Remove Personal Data of Contributors from Public Repository

[valerydluski]

Description

The current practice of storing personal data of contributors, such as photos, in the public repository presents privacy concerns and violates general data protection principles. This issue outlines the steps needed to remove such data and suggests alternative secure storage solutions.

Objectives

• Enhance Privacy: To protect the personal information of all contributors.
• Comply with Data Protection Laws: To ensure our repository practices align with global data protection regulations.
• Identify Secure Storage Alternatives: To provide secure and compliant alternatives for storing personal data.

Tasks

1. Data Audit:

   • Identify all instances of personal data (e.g., photos, personal bios) in the repository.
   • Document where personal data is currently stored within the repository.

2. Data Removal:

   • Remove all personal data of contributors from the repository.
   • Ensure backups and forks are also cleared of such data.

3. Policy Update:

   • Update the repository's contribution guidelines to prohibit future uploads of personal data.
   • Implement a review process for future contributions to prevent similar issues.

4. Research and Implement Alternative Storage Solutions:

   • Evaluate and select from the following alternatives for secure storage of personal data:
     • Private cloud storage solutions.
     • Internal databases with strict access controls.

Expected Outcome

Upon completion, the repository will no longer contain any personal data of contributors, thereby ensuring their privacy and aligning the project with best practices in data protection. Additionally, a secure and compliant alternative for storing personal data will be established.

Additional Notes

This task requires collaboration with the repository administrators and possibly legal advice to ensure compliance with data protection laws. A detailed timeline and responsibilities will be established following the initial audit phase.

[dzmitry-varabei]

ChatGPT says that if implementation is difficult, we can get consent from contributors via a Google form. Example below:

Contributor Consent Form
Purpose: This form collects consent for displaying contributors' information on public platforms, like websites or repositories.

Contributor Information
Full Name: (Text Field)
Email Address: (Text Field)
Contributor Details
Photo: (File Upload Field)
Biography: (Text Area)
Consent for Public Display
Do you consent to the use of your name in public repositories or websites?
Yes
No
Do you consent to the use of your photo in public repositories or websites?
Yes
No
Do you consent to the use of your biography in public repositories or websites?
Yes
No
Additional Information
Data Retention Policy: Once information is published in public repositories or websites, it might not be completely removable.
Consent Withdrawal: If you withdraw consent, we will attempt to minimize exposure by removing or anonymizing the data where possible.

[ansivgit]

Blocked #732