We do Privacy by Design
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 94 | |
| Author | ||
| License | CC Attribution 4.0 International: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/45867 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FrOSCon 20183 / 94
3
7
9
10
13
14
16
19
21
23
25
28
29
30
31
32
33
36
37
39
40
41
43
44
46
48
49
50
53
54
57
67
75
76
77
80
81
85
90
91
92
93
00:00
Information privacyFreewareOpen sourceGoodness of fitInformationOpen sourceView (database)Data managementProjective planeHand fanInformation privacyXMLUMLJSONComputer animationLecture/Conference
01:01
Software developerDigital filterDisk read-and-write headStaff (military)Office suiteOpen setOpen sourceMereologyFocus (optics)Projective planeDeterminantPosition operatorFlow separationComputer animation
01:43
Open sourceFreewareSoftwareInformation privacyInformation privacyRegulator geneOpen sourceMereologySound effectSoftwareLecture/ConferenceMeeting/InterviewComputer animation
02:16
Information privacyProduct (business)Software developerMereologyWater vaporProjective planeSet (mathematics)Default (computer science)2 (number)Information securitySoftwareLecture/ConferenceJSONXML
03:08
Default (computer science)Information privacySoftwareDefault (computer science)Configuration spaceInformation privacyProduct (business)Phase transition1 (number)Group actionState of matterDisk read-and-write headShared memoryWebsiteMusical ensembleJSONXMLComputer animationLecture/Conference
03:57
Information privacyProduct (business)Information privacySoftwareFunctional (mathematics)Core dumpInformation securityOffice suiteArithmetic mean1 (number)JSONXMLComputer animationLecture/Conference
04:38
Function (mathematics)Video gamePrincipal idealContent (media)Functional (mathematics)Group actionCASE <Informatik>Information securityMultiplication signServer (computing)Information privacyInternet service providerGoodness of fitDichotomyJSONComputer animationLecture/Conference
05:31
Information securityInformation securitySoftwareElectric generatorInformation privacyProduct (business)JSONXMLLecture/ConferenceMeeting/Interview
06:13
Keyboard shortcutData storage deviceRegulator geneProcess (computing)TelecommunicationJSONXMLLecture/ConferenceMeeting/Interview
06:54
Information privacyInformation privacyService (economics)TwitterJSONXMLLecture/ConferenceMeeting/Interview
07:36
Information securityInformation privacyDigital signalProduct (business)Information securityProduct (business)SoftwarePerspective (visual)Open sourceInformation privacyFreewareTwitterLevel (video gaming)Computer animationLecture/ConferenceMeeting/Interview
08:13
Information securityInformation privacyProduct (business)Software developerSoftwareSoftwareProduct (business)Open sourceSoftware developerInformation securityWeb 2.0Information privacySoftware industryComputer animationLecture/Conference
08:50
Information privacyInformation privacyMereologyComputing platformOpen sourceSoftwareSpacetimeComputer animationXMLLecture/Conference
09:27
Content (media)Table (information)E-textDefault (computer science)CoprocessorGame controllerMaizeCountingElectronic data interchangeTerm (mathematics)MereologyRight angleSoftwareInformation privacyMultilaterationMultiplication signInternet service providerBasis <Mathematik>Electronic mailing listInclusion mapTheory of relativityProjective planeWater vaporTouch typingLecture/Conference
10:59
MaizeContent (media)Table (information)Game controllerE-textDefault (computer science)MIDIGroup actionOpen sourceRegulator geneSoftwareOpen sourceElectronic data processingFamilyService (economics)FreewareElectronic visual displayLecture/ConferenceComputer animation
11:39
Process (computing)FeedbackExecution unitOnlinecommunityComponent-based software engineeringProjective planeBridging (networking)Open sourceSoftware developerUsabilitySoftwareTelecommunicationStaff (military)Proof theoryGoodness of fitInformation securityRamsey theoryMechanism designPosition operatorTerm (mathematics)Multiplication signEncryptionMereologySingle-precision floating-point formatBitProcess (computing)Decision theoryRegulator geneFlow separationWebsiteInternet forumForcing (mathematics)Lecture/Conference
14:38
Service (economics)Traffic reportingProduct (business)Port scannerOpen sourceSoftwareProduct (business)Point (geometry)Touch typingSoftware developerUniform resource locatorService (economics)MereologyXMLUMLLecture/ConferenceMeeting/Interview
15:16
Local GroupInternet forumHydraulic jumpDaylight saving timePrice indexHTTP cookieWhiteboardWeb pageRead-only memoryOpen sourcePoint (geometry)Touch typingInternet forumInformationInformation privacyTrailComputer animationLecture/Conference
16:00
Basis <Mathematik>Process (computing)BlogInternet forumImage registrationUser profileIntegral domainEmailAddress spacePasswordServer (computing)EncryptionDefault (computer science)Information privacyComputer fileQuery languageOpen sourceAddress spaceTerm (mathematics)Information privacyInformationSoftware bugComputer animationXML
16:42
PermianSign (mathematics)Single-precision floating-point formatOffice suiteDrum memoryMultitier architectureUniform resource nameSoftware bugOffice suiteOpen setInformation privacyProjective planeImage registrationHeat transferOpen sourceWebsiteProcess (computing)EmailRight angleValidity (statistics)Lecture/ConferenceXML
17:46
Menu (computing)Open sourceWebsiteBuildingAxiom of choiceInformationMechanism designControl flowVideo trackingGoogolGoogle AnalyticsExtension (kinesiology)Database transactionWeb browserPerfect groupInformation privacyEmailProcess (computing)Greatest elementImage registrationDecision tree learningComplete metric spacePasswordFunction (mathematics)HTTP cookieMereologyInformation privacyWebsiteOnlinecommunityInformationAnalytic setPerfect groupVideoconferencingTrailXMLUMLComputer animationLecture/Conference
18:36
Software testingDatabaseServer (computing)HTTP cookieVideo trackingWebsiteCodeElectronic mailing listNewsletterInternet forumSocial softwareCodeGame controllerMachine visionComputing platformControl systemOpen sourceLucas sequenceElectronic mailing listDiscounts and allowancesFood energyValidity (statistics)Touch typingSuite (music)CollaborationismEmailProcess (computing)Workstation <Musikinstrument>NewsletterTelecommunicationINTEGRALSoftware testingMultiplication signContinuous integrationData conversionComputer animationLecture/Conference
19:49
Information privacyOpen sourceWeb browserExtension (kinesiology)Mobile WebProduct (business)Electric generatorBitProduct (business)Open sourceDigital photographyWeb browserExtension (kinesiology)Arithmetic meanMobile WebMobile appComputer animationLecture/Conference
20:31
Web browserExtension (kinesiology)Mobile WebBlock (periodic table)Information privacySoftwareInformation privacyRevision controlMereologyComputer animationLecture/ConferenceXML
21:06
Information privacySingle-precision floating-point formatInformation privacyMereologyOpen sourceProjective planeSoftware developerMusical ensembleLecture/Conference
21:56
Virtual machineInformation privacyProjective plane2 (number)Regulator geneBitOpen sourceDefault (computer science)Repository (publishing)Software developerProcess (computing)Multiplication signComputer animation
23:14
WebsiteVideo trackingInformation privacyCue sportsDefault (computer science)Maxima and minimaWeb 2.0TunisInclusion mapComputer iconWebsiteOpen setService (economics)ResultantInformation privacyTrailUniform resource locatorPlug-in (computing)Physical systemMobile WebProjective planeProcess (computing)SoftwareHTTP cookieOpen sourceData conversionSoftware testingSoftware developerExtension (kinesiology)Observational studyUsabilityBit rateProduct (business)Group actionCrash (computing)Functional (mathematics)Formal grammarBitTraffic reportingBlock (periodic table)Expert systemSet (mathematics)Default (computer science)XMLLecture/Conference
25:49
Web browserTerm (mathematics)Installation artWorld Wide Web ConsortiumSubsetWebsiteDefault (computer science)Open sourceYouTubeHTTP cookieVideoconferencingInformation privacyDisk read-and-write headPoint (geometry)Touch typingService (economics)GoogolComputer animationLecture/ConferenceMeeting/Interview
26:33
HypermediaBlock (periodic table)SubsetContent (media)Video trackingInformation privacyInformation securityMultiplication signGoodness of fitMixed realityCore dumpInformation privacyTrailBlogComputer configurationComputer iconData acquisitionBlock (periodic table)CASE <Informatik>Complex (psychology)HypermediaElectronic mailing listWeb 2.0Automatic differentiationAdditionSubsetComputer animationLecture/Conference
28:27
Video trackingHTTP cookieMathematical analysisFingerprintScripting languageWebsiteInformation privacySystem identificationFunction (mathematics)Functional (mathematics)HTTP cookieInformation privacyComputer animationLecture/ConferenceXML
29:04
Interior (topology)Function (mathematics)Product (business)Functional (mathematics)Multiplication signVirtual machineEmailAutomatic differentiationIdentifiabilityOnline helpComputer configurationLecture/Conference
29:57
System identificationFunction (mathematics)Virtual machineInformation privacyInformationProduct (business)Square numberComputer configurationTraffic reportingCASE <Informatik>Functional (mathematics)WebsiteUniverse (mathematics)Logic gateComputing platformWhiteboardXMLLecture/Conference
31:11
Process (computing)State of matterPlane (geometry)PermianConvex hullFile archiverElectric generatorInformation privacyYouTubeTracing (software)Multiplication signData miningArithmetic meanCASE <Informatik>Right angleXMLLecture/Conference
32:18
Extension (kinesiology)Pay televisionSubsetAnalytic setAddress spaceCodeLatent heatExtension (kinesiology)Pay televisionIP addressComputer fileMultiplication signTraffic reportingPerspective (visual)Computing platformDiallyl disulfideLevel (video gaming)Software developerProduct (business)Information privacyMereologyXMLComputer animationLecture/Conference
33:35
TelecommunicationMonster groupBitExtension (kinesiology)ResultantSoftware developerInformation privacyTrailMobile appCodeSource codeTerm (mathematics)Open sourceProduct (business)Projective planeCategory of beingComputer animation
35:08
Internet service providerOpen sourceSeries (mathematics)Social classProcess (computing)Information privacyProduct (business)Shared memoryComputer animationLecture/Conference
36:16
Information privacyOpen sourceCASE <Informatik>Musical ensembleForm (programming)WhiteboardInternet forumSoftwareProjective planeFile formatFreezingVideo gameFile viewerShared memoryWave packetMoment (mathematics)Rule of inferencePhysical lawRegulator geneWeb 2.0Functional (mathematics)Computer animationLecture/Conference
42:34
FreewareOpen sourceComputer animation
Transcript: English(auto-generated)
00:07
So then let's get this started. Good morning everybody. I'm glad to see so many faces in here this early Sunday morning. Glad that you made it. So to energize you a little
00:20
bit, let's see a show of hands. Who of you is working actively in one open source community? Okay. And from these who were just showing up, which of your projects are actively processing user data? And do you think that you are doing this GDPRR compliant?
00:49
Okay. So it's great to have you in here, everybody. This talk is about privacy by design. And some small infos about myself. Yeah. Been there, done that in open source for now
01:06
for about 20 years. Have been with several open source projects. Now I'm working at IO, which is a company behind Adblock Plus. And I'm glad to be in the lucky position to even get paid for working in open source project. So what I want to walk you through today
01:29
is focusing on privacy by design. So it will not be a talk focused primarily on GDPR. But we will go past this a bit as well. I want to focus on this one concept that is
01:43
part of the new regulation. But goes beyond this. And also has been there for a much longer time. So we will start with looking at the principles of privacy by design. Then why does it matter? And how does it affect free and open source software? And then because
02:02
it is a concept that is easy to grasp but hard to do, I will provide you with some examples from our Adblock Plus experience. So about the concept. First, the background of this is that privacy by design was already devised in the 90s. It is coming
02:21
from Canada. There was this privacy commissioner named Ann Kabukian. And she devised seven principles of privacy by design. And I will now introduce you to these seven criteria. Welcome. So the first of the seven criteria is called proactive not reactive. What does
02:46
this mean? It means that privacy should be part of your product development from day one. So you do not plug the security holds or privacy issues as an afterthought. They get anticipated and they get prevented from the beginning. Second criteria, privacy as
03:08
the default setting. So this means that by default, your software is configured in a way to protect the user's privacy best. And that it collects the least possible amount
03:21
of data. So this means that the user does not need to do anything in the first place to protect their data. And if they would like to, they can decide which data to share. And the users will only do so if they understand the benefits of sharing that data. And if
03:42
they know what is getting done with the data and if they know how to decline the consent whenever they would like to. The third criteria is called privacy embedded into design. This means design is the conceptualization phase. It's the product's
04:02
roadmap where you think about how you want to develop the software in the future. And if you're doing this more specifically in a company environment, privacy aspects get sacrificed quite quickly, unfortunately, because always developing
04:22
core features functionality is always more important. So this principle means that you need to define privacy and security as the core features of your product and that you need to prioritize them accordingly. The third criterion is called full functionality.
