http://imagej.273.s1.nabble.com/ImageJ-2-0-0-rc-11-released-tp5009074p5009125.html
It looks to me that you (or the Fiji team) have opened a whole can of worms. I have no background in law but my feeling is that you have to be very careful with what data you are going to collect, how you are going to store, manage and use this data and how the users are informed about this. It is not just what the Fiji team "thinks" about this, there are laws. Part of your users, including myself, live in the EU and as you will collect data from computers in the EU I think there might be a problem. I did a quick search online and found:
According to a ruling of the Court of Justice of the EU on 24 November 2011 IP addresses are personal data (
). This has been confirmed by the European Commission on 14 March 2013 (
). It seems it does not matter what somebody does with the data but what somebody could do with the data.
Then I can imagine that there are also issues if this data is leaving the EU. The Fiji.sc website seems to be registered in Germany but part of the development team is in the US (and I am not sure where the download servers are) but I came across something that the US recipient of the data has to be signed up to the US Department of Commerce Safe Harbor Scheme.
I really cannot tell you if (part of) these rules cover the collection of the data by Fiji but it seems to me that some more thoughts have to go into the legal framework behind this data collection.
Dr Ir K.R. Straatman
> On Monday 11 Aug 2014 14:18:11 Mark Hiner wrote:
> > > SCIFIO was opt in, but usage tracking is opt out? It does not make
> sense.
> >
> > To be clear, SCIFIO is enabled by default.. you have to uncheck a
> > box to disable SCIFIO, so it is opt out.
>
> Right, but it was impossible to miss as I had to answer the SCIFIO
> dialog when the update came.
> What is the problem in showing a similar dialog and let people know
> what will be going on?
>
> > I think there is a difference in the questions "what do you do with
> > the software" and "what do users do with the software". I don't
> > believe we
> will
> > ever ask the former question.
>
> Mark, what you or me personally *believe* somebody will ask in the
> future does not matter. It is the process of getting informed consent
> on the data collection; IJ2 is assuming and makes it less obvious than
> it could be.
>
> > we can ask:
> > "How many times was Bio-Formats used with Java 7"?
> > we *can not* ask:
> > "how many times did Gabriel Landini run Bio-Formats?"
>
> Even with my poor knowledge of network traffic I can imagine that it
> might trivial to script something using time stamps and ip addresses
> of the uploading machine as well as plenty of emails also ip addresses from users.
> Not that I remotely think that the devel team would have the time or
> inclination to do this, but if we are talking about what is
> impossible, I suspect it is not. So whether that is potentially
> identifiable information is probably debatable. If there is then you
> would be effectively logging in a database their location every hour
> (!) IJ2 runs. Doesn't that sound a bit creepy?
>
> My issue was (and remains) that data collection needs to be fully
> informed before it takes place, not to be On by default.
>
> > >If this happens to be something people want to adhere to, then
> > >there is nothing to worry about as there will be lots of users
> > >opting in when
> given
> > > the chance.
>
> > I believe this is actually hard to predict.
>
> Ask the users in a similar way SCIFIO was done and you will have the
> answer.
> Then we would not be having this conversation.
>
> > If usage statistics were presented similarly - with a pop up on
> > launch
> and
> > an options menu - my expectations for opt-in numbers would be very low.
> Not
> > because people don't want to contribute but because we created a
> > barrier
> to
> > the process.
>
> The issue that does not seem to stick after all this typing is that
> IJ2 should not make that decision for the users. IJ2 is not the owner
> of the processes happening in a user's computer. You need to ask, not
> assume, that people will be happy for their computers to contact a
> database every hour and letting it know they are there and doing this
> or that.
>
> > A more successful alternative might be, when statistics are actually
> being
> > uploaded, to display a dialog asking to proceed or not - with
> yes/no/don't
> > ask me again options. That sounds promising, but also potentially
> annoying
> > or confusing to get that pop up, and we can still expect statistics
> > reporting to drop.
>
> But if the reporting statistics drop, that would have to do. Make
> estimates instead of collecting all possible data.
>
> > So since we are not sending or storing use-specific data, and
> > provided
> and
> > publicized the opt-out mechanism, we decided to go with the option
> > that
> was
> > un-disruptive at the workflow level and maximized data collection.
>
> Yes, you said that before, and I am sure I am not alone thinking it is
> not the desirable way of doing it.
>
> > Especially given, as you mentioned, that users ultimately need to
> > agree
> to
> > communicate with an external server to download these applications
> > and updates.
>
> But there is an obvious difference between the two situations. One is
> requesting an update. The other is broadcasting to a database.
>
> > I hope it's clear that I am not saying we are unwilling to change
> > how permissions are exposed.. but if we can circumvent that need via
> discussion
> > it would certainly be my preference. And if we do end up making any
> > changes, I would like them to be as minimally damaging to the
> > quality of the data gathering as possible.
>
> I sounds like it is preferable not to ask people about the data collection.
> That is in my view an error of judgement that can be resolved easily.
>
> > To me, there has to be actual user data being exposed to be a matter
> > of privacy. Can you clarify what you believe to be the concern here?
>
> Sure: that the process of collecting usage data is not made clear from
> the beginning and it should have informed consent before the collection starts.
>
> If there are no privacy issues, why is the function to switch it Off
> called "Privacy"?
>
> Regards
>
> Gabriel
>
> --
> ImageJ mailing list:
http://imagej.nih.gov/ij/list.html>
CEO: Dr. rer. nat. Jan Brocher