Mailman 3 Privacy Policies, GDPR, etc and social logins
Greetings,
I host a variety of lists for social, community, and software projects, and updated my infrastructure from Mailman 2 to Mailman 3 last year. As part of this, I enabled Django allauth modules to simplify login and management for subscribers.
Recently, Facebook notified me that they would be disabling the "application" because it failed to provide a sufficient Privacy Policy. Previously I had linked the app to [ https://www.gnu.org/software/mailman/privacy.html, | https://www.gnu.org/software/mailman/privacy.html, ] but they have said:
Platform Terms 4.b: Your privacy policy must comply with applicable law and regulations and must accurately and clearly explain what data you are Processing, how you are Processing it, the purposes for which you are Processing it, and how Users may request deletion of that data.
During testing, we found that your privacy policy doesn’t explain how users can request data deletion. Update your privacy policy to include this information before you submit an appeal.
This is a bit of a headache. Do we have a draft of a community Privacy Policy for a vanilla Mailman 3 install that meets Facebook's requirements? Is this going to be a constantly unraveling thread of future GDPR and Right to Be Forgotten troubles, since there doesn't seem to be an easy way to scrub a subscriber from Hyperkitty archives if they request so? How have others addressed this situation?
Regards, --Jered
On 9/19/23 6:22 AM, Jered Floyd wrote:
This is a bit of a headache. Do we have a draft of a community Privacy Policy for a vanilla Mailman 3 install that meets Facebook's requirements? Is this going to be a constantly unraveling thread of future GDPR and Right to Be Forgotten troubles, since there doesn't seem to be an easy way to scrub a subscriber from Hyperkitty archives if they request so? How have others addressed this situation?
I use https://www.list.org/privacy.html which appears to satisfy Facebook.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
This was what I was using as well, but it failed to meet their requirements for some ineffable reason. I had a few back-and-forths with someone for whom English was not their first language, and got them to accept a slightly modified version that I posted at https://www.convivian.com/mailman-privacy.html
Now, the latest is that I have a new message noting that apps requesting user data (e.g. email address) must be linked to Business Profiles (text below). Django-allauth is cool, but I think it's not going to be long for this world and we'll just have to do internal auth. Disappointing from a workflow perspective, but I'm happy to dissuade subscribers to not use Facebook.
Regards, --Jered
P.S. The fresh hell from Facebook:
You are receiving this message because Mailman List Manager is not connected to a verified Meta Business Account.
On Feb 1, 2023 Meta began requiring business verification for apps that request access to data from users (for some apps this is called advanced access). Learn more about this requirement. [https://developers.facebook.com/blog/post/2023/02/01/developer-platform-requ...]
Here’s what a person with full control of your Business Account needs to do by Feb 2, 2024 to maintain access:
Connect the app to a Business Account, if you haven't already.
Complete business verification for the Business Account.Business Accounts connect your Facebook Pages, Instagram accounts and the people who work on them, so you can manage them all in one place.
----- On Sep 19, 2023, at 5:00 PM, Mark Sapiro mark@msapiro.net wrote:
On 9/19/23 6:22 AM, Jered Floyd wrote:
This is a bit of a headache. Do we have a draft of a community Privacy Policy for a vanilla Mailman 3 install that meets Facebook's requirements? Is this going to be a constantly unraveling thread of future GDPR and Right to Be Forgotten troubles, since there doesn't seem to be an easy way to scrub a subscriber from Hyperkitty archives if they request so? How have others addressed this situation?
I use https://www.list.org/privacy.html which appears to satisfy Facebook.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to jered@convivian.com
participants (2)
-
Jered Floyd -
Mark Sapiro