Comment by yanokwa
3 years ago
The vast majority of users are staff who are hired to collect data for a non-profit. The vast majority of servers are self-hosted by those non-profits. It's very opt-in in that regard. Think of say a census worker counting households or farmer measuring plot yield. And even in those cases, yes, users have a lot of visibility in what is being collected and a fair bit of control.
Sensitive data that is collected from participants that users interact with are typically governed by policies set by Institutional Review Boards or Ministries of Health.
appreciate the forthrightness, but frankly, that's an unconvincing answer. participants should have full control over their own data rather than offloading trust to government agencies or corporate organizations that are potentially themselves corrupt.
note, for instance, that many gov agencies blindly and willingly send PII to google without participant permission.
I don't disagree and we work hard to provide guidance on best practices and software to support implementation. Ultimately, in the contexts in which we work, the organizations are the data controllers and there are complex legal issues at play. For example, in some locales, clinical trial participants don't have the right to be forgotten.