04:43
This is, I think, the trickiest of the seven. And in the end, it's about innovation and having really great ideas, because it is key to come up with smart solutions that both protect privacy and at the same time do not limit the business case or the
05:02
functional scope for the user. And this can be really tricky, because for several functionalities, you need at least some data from the user. So this means that it's about coming up with good ideas to avoid these dichotomies and provide
05:21
good solutions for the users that they get the most of the functionality with giving the least of their data. The fifth principle is called end-to-end security full lifecycle protection. This means that when you are developing software and you are processing user data, you need to have in mind the full lifecycle
05:45
of the user's data, which means it starts from data generation to how you are using the data. Probably also you are handing data over to third parties. Then sometime probably you are archiving the data and sometime you are deleting the data and all of
06:03
this product data lifecycle, you have to keep in mind to secure the privacy of your users. The sixth criterion is called visibility and transparency, keep it open. This means that you can only then build good relationships with your users when you can communicate
06:26
as transparent as possible what the user's data is used for, which is also very important for the regulation that now came into place. This information, what you're using the data for, can always be verified anytime by an independent third party so that it is possible
06:44
to have your processes and your data storage and everything related to user's data audited by a third party anytime. The seventh and I think the most important of these seven principles is respect for the use of privacy, keep it user-centric.
07:02
It means there is a sovereign user that is in the center of all privacy efforts. This means that the users own their data. It is not you owning the user's data. The ownership always keeps with the user. This means that the user grants and denies
07:20
the access to the data. It means that always they have the full visibility on who has access to their data and they can change the data and they can also trigger its deletion. So this is for a first overview and I'd like to wrap up these seven principles a bit from different perspectives. The first one is from the product or free and open source
07:44
software perspective. This software has to prevent privacy and security issues from the very beginning. It always has to request a permission first, which means you have to
08:00
work with opt-ins instead of opt-outs, for example. The software needs to put the user in charge of deciding on their level of privacy. When you are thinking about your product or open source software roadmap, you have to give security and privacy issues top
08:21
priority so that they are not deferred to feature development and you need to innovate on how to provide the best features without sacrificing privacy. And as a software company or as a first community, you have to provide transparency to your users on the purpose for
08:42
which the data is used. And you need to consider privacy in the full product lifecycle. So, why does this matter now? There is a general approach to this, like the saying goes, privacy is like oxygen. You only notice when it's gone. So in my perspective, privacy is like a
09:06
human right, and you as a software developer, as part of an open source community, you should provide your users with the tools that protect their breathing space. But apart from this
09:22
overall general ethics, now there are real regulations, and I think everybody of you nowadays has heard about GDPR. It came into place in May, so I won't give you a full background in GDPR. There are many other talks about this, and many people who can
09:43
do this much better than me. But some things that I want to highlight to you is that the first one is that the aim of this General Data Protection Regulation is to protect the personal data of individuals in the European Union in an increasingly data-driven world.
10:05
Its most basic requirements are first, transparency. What is being done with the data that is collected? Accessibility, that is about this user sovereignty, that the user can access their data, and consumer rights in terms of deleting the data and changing the data at any
10:25
time. And the third and foremost principle is privacy by design. So now we are having this concept that comes from the 90s embedded in one EU-wide regulation, which as EU users are
10:41
taking part in also software that is provided by international companies, also needs to be complied by these international companies. So here in the Article 25 that I got on the slide, it says very explicit that privacy by design now is a requirement and not a suggestion.
