Confirm, emeritus
1,217
edits
Changes
expand on user benefit and opt-in/opt-out requirements.
Owner: [https://mozillians.org/en-US/u/bsmedberg/ Benjamin Smedberg] (:bsmedberg)
Peers: [https://mozillians.org/en-US/u/ally/ Ally Naagktgeboren]
== Data Collection Levels ==
There are two "levels" of data collection in Firefox:
* opt-in data (Telemetry) is collected from users who express a choice to help with Firefox development. This includes all users who install prerelease/testing builds, plus release users who have explicitly checked the box in preferences.
* opt-out data (Firefox Health Report) is collected by default from all Firefox users. Users may choose to turn this data collection off in preferences.
== Requirements ==
'''Requirements For All Data Collection From Firefox'''
* Specifics about the collected data must be documented using the in-tree histogram definitions or the in-tree documentation system (.rst files). This documentation should be detailed-enough that people don't need to read the code implementation to understand what data is being collected.
* Any changes to data collection must be approved by the data collection module owner or peers by requesting review on the patch which updates the in-tree documentation.
* The bug or documentation must publicly identify the problem statement that will be solved by collecting data.
* There must be a person who takes responsibility for the correctness of the data.
* There must be a concrete plan for using the data, and a person who takes responsibility for this.
* The data must be included in the Firefox privacy notice. Much of the time, data collection requires no changes, but when changes are required the data stewards will work with Marshall Erwin and the Mozilla legal team to make sure that the privacy notice accurately reflects the collected data.
''Note: the data stewards do not typically verify that the patch collects the data correctly according to the documentation. That is the responsibility of the code reviewer.''
''' Requirements for opt-in (telemetry)'''
* The requesting team must have a plan to use the data.
* Exploratory data collection should be temporary and expire after 6 months/5 release cycles but may be renewed as long as the data is still valuable and the team is using it.
* Permanent or longer-term data collection should have a plan for permanent monitoring.
** ''Note: automated monitoring is preferred. However, the current telemetry alerting system is only designed for scalar performance measurements.''
'''Requirements for opt-out data collection (Firefox Health Report)'''
* The data must provide ''user value''.
Here are some examples of providing user value:
* Providing features or services directly to individual users.
* Providing features or services to Firefox users as a whole.
* Monitoring and solving product quality issues.
* Exploratory understanding how users are using the product, ''if that can be tied back to specific product improvements''. This data collection should typically be limited to 6 months/5 release cycles and can be renewed only as long as it still ties to specific product improvements.
Some data is collected as correlations: for example, we collect information about user operating system and version, and about user addon and addon versions, so that we can correlate and monitor crash rates and other error metrics against these groupings.
'''It is not sufficient that collecting data benefits Mozilla (the company/project). It is necessary that we can map collected data to benefits for either individual Firefox users or Firefox users as a group.'''
== Data Collection Properties ==
* Does the data conform to the existing Mozilla [https://www.mozilla.org/en-US/privacy/principles/ privacy principles], the [https://www.mozilla.org/en-US/privacy/ Mozilla Privacy Policy], and the [https://www.mozilla.org/en-US/privacy/firefox/ Firefox privacy notice]?
* Does this data collection represent any unusual privacy or legal risk to users or Mozilla?
== Requesting Approval ==
* To ensure that it is still necessary and useful to collect a piece of data.
* To re-identify who is responsible for the collection, monitoring, and reporting of collected data.
