Doug Belshaw πŸ‡ͺπŸ‡Ίβ˜ οΈβœŠ is a user on social.coop. You can follow them or interact with them if you have an account anywhere in the fediverse.
Doug Belshaw πŸ‡ͺπŸ‡Ίβ˜ οΈβœŠ @dajbelshaw

Hey all, I need some help rethinking community calls for projects.

At Moodle, as we did at Mozilla, I've been using a public Etherpad for people to:
- Sign in
- Introduce themselves
- Contribute ideas to the project

We're also using Zoom to:
- Discuss things via video and audio
- Record the call for later viewing

After a conversation with our data privacy lead today, I've got to delete the existing data we've captured in this way, and come up with a new approach.

Any ideas? πŸ™ƒ

Β· Tusky Β· 9 Β· 4

@bhaugen It's a good shout, but to be GDPR-compliant each user would have to be anonymous (which we don't want) or have to login to a system with a compliant privacy policy.

<sigh>

@dajbelshaw

Tough constraints. I'll be interested in how you end up threading thru them.

@dajbelshaw this is from one of the devs of cryptpad:

"RE: GDPR compliance, as far as I know we're pretty close to full compliance. We collect very little information, and inform users about what information we have. The company which employs me to develop CryptPad (XWiki) employs a DPO (Data Protection Officer) who is responsible for responding to any queries about how user information is handled.

@dajbelshaw
continued:

"We've taken some pretty extreme measures to protect information other service providers wouldn't consider sensitive. We don't ever have access to usernames or passwords, since they are only used clientside to derive the necessary keys for encrypting your Drive (and some other very technical things that I'll avoid getting into).

@dajbelshaw
the end:
"At the end of August I'll be presenting a paper about our architecture at DocEng 2018. I can see about digging up one of our drafts for anyone who's interested in the specifics about how things work, and what data is available to the server."

@dajbelshaw

Can you talk a bit more about your requirements? Are there specific rules (#PCI-DSS, #HIPAA) in play?

@dajbelshaw why not eat your own dog food and use a Moodle course with guest access?

@beni Yes, you're right, we should do that. I just wondered what other people were transitioning to. πŸ˜€

@dajbelshaw Confused what you mean by "Etherpad to sign in" ... it's more of a doc editor, not really a collaboration tool. Forums like Discourse etc. allow a contribution policy that assigns a CC license to any content people create.

Voice-based conference calls (not just proprietary tools like Zoom) are antithetical to #OpenSource as it blocks out non-native language speakers and disabled folks. Asynchronous communication is always best, and easier to "control" with respect to data licenses.

@downey Thanks Michael, I've been using Etherpad as a collaboration tool at Mozilla and at Moodle for the last six years. It's an amazingly effective way of doing participatory agendas!

By 'sign-in' I mean that people add their name at the top of the pad which shows which colour they're using.

Thanks for your thoughts about accessibility, will definitely take onboard.