11:05
And that there are really very large fines if a company or somebody providing a software is not complying with these new regulations. But how does this now affect open source software?
11:25
The most important thing is that this regulation not only applies to companies, it applies to every data processing apart from, and there is a clause, apart from personal or family-related use. So the regulator took something apart like
11:46
some stuff that is done as a hobby or that is really personal, that is really family-related. But still, apart from this, it applies to really any entity, not only companies, that processes
12:00
European user data anywhere in the world. So what this means, if you are a single, free and open source developer scratching your own itch like the saying goes, is this a hobby? Is this a personal use? Is it probably family-related? There is no formal decision yet. So this is something that I assume will be part of several discussions and probably also
12:26
decisions in the upcoming months and years because there is no formal regulation on this up to now. But if you are a single force developer who is providing tools to your community,
12:42
like a forum or a website or an issue tracker or whatever, then you are actively processing user data apart from personal or family use. And as soon as you are doing that, GDPR is definitely part of your concerns. And where it also fully applies, if you are part of a company that either
13:07
produces or uses free and open source software, then as well, this is nothing about personal use. This is something where GDPR applies, and in this regard, you really need to be concerned about
13:20
properly implementing privacy by design. So the bright side is that open source projects most of the time are mostly in a good position for these compliances, because in general, they already are transparent. They have flexible processes. They have good feedback mechanisms. So one part of the principles is already in place. Also, in most of the projects, security and
13:51
encryption mechanisms, for example, they already have an importance and are implemented. And the third thing is that GDPR is also about transparency in early breach notifications.
14:05
So in terms of having a software that is already open source and where all of the communications are transparent, this leads into an easier way of doing this. So probably not that many
14:22
things to be that much concerned, but still having these principles in mind will definitely help you improve on your software, even completely apart from GDPR, but just because you are respecting your users. So let's look into this a bit in more detail,
14:41
and I will provide some examples. So there are so many touch points when you are doing open source software development where you are interacting with your users' data. So this is for sure you are doing this in several of the products. So these are examples from Ubuntu, and in Ubuntu, you have the feature of problem reporting, and you have location
15:03
services, and you have the opportunity to give your consent whether you want to do this or whether you don't want to do this. These are just small features that you need to care about to implement these in your products. But a part of your product, as I said, there are so many other touch points that you have with your community, and you need to care
15:22
about them now as well. So one thing that most of the open source communities have is a forum. So now this here is the Adblock Plus forum, and because people register to get into the discussions, Adblock Plus, as the owner of this forum, is collecting personal data,
15:42
and this means that there needs to be a privacy policy explaining what has been done with the data, whether it is handed over to another third party, whether there is tracking in place when the data is deleted, and so on. So this is an example for the privacy policy for this specific forum, and it first tells what is collected in terms of personal data,
16:10
and that it is not required to participate, that you can delete your account, and later on in the privacy policy there is also an address where people can turn to if they want to have
16:22
anything changed or deleted about that data, or if they just want to get some more information about that. Another example is that most of the open source communities will run in a public bug tracker, also a tool that is collecting personal data from the users.
16:42
So again, the same thing, this is the bug tracker of the open office project, and they are providing a privacy policy here, and here in their privacy policy, they again tell that there is
17:02
personal data collected in registration, that there is no transfer of the data to third parties, and that is the email address, and what is necessary, and all of the rest is voluntary, and later on more data that is collected, what is collected for, and when it will be deleted.
