I don't know what that means, but this is the handbook page on my position: https://about.gitlab.com/handbook/marketing/community-relati...
although I've been needing to update it a bit. My job is to basically relay feedback to the rest of the company, and relay any information back to you all that might be relevant. We don't wanna be out-of-touch with what people are really saying about us, and we wanna make sure you're input is received, so that's basically why my team exists.
My questions come from the fact that you, and others from Gitlab, are coming out of the woodwork in groups in response to public negativity and trying to play it cool, eg "wanna".
At least to me, it feels hollow, just like your response right now. It makes me think that Gitlab knew that there was going to be a backlash, and only sent your team out to mitigate damages. "There is no such thing as bad publicity" sort of deal.
If Amazon did the same thing you were doing right now, everyone would be up in arms.
OK, here's what we're saying (most of which is covered by the GDPR principles):
1. Telemetry of any kind from a self hosted instance of your product MUST be opt in. Telemetry from your SaaS SHOULD be opt in.
2. The type and content of data that is collected MUST be documented.
3. That data MUST only be collected by Gitlab under a privacy policy and if it is collected by a 3rd party, that 3rd party MUST comply with the Gitlab policy. Changing a TOS doesn't cover it at 30 days notice doesn't cover it.
4. Under GDPR, any and all data collected MUST be available on demand to a customer. Even if Gitlab is not EU based, you sell to the EU and are therefore covered by the GDPR.
5. The data MUST NOT be saved if the customer ends their relationship with Gitlab and MUST be deleted on request of the customer if it is not required for the service to operate.
6. Under GDPR, the data MUST NOT be used for any purpose other than the documented purposes and MUST NOT be saved beyond the period required.
These are basic privacy principles that apply to ANY business, given that Gitlab operates on data that is highly sensitive (ie a corporation's IPR for their code, a corporation's requirement to also be compliant with GDPR etc), you should be operating to a HIGHER standard.
emilycook|6 years ago
bpchaps|6 years ago
At least to me, it feels hollow, just like your response right now. It makes me think that Gitlab knew that there was going to be a backlash, and only sent your team out to mitigate damages. "There is no such thing as bad publicity" sort of deal.
If Amazon did the same thing you were doing right now, everyone would be up in arms.
rswail|6 years ago
1. Telemetry of any kind from a self hosted instance of your product MUST be opt in. Telemetry from your SaaS SHOULD be opt in. 2. The type and content of data that is collected MUST be documented. 3. That data MUST only be collected by Gitlab under a privacy policy and if it is collected by a 3rd party, that 3rd party MUST comply with the Gitlab policy. Changing a TOS doesn't cover it at 30 days notice doesn't cover it. 4. Under GDPR, any and all data collected MUST be available on demand to a customer. Even if Gitlab is not EU based, you sell to the EU and are therefore covered by the GDPR. 5. The data MUST NOT be saved if the customer ends their relationship with Gitlab and MUST be deleted on request of the customer if it is not required for the service to operate. 6. Under GDPR, the data MUST NOT be used for any purpose other than the documented purposes and MUST NOT be saved beyond the period required.
These are basic privacy principles that apply to ANY business, given that Gitlab operates on data that is highly sensitive (ie a corporation's IPR for their code, a corporation's requirement to also be compliant with GDPR etc), you should be operating to a HIGHER standard.
xapata|6 years ago
BTW, not everyone knows what "FC" is an abbreviation for.