[IAEP] Sugar network / School Network
Samuel Greenfeld
samuel at greenfeld.org
Tue May 17 13:55:55 EDT 2016
I think there may be a difference between research studies and privacy law
related to collecting general user statistics. This might be untested
though, and for Sugar, both studies on how children use it as well generic
statistics straight from the application(s) may be useful.
I'm not interested in age/grade, or their specific IP addresses :)
>
> What information do you think is safe to collect?
>
At this point in time, I'm not going to speculate. It's too easy to take
multiple identifiers (such as Name and Zip/Postal Code) and uniquely
identify someone the vast majority of the time.
IP Addresses, Serial numbers, GUIDS/UUIDs, etc. all could be considered
uniquely or near-uniquely identifying of a person depending on the country.
Leah at OLPC might be able to tell you some things. But at the same time
she likely would have to point out she isn't your lawyer and cannot provide
you or Sugar Labs legal advice.
If you want to know the gritty details of how this all works, you really
need to speak to a compliance specialist (which the Conservancy might be
able to point Sugar Labs to), and not ask for legal advice in a public
forum :)
I want to understand which activities are used, in which languages, and in
> which countries. None of the above is needed for that.
>
As long as you don't care about which machine(s) calls in how often and
carefully toss away (& don't log) anything which could identify a user, I
believe this is feasible. What the criteria would be in order to get an
application that calls home in various distros would gave to be determined,
although many distros have things like Firefox which do this already.
There would be some bias the results based on how well any particular
user/country has Internet access.
How this gets disclosed to users would have to be determined.
Sugar already asks for user's grade and gender on first boot even if no
statistics engine is in place, so there may have to be some sort of privacy
policy or other explanation of what's going on.
On Tue, May 17, 2016 at 1:38 PM, Dave Crossland <dave at lab6.com> wrote:
>
> On 17 May 2016 at 00:01, Dave Crossland <dave at lab6.com> wrote:
>
>> Both these seem to be related to _children’s personal information_; I
>> don't think anyone here is interested in that.
>>
>
>
> https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions
> is good, and §3 defines this:
>
> 3. What is Personal Information?
> The amended Rule defines personal information to include:
>
> First and last name;
> A home or other physical address including street name and name of a city
> or town;
> Online contact information;
> A screen or user name that functions as online contact information;
> A telephone number;
> A social security number;
> A persistent identifier that can be used to recognize a user over time and
> across different websites or online services;
> A photograph, video, or audio file, where such file contains a child’s
> image or voice;
> Geolocation information sufficient to identify street name and name of a
> city or town; or
> Information concerning the child or the parents of that child that the
> operator collects online from the child and combines with an identifier
> described above.
>
>
> I want to understand which activities are used, in which languages, and in
> which countries. None of the above is needed for that.
>
> How do I check with Conservancy about this?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/iaep/attachments/20160517/3465d2ba/attachment-0001.html>
More information about the IAEP
mailing list