17:25
If you need to collect personal data, like you need in a registration process like here, there is the need for explaining very detailed how you're processing the data and how the user can decline the rights to access the data again. Same thing about the websites that
17:45
the open source communities are running, the Drupal website. Again, same story, privacy policy here. So an interesting thing about the Drupal website is that they are handing over information to third parties. This is Google Analytics, and this is called Perfect Audience,
18:07
and here they provide the opportunity to opt out. So they say we are tracking this by default, but if you don't want to be tracked, go here, and then you are not tracked. It would be better
18:22
the other way around, but still they are providing the information and give the user the opportunity to get their data handled in a way they want to have it. What else is there to consider? Probably you're providing your community with other tools, like you're doing code hosting,
18:45
probably on your own vision control system, you have your Git set up somewhere, for example, or you're using GitHub or GitLab. If you provide your users with access to these platforms,
19:01
you are collecting their personal data, and, again, you need to get into this conversation. Same for automation tools, for continuous integration and testing, for example. Same for other kinds of communications that we didn't touch up until now, for example, like mailing lists or newsletters, or collaborative editing. So there are people,
19:25
if you just look for these topics on the web, there are people who are having very detailed concepts now, how to do collaborative editing, like on Etherpad, for example, in a GDPR compliant way. So if there is a need in your open source community for that,
19:44
check these out, they are good ideas about this, how to set up these processes. So these were very general ideas, because at Blockplus we are very privacy friendly and very much concerned with this topic. I chose this open source product as an example where I can
20:07
show a bit more of a detail towards all of the stuff that was discussed before to just make it more tangible. So talking about at Blockplus, there's not only one product that probably most of you know which is the browser extension, there are dozens. So we have the
20:25
desktop browser extensions, we are having mobile partnerships, and we are having mobile browsers, meaning apps. And all of these are free software, and then they are licensed on GPL version 3. And in each of them, we really care about privacy by design.
20:44
And I want to show you some more examples about this. So the first and I think most important thing, and in fact this is also the reason why I chose to work for IO, the company behind at Blockplus is that privacy is really part of the company's DNA. So this is how we put it in our
21:06
privacy policy that it is really part of our values that we collect as little data as possible. And if it is in any means possible to don't collect anything that we can provide anonymous
21:21
or at least pseudonymous use, we will do this. And this is something that really comes from the past where this open source project was started by one single open source developer, Vladimir Palant, and he was deeply concerned about privacy. And this is something that
21:41
for a company that now grew to 130 employees is still a part of our DNA and is still looked into in everything that we are doing. We are discussing a lot about this, and I will show you more details about that. So coming back to the seven principles that I provided,
22:01
the first I said is proactive, not reactive, and here meets Judith. Judith is our data protection officer, she is a doctor of law, and she is really involved in any of the feature developments that we are doing at Blockplus. So this is our GitLab repository
22:21
with our GitLab issue tracker. This is all open as we are an open source company and community. All of our discussions are transparent and accessible by the public. So as you see here, this is something about a new feature that we wanted to support in our issue reporter, and it would mean that we would collect one bit of user data.
22:45
And because of this here, Judith, our DPO, is integrated in the whole process from the start, and I think this is a very important thing. Not every open source community will have a dedicated data protection officer, but see that you have one person who knows about the regulations but also
23:05
lives for the user's privacy by heart and involve these persons from the beginning in your feature development. The second principle, privacy as the default setting. This is very easy
23:21
for us because we try to just not collect any user's data. So what you see here, privacy score is an open scanner where you just enter a website, and this is the result for our website, and you see that we are just not tracking anything. There are no cookies. There are no
23:45
social plugins. There just isn't anything, and the same goes for our tools. So there is no telemetry. There is no location-based tracking on the mobile devices. We do not send crash reports. All of these things we just don't do, so having privacy as a default setting is
24:05
very easy for us, but it is not easy for product development. So we just don't know who our users are. We don't know about their issues. Where is our product working for them? Where, when they visit our website, do they probably get stuck? So we want to improve
24:26
the functionality for the users, but we don't know about them. So there are lots of discussions raging at Block Plus, if we should have tracking, if we should have telemetry. At the moment, what we are doing is that we are focusing on user support, so to get into
24:43
a conversation with our users, we have a feature which is called the issue reporter, which I will come to a bit later, where people can report if anything is not working with the extension, to tell us about stuff that people don't understand or they don't like, and we
25:01
