Lawrence's edits to v1 #7
Conversation
a) Can the standards/best practices requirement be fleshed out more? I know it is supposed to be vague, but golly, anybody can check that box. b) I split up Item 9, and put the privacy part into Item 7. c) I'm personally not keen on the freedom of expression and human rights requirements -- I think generally they are very vague. That said, this is a group process, so I left that in. d). Do no harm is now separate as Item 12 and is much less onerous. "Do no harm" is a very idealistic goal, but incredibly challenging to prove legally. This is not something that needs to be tied to years cases being heard at The Hague, Geneva, and the like.
| **9d) Protection from harassment** | If the project facilitates interactions with or between users or contributors there must be a mechanism for users and contributors to protect themselves against grief, abuse, and harassment. The project must have a mechanism to address the safety and security of underage users. | ||
| **6. Mechanism for extracting data** | If this project has non personally identifiable information there must be a mechanism for extracting or importing non personally identifiable information (PII) data from the system in a non-proprietary format. | ||
| **7. Adherence to privacy and applicable laws** | The project must state that it complies with relevant privacy laws, and all applicable international and domestic laws. Projects that collect data must identify the types of data collected and stored and demonstrate that the project ensures the privacy and security of this data and has taken steps to prevent adverse impacts resulting from its collection, storage and distribution. | ||
| **8. Adherence to standards & best practices** | Projects must demonstrate adherence to standards, best practices and/or principles. i.e. the principles for digital development. |
There was a problem hiding this comment.
Because digital public goods and the methods for building them continue to evolve quickly, this may be more actionable if it is articulated as a small set of core principles. For example, in the production of software principles could include 1. use of a version control system, 2. maximize test coverage, 3. Have a plan for software security ... In the production of other digital public goods, best practices could include 1. monitoring and fixing misinformation, 2. make the evolving versions of reference information transparent .. etc.
Principles will likely last longer. The principles I propose as examples may not be the ones.
There was a problem hiding this comment.
Thanks @sgoggins! One thing is that anything in this standard needs to be equally applicable to content, data sets, AI models so we likely can't get that granular. We're also keen that as much as possible have all of the indicators have objective yes/no requirements so that it can operate as a minimum standard.
However I appreciate that principles have more longevity and are a better tool for helping projects improve over their development. One thing that could be cool would be to share principles with projects after submission as resources to helping them continue to improve. We could even send software specific to software, content to content etc.
|
@LawrenceHecht, thanks for all your comments. This PR and others triggered some thinking on our part on how to properly triage them, and we put our thoughts in writing on our governance guidelines. A key insight is one issue, one pull request, or otherwise PR are very hard to resolve as it is evidenced by this very same PR. Thus, I'm triaging the various issues that you raise here, and splitting them in their own PR to streamline their processing.
I would like to point out that the standard is operationalized in this set of questions, and for this indicator, we break it down to the following questions: I will also point out that the digital public goods submissions are self-reported, where we ask individuals who can make statements on behalf of the project to answer these questions, and we ask them to back their statements with relevant evidence. I believe that this addresses the issue that you raise. If you don't agree, I would ask you to suggest some specific changes that are very clearly actionable. For example, for another indicator (number 7), we are considering adding an explicit mention to GDPR in #20
Thanks, I moved this to a self-contained PR #27
This has been removed in #1 :)
Similar to my argument to (a) above, the emphasis is on self-reporting and operationalizing the standard in a set of questions. I encourage you to review the questions and see if they address your concerns. Also given (b) and (c), the remaining of the 'do no harm' section is also more digestible. And for the record, a separate issue from the comments has also been moved to their own PR in #26. Thus, I am hereby closing this PR without merging because the relevant pieces have been triaged into their own PRs. Kindly continue the discussion there, or open a new one for anything I may have missed. Thanks again for all your valuable input! |
a) Can the standards/best practices requirement be fleshed out more? I know it is supposed to be vague, but golly, anybody can check that box.
b) I split up Item 9, and put the privacy part into Item 7.
c) I'm personally not keen on the freedom of expression and human rights requirements -- I think generally they are very vague. That said, this is a group process, so I left that in.
d). Do no harm is now separate as Item 12 and is much less onerous. "Do no harm" is a very idealistic goal, but incredibly challenging to prove legally. This is not something that needs to be tied to years cases being heard at The Hague, Geneva, and the like.