Hi everyone, especially @sudokita @mstenta @ircwaves @jherrick @dornawcox @DanT @ldemmel and Kevin (don’t see him here!)…
We are working on privacy policies within SurveyStack, and realizing maybe we need a two tiered system. One tier is SurveyStack’s baseline policy, which (I think) is just a description of the privacy options (private v public data) and some information about how it may be accessed internally by developers for bug fixing, no use by third parties, no sharing ever… etc.
But then we need another layer which is organizationally determined. So if OpenTEAM has an organization in SurveyStack (or GM, or whatever) they should be able to layer a policy on top of ours. That policy may be more detailed about farmers rights to data, or sharing with third parties, or other conditional use. This should be defined in the organizations admin profile.
Does this sound right? What is the status of OpenTEAMs privacy discussions? Is there someone in the community who can help get this kind of wording right - like do we have a lawyer or something? In the case of other platforms… what do you do? Do you feel like you have a good process, or would like some help on this?
Any thoughts / ideas would be helpful.
Ha! Yeah, I can see the conversation now… ‘so, we see that you planted cover crops last year on this field’ … ‘I’ve never met you, did you drive by the field?’ … ‘no, we looked at satellites - it was taken last year, oh, I see someone out there in an open topped tractor in a blue hat… is that you?’ … click
Hi @gbathree and @ircwaves , Thanks for kicking this conversation off on the forum. We’ve been gathering member policies and want to establish some principles and language to support our policy around data usage as OpenTEAM. We’d love for you to join Monday’s work session on data mapping so we can “enable finer granularity control of the data.”
We don’t have lawyers to my knowledge engaged in our community, but that’s probably a good expert to find! I like the idea of layering policies, and I think in our quest for interoperability, it will be necessary to layer these policies clearly for the data holder one way or another. With multiple entry points into the ecosystem, it’s finding the most efficient, yet still clear path.
I found many presentations here interesting (especially the one by @sudokita ! ) : https://www.youtube.com/playlist?list=PLAPul_Jna_0y4pIKRVE6dDdI4FxVQ54tZ
I’m glad we have a good understanding of it from a high level, what to aim for!
I’d like also to start from the opposite end - our sci has users (members, admins) and groups (which can contain users and groups). Data is assigned to a user via X, and shared to admins via Y. Control mechanisms for data are A B C.
So in short, I’d like to pick 3 or 4 orgs and ask…
- what are our user, roles, and data structures
- what controls do we have inside them (public, private, anonymized, etc.)
- where do we communicate their ‘real-time rights’ to the user (data rights, privacy rights) and does it change depends on where they are in our system?
With those orgs… could we imagine a technical way to feasibly achieve the goals laid out in your doc? Then ask… does that technical way scale and apply to most others? Then ask… if not (or if it’s jenky) what do we need to do to get there?
I want to say yes to all those… But this is a thinking heavy problem, so I’d love to think through it.
Anyone find this interesting as a next step?