are doing user tests, and I think this is a very important feature and something that I can recommend for any open source community. Go and talk to your users in any way that you are able to, and formal usability tests are a great way to do this. So if you want to learn more about
25:20
that, come and visit us at our booth. We are doing usability tests the whole day. We have our UX experts there, and they will walk you through our new features and see how you like them, if you understand them, if there are ideas on improving them, and also about what is already there. So get into this conversation with the user. It means that formal tracking things
25:44
in the software are probably not that important anymore for your product development. Another example regarding privacy by design is how we are doing it on our website. So we are showing an explanatory video, which is also quite useful for the users, and videos that are
26:03
coming from YouTube always place the YouTube cookie on the user's devices, and also if you're using the no cookie tag, it just doesn't work. There is still data sent to Google. So what we are using here is YouTube no cookies.com, which is a service that strips this and does not
26:25
affect our users with Google cookies anymore. So we really try to look into this in every touch point that we are having with the user. Another example for the criteria, which is called privacy embedded into design, which means define privacy and security as the core features
26:45
and prioritise them accordingly. This is also something that is where I think Adblock Plus is a very good example because one of the features that we are providing is Adblock Plus as a privacy tool. So Adblock Plus is not only blocking ads. Besides ads, which are really annoying
27:06
in your web browsing experience, the even more freaking thing is that you are getting tracked everywhere. So what we are providing are the privacy and security options here, which allow the user to get in more filter lists, mainly easy privacy in this case,
27:28
which blocks additional tracking and also blocks social media icon tracking. And another thing that is specific to Adblock Plus, not to most of the other ad blockers, is that we have this thing called acceptable ads, which means that we show ads that are not annoying or
27:46
not that much annoying, at least they comply with the acceptable ads criteria, but these would track the user. So what we provide as well is another feature where we say only allow ads
28:01
without third-party tracking. So the user has a very fine granular options in how much privacy they want to have, and if they want to have full privacy, they only allow the acceptable ads without third-party tracking and activate the easy privacy list and the social icons tracking
28:23
list so that all of this gets blocked. So when you are using easy privacy, and this goes for Adblock Plus as well as any other ad blocker that provides you with access to this filter list, you are pretty safe against most of these tracking strategies, like cookies,
28:48
fingerprinting, session replays, and so on. Third, the next criterion where I wanted to provide an example is about full functionality, so coming up with smart solutions that both protect
29:04
the privacy and at the same time do not limit the functionality to the users. So as I said before, we are providing this issue reporter, which means when the user is using our product and they are seeing ads, for example, still, they have the possibility to report this to us.
29:25
And they can provide an email address, but they always have the option to submit this anonymously, and we explain that in here that if you enter an email address, we can get back into contact with you, but if you don't care about that, then don't provide the email address,
29:43
do this anonymously, and it's also totally okay for us. The next thing where also we are having an opt-in, this is a feature that is not live yet, but what we are thinking about is that people allow us to use the screenshots to help identify ads through machine learning,
30:02
which also could break the user's privacy, so this is something that is opt-in, and also only users that would like to support us with this endeavor, they opt into this. Another thing that is very important about this issue reporter functionality is that it allows the user to screenshot of the website where they were seeing ads, and if you're taking screenshots,
30:27
there might be the case that some personal data is shown, like you were logged into a website or to a platform, and you don't want to send this information, this personal
30:41
information to us, but you want to send us the information about the ad, so what the issue reporter is also providing as a feature is the option to clear out, like to put a black square about the stuff that you don't want us to see, so even more opportunity for really
31:06
only sending the stuff that you want the product to know about. Then the next criteria, as I said, is about full lifecycle protection, which means that the privacy
31:21
is respected from the data generation to its usage, probably handing over to third party, archiving and deletion, so as I said, we are really much into data avoidance and data minimisation, so there's really not that much for us to do in this case, because no data, no
31:40
lifecycle. Our general privacy policy is just to avoid collecting data, and if it is collected, it is anonymised, and if possible, it is deleted as soon as it is no longer needed, so this is where we explain in detail to the user what their rights are and what is done with the
32:07
data, like that the data is deleted, for example, if the users withdraw that content or if we just no longer need the data, and here is one specific example, is that there is data
32:23
that we are capturing, but only for 30 days, and this is about subscription downloads. This means that an IP address has downloaded this filter list. This is something that, via the extension, gets sent to us, and same for extension update checks. There's a feature called emergency
32:42
notifications, and this issue reports the data that I just mentioned before, and these are data that we are not collecting actively, but which is just part of our logs, apart from the issue reporter that we are collecting actively after the opt-in of the user, but all of this data is
