self-help browser extensions. We've pushed a commit that:
• Folds the existing DNT and browser extension information into a new section on disabling non-essential cookies.
• Specifies there will be a user setting to disable non-essential cookies and provides additional details to clarify which cookies will be used and for what reasons.
• Specifies that DNT will be honored on GitHub, and that if a DNT signal is sent, GitHub will not load third party resources which set non-essential cookies, so that we do not have to rely on third parties honoring DNT.
• Browsers' built-in tracking protection has advanced significantly in recent years, so we've noted that configuring that built-in protection may block non-essential cookies.
• Separated mentions of browser extensions designed to block tracking, and extensions designed to block unwanted content with the effect of blocking tracking, for clarity, though using either alone or in combination may block non-essential cookies.
• Changed links with additional information on DNT and browser extensions to point to their respective Wikipedia articles for neutrality, currency, and to clarify that these are not GitHub products (though of course we're proud that many privacy protection tools are developed on GitHub).
Finally, some have asked why we’re explaining technical self-help tools. GitHub has a very broad user base, including new developers – and we want everyone to be informed about the scope of their options, including technical options.
Enterprise user experience
Commenters asked for clarification about how this change will impact the enterprise user experience. We are introducing cookies on GitHub’s Enterprise Marketing Pages (e.g. resources.github.com), not on Enterprise user accounts. We intend for this change to make it easier for our Marketing team to better understand the needs of users who are visiting Enterprise Marketing Pages and connect them with the solutions that will benefit them most.
Users who visit these pages will have the option to express their cookies preferences by navigating to the link in the footer of the page.
Stylistic change
Commenters have asked why ‘Personal Data’ was changed to ‘personal data’ in the Privacy Statement update. We made personal data lowercase because it is not a defined term in our Terms of Service, for consistency with “All capitalized terms have their definition in GitHub’s Terms of Service, unless otherwise noted here.” The stylistic change does not impact its definition.