[EuroPython] Publication of speakers' data on the web site
charlie.clark at clark-consulting.eu
Sat Apr 9 16:46:51 CEST 2011
Am 09.04.2011, 16:10 Uhr, schrieb Giovanni Bajo <rasky at develer.com>:
> I disagree. The form linked above clearly explains what it is going to
> be published and what it is not. Moreover, if you submit the form once,
> you are brought to the exact page that *will* become public, but still
> in a private form; you can review everything and amend at any time.
slightly contradictory statements. I would suggest you clarify in the
obligatory opt-in field exactly what data will be published on the
website. To be honest, as the form is not secure neither statement is of
any great relevance from a data protection perspective: all public data is
being transferred in the clear. Would it be possible to have the forms
>> but then the site
>> is also using Google Analytics which also breaches this
> Again, I disagree. We don't send Google Analytics any private data that
> seems to disallow Google Analytics usage, we can amend the text to allow
> it (and/or explicitly mention that it is being used). Plus, it's
> possible to globally opt out from GA as you might know.
IP addresses are considered as personal information. In general, in
Europe, only opting-in to the collection of personal data is permissible
and, as such, the US preference for opting-out is not sufficient.
>> and it's also not
>> sure which data is handed over to Janrain for the single sign-on: their
>> website doesn't really inspire trust that personal data will be treated
> We don't hand anything to Janrain; it's exactly the other way round,
> because Janrain gives us the personal information extracted from the
> on their website. Plus, you are not required to use it, you can go
> through a standard form if you prefer.
As with Google Analytics the details of the service should be in the
>> I'm more than a little intrigued to see cookies for the site for a
>> conference in 2011 set to expire in 2021.
> This can be something that we overlooked. I'll get back to you.
> BTW, I didn't appreciate your tone. We are volunteers working in our
> spare time to service the community. We surely do mistakes like anybody
> else, especially on complex legal matters, but you will not help the
> event or its partecipants just by citing EU directive numbers or naming
> violations without providing details nor proposing solutions.
Sorry if you don't like my tone. I'm only trying to raise awareness of the
current legal situation. As you are aware neither your status as a
volunteer nor ignorance of the law is not likely to be much of the defence
in the, admittedly very unlikely event, of a legal challenge.
The EU directive was not particularly well-drafted and explicitly forbids
in advance. Cookies that "are essential for the technical provision of a
service" may be exempted from this. Although the law is supposed to enter
into force by 25th May 2011 it must be implemented in each individual
nation state and the EU Commission normally gives countries at least three
years before initiating procedures. However, the jurisdiction on this is
not clear for such a patently international process: what happens when the
law is in force in country X and not in country Y. Because the law is so
poorly drafted it is likely to open the door at least to test cases and at
worst to serial injunctions leaving it up to the courts to decide exactly
how to interpret it.
I hope this helps clarify my comments.
Clark Consulting & Research
More information about the EuroPython