Data privacy ...

ChristianVirtual

ChristianVirtual

[H]ard DCOTM x3
Joined
Feb 23, 2013
Messages
2,561
WTF, not WCG fault ...

so now we need consent from each and every BOINCer to get stats processed ?




How do I export World Community Grid statistics?

Access to World Community Grid's data export files is restricted to persons who agree to comply with certain requirements regarding the processing of such data, and who sign our Data Processing Agreement.

This is in response to the General Data Protection Regulation, introduced by the European Union to give people control over their personal data.

To request access to the statistics export data, please
 
Damn, I got that email but I didn't read it.

That's ridiculous.

This could be the end of BOINC competitions.
 
I just because of this ... unlikely WCG get inactive ... just blocking me getting the stats ...

Screen Shot 2018-05-26 at 12.06.49.png
 
https://www.worldcommunitygrid.org/help/viewTopic.do?shortName=api

there is a link to a contact form I used to learn what they want ... will be interesting to see what that brings for future challenges and how other projects reacting.

I don't see much privacy impact: no eMail or physical address exposed in the stats files. No age or credit cards.

The only thing I can imagine has some privacy implications the host information (incl. CPU, OS, IP); where one could conclude certain additional information. But each contributor has already the option to hide those data.

Now I go back to my Facebook and Twitter and post some cat images and snaps of my latest food ... oh, wait, don't have a cat (but thats private)
 
Damn, no wonder I haven't been seeing my stats update. Yeah, that really puts a damper on competitions. If everyone follows suit, BOINC in general could see a huge hit in contributions. Not only from people who were doing it for the fun of the competition, but from others like myself who received no notification about the new rules and just assume that something is broken or the project got scrapped.
 
I got an email about what was going on from WCG. Did it end up in your spam folder?
 
Nope, nothing from them since 2014. Don't know what happened there. Maybe Hotmail blocked it altogether? I don't delete anything that comes in from tech side, I just file it.
 
I didn't get an email either.. but I did get a notice in the BOINC manager.
 
So i think we need to speak out about this stuff. There is nothing stopping them from having some easy opt in to allow specific users data to continue to flow. If more project follow suite this will kill contest for us which would be a major letdown and turn alot of people off.

I went on the website and submitted my frustration / feedback a few days ago and i think everyone who can should do the same. These laws do not force them to completely stop sharing this type of data, but they have to make it a consumer choice. Some companies are taking the easy way out and just pulling things entirely which is lazy. Granted they may be working on something, but these laws are not a surprise and have been in the works for a long time. I know my company made changes prior to the laws coming into effect.
 
Considering that WCG is a non-profit owned and maintained by IBM... it is safe to say that they are a much larger fish than most other DC projects out there. That also means they are a much bigger target with much greater risk. They are merely being proactive early on before required so that things can be ironed out and in place in advance. You have to remember that they do have to protect themselves as well. Now the bigger concern is... what are the other projects going to do about it? Right now team founders have access to a list of emails to team members. We have not had to sign anything saying we aren't going to misuse this info. Realistically every project will need to do something like this to guarantee the info they have provided us (3rd parties) is still protected. So, while you are annoyed about stats, you should be more annoyed that projects aren't doing more to prepare. If the BOINC devs don't implement or remove some features, it is possible that every project out there is in violation and at risk of being fined a great deal.

As far as not getting notifications, have you checked your settings at WCG? I believe you have to actively check the box to receive communications from them. However, it has been years since I checked those settings myself.
 
Gilthanis said:
Considering that WCG is a non-profit owned and maintained by IBM... it is safe to say that they are a much larger fish than most other DC projects out there. That also means they are a much bigger target with much greater risk. They are merely being proactive early on before required so that things can be ironed out and in place in advance. You have to remember that they do have to protect themselves as well. Now the bigger concern is... what are the other projects going to do about it? Right now team founders have access to a list of emails to team members. We have not had to sign anything saying we aren't going to misuse this info. Realistically every project will need to do something like this to guarantee the info they have provided us (3rd parties) is still protected. So, while you are annoyed about stats, you should be more annoyed that projects aren't doing more to prepare. If the BOINC devs don't implement or remove some features, it is possible that every project out there is in violation and at risk of being fined a great deal.

