Yao Wei <mwei@debconf.org> writes:
> Hi,
>
> I am thinking that this should be an opt-in rather than opt-out for
> GDPR compliance. However it is difficult to accomplish in my
> opinion... So opt-out can be really a compromise here.
I don't think I've ever come across an opt-out list that didn't contain
people that (if properly informed) would prefer not to be on that list.
Is it really a compromise to ignore that fact?
Personally, now that I'm aware of this, I will opt-out myself and my
family from an opt-out list, simply because I think opt-out lists are
fundamentally unethical.
On the other hand, if I'm given the chance to opt-in, along with a
full-disclosure description of exactly how opting-in will help DebConf
fund itself, I will almost certainly opt in (for myself at least).
If there is some option to fuzz the data a bit, I might[1] be able to
persuade Gunde (my wife) that all four of us should opt in.
Even if I don't get upset enough about "Debian" and "opt-in" being in
the same sentence to blog about it, I'm pretty sure others will, and the
resulting news reports will not be good for Debian's reputation.
Is that aspect of our reputation worth more than 70k EUR? If so, we
should definitely prefer telling them "No!", and paying the money out of
Debian funds.
However I suspect that there is a way of proving that the attendees were
sufficiently international without handing over an improperly authorised
list. I'd suggest that we should find out how that might be achieved.
Cheers, Phil.
[1] No guarantees about persuading Gunde though:
She has initiated legal action in the past when someone used her
data without proper permission.
The saga of how/if one could discover if the UK's NHS had uploaded
our kids data to "The Spine" is quite a long story -- Gunde tends
not to give up on these things.
I doubt she's unique among our attendees in this attitude.
--
|)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd.
|-| http://www.hands.com/ http://ftp.uk.debian.org/
|(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY