![]() ![]() This was already the case at the time the original privacy policy was published and has not been changed since, as can be confirmed from the commit history in our repository and in others. As noted by journalists who investigated the issue, Audacity is free and open source software, and an inspection of its source code shows that the data it shares is extremely limited. It is verifiably untrue that we hid the exact data being collected. In addition, the steps we have taken to anonymise all stored data means that it would be of extremely limited use to anyone. However, we would only be able to provide the specific information mentioned in the privacy policy (outlined below) and nothing more. These are not the rules we create, these are the requirements we must follow. To be clear, any organisation, if ordered by the court, is required to cooperate with an investigation, and doing otherwise is considered to be an obstruction of justice. We have now changed the wording to remove this source of confusion. However, we agree that the wording used in the old privacy policy made it sound like it might be true. This is not true, as could be seen through inspection of the source code and network analysis of the release binaries. This was interpreted to mean that we intended to collect and store unspecified additional information on top of the basic system information mentioned elsewhere in the privacy policy. The most unclear and damaging part of the original document stated that we collect personal information “ …necessary for law enforcement, litigation and authorities' requests (if any)”. 'collect') the full IP address, we do not store it (more about this below). When you see the line in 4.1: ' We do not store or share any personal information.', this refers to the fact that, while we see (i.e. Please note that an IP address alone counts as 'personal information', and the steps we take to anonymise it count as 'processing'. To provide an example of where use the term 'personal information' is unavoidable, in section 5.1 there is a line under Data security that states ' We use appropriate technical and organisational measures to protect the personal information that we collect and process'. While that term must still appear in the new privacy policy, we have tried to be a lot more specific about the actual information we are referring to wherever possible. The best example is the catchall phrase ‘ personal information’, a non-specific term that understandably raises concerns for regular readers. There are terms we are legally required to use in order to ensure compliance with the GDPR and the CCPA. Part of the problem with the original privacy policy is terminology. ![]() From now on we will provide context for changes we make to the policy in a user friendly way. ![]() ![]() We appreciate that for our community, as well as our users, much of phrasing in the policy produced more questions than answers. We drafted the original privacy policy as a legal text.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |