Doom Wiki talk:Privacy policy

GDPR deficiencies - changes needed before May 25, 2018
Since pretty much anything with a web address falls under the purview of the EU's, we need to make some changes here. Upon a cursory review I find the following issues at minimum: --Quasar (talk) 08:38, 22 May 2018 (CDT)
 * First sentence: Participation on the Doom Wiki at DoomWiki.org, by design, rarely involves considerations of privacy - we cannot really say this any more; the EU now defines usernames and IP addresses as personal information and considers them subject to privacy laws, so they're now a full concern.
 * Users that do register are identified by their chosen username. Since I believe MediaWiki 1.24, real name is an option for input on Special:CreateAccount and through user preferences and can be used instead of the username. This is also protected information and should be mentioned explicitly.
 * the IP address used is publicly and permanently credited as the author of the edit. Under GDPR, if so requested, we will have to suppress IP address contribution by-lines using revision information suppression (aka oversight). So permanent is not necessarily the best choice of wording.
 * Once created, user accounts will not be removed. It may be possible for a username to be changed, but there is no guarantee that a username will be changed on request - GDPR makes removal of accounts a legal right of EU citizens, so it would be necessary to merge a user's contributions into an anonymous account if a request for user deletion occurs - this is no longer optional for us.
 * there is no expectation of any permanent deletion occurring. - Again also enumerated as a user right, and technologically possible however painful it may be under MediaWiki to have to run bespoke scripts to pull out and extinguish such information.
 * When a visitor requests or reads a page, no more information is collected than is typically collected by web sites. MancuNET may retain raw logs of such transactions, including the originating IP addresses, but these will not be published nor used to track legitimate users. - We need to fully enumerate the information collected by when a web hit occurs. WikiMedia Foundation has more complete wording in their policy now that we can borrow.
 * This information is automatically deleted after a set period. - We need to figure out the actual retention lengths anywhere this wording is used, or, as an alternative use the language "for the minimum length of time technically required."
 * Information transmitted to these third-party sites is limited to the minimum possible and is anonymized to the greatest extent possible. - Making this more explicit in the same manner as explaining what information is automatically collected by our own server is needed.
 * Due to lack of participation and interest, however, the Doom Wiki has not constructed formalized procedures to handle such issues. Further, per the introductory paragraph, we have little or no empirical experience to inform best practices. The above text represents an educated guess as to what constitutes reasonable behavior by administrators and contributors. It has not been "ratified" by anyone, and individual administrators or database maintainers may disagree with some provisions. As in all cases of policy enforcement on DoomWiki.org, administrators are expected to use their common sense and good judgement to derive a workable solution.
 * None of this flies any longer unfortunately:
 * This needs to become a full-force official policy.
 * Users must be assured that staff members will comply by legal necessity.
 * Additional language and best practices can be borrowed from other organizations, such as WMF