Minor clarification in our Privacy Policy

rob · January 24, 2022, 12:54pm

Hello!

As you may know, last week was our week where the whole team worked to improve the documentation for all of our projects. One of the projects I worked on was fixing an unclear/flippant/incorrect portion of our privacy policy, in particular the exceptions noted near the bottom. This text was fine back in the day when we were smaller, but now it should be more clear and more explicit.

Old version:

Please note: Reasonable exceptions may apply to the above policy, for example to comply with applicable laws. The MetaBrainz server administrators (about five people in all) can of course see any information on the system they want to, but to be honest we’re probably not interested enough to look.

New version:

Please note: Reasonable exceptions may apply to the above policy, for example to comply with applicable laws. Also, members of the MetaBrainz team and other personnel contracted to provide services to MetaBrainz may have access to our infrastructure and could therefore view any information contained therein. However all personnel are contractually bound by non-disclosure clauses which prevent them from making any such information available to others.

The pull request for this change can be found here:

Improve the clarity of the Privacy Policy exemption by mayhem · Pull Request #382 · metabrainz/metabrainz.org · GitHub

If you have any concerns or objections to this change, please speak up!

rdswift · January 24, 2022, 4:25pm

One slight wording change suggestion…

Perhaps replace “and can see any information we want to” with “and the data contained therein” (or something like that).

rob · January 24, 2022, 4:37pm

Yeah, atj suggested much the same, let me update it.

rob · January 24, 2022, 4:42pm

Done, reads better now. Thanks!

outsidecontext · January 24, 2022, 4:56pm

I’d still change:

[…] may have access to our infrastructure and could therefore view any information they wanted to.

To

[…] may have access to our infrastructure and could therefore view any information contained therein.

Or something. It’s not said there, but it kind of could give the impression of team members wanting to access all this information. Or at least people might start twisting the words here

rob · January 24, 2022, 5:21pm

Oh, eh oops, missed what @rdswift was saying, sorry. I’ve improved that as well now.

InvisibleMan78 · January 24, 2022, 5:33pm

At the risk of making myself unpopular: IMHO you can’t prevent anything with a NDA. You can just take legal action for infringements.
We all know what you want to say, I’m just not sure if this really helps to understand, that only friendly people without any bad intention are working for MB.

rob · January 24, 2022, 5:48pm

You’re right, an NDA can’t prevent anything; but we work hard to have trustworthy people on our team and that is our best defense. But, FWIW, this is the way the industry conducts business and how the legal system works. If we stray outside of this and think up something entirely different, then we’d be on even thinner ice.

reosarevok · January 24, 2022, 6:55pm

Sorry for the OT here, but

rob · February 3, 2022, 4:03pm

Ok, given the discussion has died down, I will merge this PR and push this policy improvement live.

Thanks!