33:00
removed after 30 days, which is not a very long time span, and, again, something where, from a product development perspective, and also from a quality perspective, you probably would like to look into the issue reporter data that is some years ago and see how things change, but we just can't, because we value privacy on that high level. We give it that much
33:26
prioritisation that we say we do this only for the 30 days, and then it's gone. The last thing that I want to talk about a bit more in detail is about this principle
33:40
about visibility and transparency, to communicate as transparent as possible about the users' data is used for. As I said, AdProplus is an open source community, and I think this goes for everybody else here who is involved with an open source community. You just communicate very
34:02
transparently, and so, in our example, you can check out all of our source code and, as well, all of our feature development in terms of issue tracking. We are doing this mostly in GitLab. This is our code review tool where all of our code reviews are public, and this is our
34:24
issue tracker that will soon be most probably replaced by GitLab, but at the moment, you can monitor both. This is a track, and, as I said, both are public, and you can check out what we are doing, why we are doing it, and what the results are, and also what comes into the next
34:45
release, and all of the products that I mentioned before from the extension to the app. If you want to get involved in the discussion, we are having our public chat on the Mozilla IRC. It is just called AdProplus, so, yes, join the discussion. We are really trying to be as
35:05
open as possible about all of this. So, wrapping this up, as I said, privacy is like oxygen, so just provide it to users. Keep this in mind that this is, even apart from any regulations,
35:21
it is so important for the users and for building trust with your users. Privacy by design as a concept just helps you to focus on the main topics, to see that you don't forget anything because there are so many things about this. GDPR in itself, it does apply to open source development, and it enforces privacy by design,
35:46
so even more important it is now to understand these principles and to act by them. And as I said, privacy by design is easy to grasp, but it is hard to do. So, like I did now about Adblock Plus, please share your best approaches with your and other
36:03
open source communities so that we can learn from each other and see where you came up with great processes, product features that really respect your users' privacy. So, thanks all for listening in, and I'm happy to hear about your questions and also probably
36:21
step into a discussion how you provide privacy by design to your users. Thanks. Any questions? The question was, how should a community deal with the case when the user
37:03
is providing personal data in a forum comment that was neither required nor that you want to have them shared? It is a very hard thing because you can't prevent them from up front. You just can educate them and make sure that you have moderators caring about this.
37:24
So, just anecdotal, I was involved in a project where we provided a community for kids at the German TV channel Kika, so this kinder canal, and there they had the same issue. It was a public forum, and they really not wanted the kids to share their names where they were living
37:44
and so on. So what they did, they really had 12 people there from morning to evening, and everything that the kids were sharing in this forum was read by these moderators before it went live. So they really employed people to read everything, and in the evening they closed
38:06
down the forum to keep up with German working laws so that people don't need to work the whole night shift. This is not something that any open source community can provide, so that you will have this data probably in the forums, and as I said, you can only try to educate and afterwards
38:27
delete if there is something that should not have been shared. Any other questions? Or is there probably, so some people showed up in the beginning, anything that you do in your
38:44
open source projects to provide your users privacy? Anything interesting to share? Yes?
39:58
So the question was,
40:05
there is so much software functionality already that is not respecting privacy by design, and what will happen about this, and how will the courts rule about that? For sure I can't look into the future, and I don't really know what I, but I think that
40:24
it really depends on whether people will take this to court, whether there is a strong movement. I think this also should be driven by the open source community, and by everybody who is interested in web politics, and providing privacy to everything that is connected to the digital world,
40:48
to really take companies to court if they don't comply with features that are already there, or features that are new into development. What I see at the moment is that there really are things changing. Companies are starting to care more about these features. They really
41:06
hate it, and they complain, but they really do. It is also changing things that are moving in the ad industry, which is something that we from AdMob Plus are monitoring quite closely. So these are great things to see. I'm very happy about that. But also I think that there
41:24
are lots of things where people just try to say, okay, I provide this opt-out somewhere hidden, or I provide this clause in my privacy policy, and then everything is fine. There it really depends on who is taking this to court, and how the courts will be ruling about this,
41:44
because I agree there is room for compromise, and we just need to see how this evolves in the future. Yes? Yeah. So IO is preparing for the LDI certification, which is the
42:06
Ländestadt and Schutzpauftragte No. 3. We are a Cologne-based company, so this is where our regulation is living, and yes, we are currently preparing for that. No questions, please. Okay, then thanks everybody, and have a nice day.