Search…
β¬…
back to pdap.io
πŸ‘‹
Welcome to PDAP!
⚑
Volunteer Activities
Process overview
Maintain Datasets
Write Scrapers
πŸ€–
Mission components
Key Principles
Data Intake
Data Storage
Data Access
πŸ› 
Tools & Resources
Terms & Definitions
Internal tools
DoltHub
Splunk
Third-Party Resources
πŸ—£
Updates
Blog
Working sessions
Current Progress
πŸ”
Meta
About
Policy
PDAP Access Tiers
PDAP Privacy Policy
Code of Conduct
Data Chain of Custody
Password Management
PII (WIP / Discussion)
Legal
β†—
Elsewhere
Discord
GitHub org
DoltHub org
Patreon
Powered By GitBook
PII (WIP / Discussion)

Problem

We want people to feel sound ethically and legally when they contribute to PDAP. To that end, we need to do these things:
  1. 1.
    Draw a β€œbright line” between the source material and the published data; i.e. β€œwe are not changing the data, we are a mirror”. [a]
  2. 2.
    Avoid aggregating already-public PII in a way that would make it more public than it already is [b].
  3. 3.
    Strive for our stated mission [c] of being a complete source of truth. i.e. β€œwe could not be accused of editorializing by omission”. Our current policy is that we're allowed to collect PII [d] .
Our existing policy about accepting PII is legally the right one but we do need to discuss how we aggregate and omit. Discuss in the thread for the next 3 days, then we'll do a survey or something.

How sure are we that omitting PII is against the rules?

We have a policy that allows PII, do we need to require it? Do we need to allow censorship?
Is PDAP the one doing the scraping, or the scraper community?
We can always get a second opinion. Maybe we need to define what PII is?
How can we prevent PDAP from being mugshots.com?
Can we choose which data we aggregate? Sounds reasonable to Eddie.
Richard says there could be a security/know-your-user layerβ€”make it more difficult than a search bar. Require people to register, know your user.
PDAP could be considered a wikipedia-like source of good sources.

Actions (polled in discord)

  • Should we define "PII that we must not make more public" as "Name"? 3 yes 0 no 1 yes + address
  • Should we show PII in the mirrored source material? 2 yes 1 no
  • Should we aggregate data on whether a field is included in the source data? 3 yes 0 no
  • Should we restrict data usage to non-commercial in our published policy? 4 yes 0 no
  • Should we redact PII when we provide data at scale (i.e. via API or queryable database)? 4 yes 0 no

References

[...private data] may also include personal data that can identify an individual person, such as name, email, phone number, and address. If in doubt, omit such personal data from the scope of the scrape.
Previous
Password Management
Next - Meta
Legal
Last modified 10mo ago
Copy link
Edit on GitHub
Contents
Problem
How sure are we that omitting PII is against the rules?
Actions (polled in discord)
References