Wikimedia Blog/Drafts/A Proposal for Wikimedia's New Privacy Policy and Data Retention Guidelines

A Proposal for Wikimedia's New Privacy Policy and Data Retention Guidelines

Privacy policies play a vital role in protecting the privacy of users. At the Wikimedia Foundation, our Privacy Policy is particularly important to us, because it is a key way we protect our users and reflect their values. It also has a broad impact, because it protects and governs the information of over twenty million registered users and 490 million monthly unique visitors.

Our current Privacy Policy was approved by the Wikimedia Board of Trustees in October 2008 and has not been updated since. Given the growing concern over privacy, especially on the internet, it is important to have an updated policy which reflects both technological advances and the evolving legal issues surrounding new technology.

So, almost eight months ago, we started a conversation with the Wikimedia community about key privacy issues. Based on that conversation, we crafted a new draft Privacy Policy and introduced it to the community for feedback about five months ago. And, thanks to that feedback, we created and discussed Wikimedia's first Data Retention Guidelines. Today, we are closing the community consultations on the new draft Privacy Policy and Data Retention Guidelines[1].

The new proposed Privacy Policy will now be presented to the Wikimedia Board of Trustees for review before its next meeting in April 2014. If approved, it will replace the 2008 Privacy Policy.

We would like to thank the many community members who participated in the discussions. The new proposed Privacy Policy and Data Retention Guidelines would not be what they are today without your help. (You can actually see the changes to the drafts in the Policy’s and Guidelines' wiki revision histories that happened as a result of your feedback!) We received hundreds of questions, comments, and suggestions. In fact, the discussion on the Privacy Policy, along with the related Data Retention Guidelines and Access to Nonpublic Information Policy (whose consultation is also closing today) totaled approximately 195,000 words, making it longer than the Fellowship of the Ring! Together, we have created a transparent Privacy Policy draft that reflects our community's values.

We'd like to go over some of the ways that our new proposed Privacy Policy differs from our old Privacy Policy (the “2008 Policy”). One thing that has not changed is our goal of collecting as little information as possible, but we have made a wide variety of improvements to strengthen our commitment to users, including:

• More detail and transparency. Our old Privacy Policy did not provide a great deal of specific information about what kind of data we collected or how we collected and used it. The new proposed Privacy Policy and Data Retention Guidelines explain these points in detail, so that users have a better understanding about their privacy on Wikimedia Projects.
• The permitted use of different types of technologies. The 2008 Policy covered IP information and cookies. The new proposed Policy, on the other hand, explains how information is collected from mobile devices, tracking pixels, JavaScript, and “locally stored data” technologies, so that we can improve the Projects.
• Never selling user data. The 2008 Policy doesn’t mention this. While long-term editors and community members understand that selling data is against our ethos, newcomers have no way of knowing how our Projects are different from most other websites unless we tell them. The new proposed Policy spells out that we would never sell or rent their data or use it to sell them anything.
• New glossary and FAQ. The new proposed Policy includes a glossary that helps users familiarize themselves with wonky technical terms such as API and metadata. It also includes an FAQ to help users understand details about Wikimedia Sites, our privacy practices, and data collection technologies. For example, the FAQ provides examples of the types of technology we use to collect data, and explains to users how they can limit some of the information that is collected about them.
• Inclusion of new activities. We started new projects and features (like notifications, surveys, and feedback tools) after the adoption of the old Policy, so unsurprisingly the old Policy doesn't address them. The new proposed Policy explains how notifications are used and how you can opt out as well as how we may use information collected in surveys.
• Limited data sharing. The old Policy narrowly states that user passwords and cookies shouldn’t be disclosed except as required by law, but doesn’t specify how other data may be shared. The new proposed Policy expressly lists the limited ways in which all data may shared, including with our essential volunteers. It permits providing non-personal data to researchers who can share their findings with our community so that we can understand the Projects and make them better. We have also added a Subpoena FAQ as a resource for users to learn about subpoenas generally and what they can do in the unlikely event their information is subject to a subpoena.
• Scope of policy. The 2008 Policy states its scope in general terms, which could be confusing or ambiguous. The new proposed Policy explains in detail when the Policy does and doesn't apply.
• New Data Retention Guidelines. While not formally part of the new proposed Privacy Policy, for the first time, we have a formal document, drafted in close consultation with engineering, outlining what our data retention practices are and should be. In creating these Guidelines, we tried to be as thorough as possible in specifying how long particular types of personal information will be kept.

The proposed Privacy Policy and the Data Retention Guidelines are the result of an organization-wide effort -- staff from many departments helped us create these documents, and we would like to thank everyone who participated. In particular, we would like to thank Erik Möller and the entire engineering team for their continued support and participation throughout this process.

Michelle Paulson, Legal Counsel*

Geoff Brigham, General Counsel