As far as not getting notifications, have you checked your settings at WCG? I believe you have to actively check the box to receive communications from them. However, it has been years since I checked those settings myself.
Click to expand...

I totally get what you are saying but it is not that hard to obtain consent. Simply add a checkbox with some dialogue within your account that says you allow your stat data to be freely used (or someting along those lines). It won't matter if everyone checks it, but if you want your points to be counted towards contests i am guessing that most people would do so. As i said these laws are not a huge surprise and there was plenty of time to prepare.
 
There is still time to prepare. But it isn't as simple as just giving a check box. They actually will have to attempt to make sure the third parties using the data aren't abusing it as well. So, they are working on the details to keep the lawyers happy....
 
https://www.worldcommunitygrid.org/forums/wcg/viewthread_thread,40876_offset,0#584818
Hi Everyone,

Wanted to give you a quick update and a bit of background on the status of our Data Processing Agreement (DPA), which will allow people who agree to it to access World Community Grid data exports, which were previously available before GDPR came into effect.

As many of you are aware, we've been working with lawyers to come up with an agreement that will serve the wishes of volunteers who use the data exports, while ensuring that we are GDPR-compliant, as defined by IBM. We did receive the agreement drafted by lawyers specifically for World Community Grid. But since IBM is a commercial entity that focuses on selling technology solutions, we felt that the agreement drafted for World Community Grid wasn't sufficiently geared towards volunteers. The World Community Grid team feels strongly that, in the long run, it's better for us to continue to work with the legal team to push for an agreement that we believe will meet volunteers' needs as well as IBM's needs, rather than give volunteers an agreement that is more geared towards commercial engagements and is not as relevant to a philanthropic initiative.

Sincere thanks to everyone for their patience during this process. We will use this thread to provide updates.

Many thanks,
Juan
Click to expand...
 
It's like having 2-factor authentication for web sites where I pay bills, but can't order anything. Like seriously, leave that shit wide open. If someone wants to pay one of my bills DOET!
 
Sigh, still nothing leaving WCG, does the lawyers object to a notification in BOINC and a checkbox in the profile settings?
 
runs2far said:
Sigh, still nothing leaving WCG, does the lawyers object to a notification in BOINC and a checkbox in the profile settings?
Click to expand...
Problem is also if a person decide to revoke the consent ... then the 3rd party need to follow that and also remove t9 make sure IBM not get hit ... that’s why they are so cautious. That’s said there must be ways to,protect the privacy of those who wants it vs. getting the community the data to play with ...
 
An IP address is considered to be PII/sensitive data according to GDPR as it could "potentially identify an individual". This is why they're treating it as if it's healthcare or SSN sort of information - GDPR allows for fines as high as 4% of global revenue for the company in the event of a violation.
 
Your IP address is being sent in those stats exports?
 
Good news from WCG:

I am pleased to report that access to the data export files has been re-activated and is available again. Volunteers who wish to access the data will not need to sign a Data Processing Agreement or obtain tokens.

The review concluded that if volunteers are given explicit notice of and sufficient control over how their data is used, there was no legal justification for imposing any further restrictions on the data export files. The review also concluded that we will likely need to reinforce and strengthen the consent language in a few places on our website, but that doesn't stop us from opening up access to the data exports in the meantime.

This process took significantly longer than any of us hoped or anticipated, and we understand people's frustrations while we had to disable access pending the legal review. But we felt it was important to push back aggressively on what was initially a process more appropriate to a commercial engagement than a philanthropic initiative and to persevere until we had an outcome that was both GDPR-compliant as well as volunteer-friendly.

Finally, a reminder that while access to the data exports is now unrestricted, the export files only include data of volunteers who have opted to make their information public.

Thanks as always for all your support,
Juan
https://www.worldcommunitygrid.org/forums/wcg/viewthread_thread,40876_offset,120#588719


So I hope it will work again with the next load for FB and hard-dc too.

In an updated BOINC version here are now files included like host_deleted.xml and user_deleted.xml which contain those user opted out and want their data removed.

Will need to implement that deletion-process in my boinc DB too in order to respect the individual decisions.
 
You must log in or register to reply here.
Back
Top