We Respect Your Privacy

Looking for privacy in plain English? It’s probably pretty safe to assume that you haven’t read a ton of privacy policies in your life, and we won’t take offence if you skipped ours too. Privacy policies tend to dive straight into the legalese, so companies can dot their i’s and cross their t’s. In the real world it is often the employees of companies who are a user’s most important allies when it comes to data privacy.

Employees and leadership take responsibility are responsible for adhering to broader privacy frameworks, such as privacy-by-design, and privacy-first, will either speak up internally, even making themselves a nuisance to other team members, or who will have the integrity to be whistleblowers where companies are systematically cutting corners and de-prioritising the interests of users.

In Public Spaces everyone is deeply committed to upholding those interests, and in line with the GDPR (the European General Data Protection Regulation which is becoming the de facto world standard for data protection), I am proud to hold the role of data privacy lead, to ensure that we stick to our founding principles for as long as I am part of the team, and hopefully beyond.

I want to start by breaking down some of those broader consents, without all the legalese.

Privacy By Design

Privacy by design is a framework that helps companies build privacy protections into their products from the very beginning. Its focus is primarily on building privacy directly into the design of products, and it is a specific approach for ensuring privacy.

Privacy First

Privacy first, on the other hand, is an overall commitment by a company or organization to protecting the privacy of its users or customers. It’s less specific than privacy by design and encompasses a broader set of principles and practices that aim to protect user privacy.

Consent

If everyone skips the privacy policy, then what is the point of consent? The truth is that companies can abide by the letter of a regulation or agreement, but skirt the spirit, avoiding both the costs of compliance and the consequences of misbehaviour. That is a lot easier when users don’t know what they are agreeing to. So most companies don’t expect you to read what you consent to, for reasons like these:

• You’re too busy
• No real choice: You feel like you don’t have a choice not to consent anyway because you already decided that you want whatever services you can’t get access to without consenting
• Trust: You may think the fact you were given the opportunity to review a privacy policy means that the organization had proper legal advice and is only asking of you what they are allowed to under the law, so you assume it’s all good
• Indifference: You don’t really care what happens to your data as you are so used to being tracked and targeted with personalized ads, you have become numb to it and don’t want to spend another thought worrying about it. Afterall, everyone consents, so your data hides in the vast pool of other people’s data
• Nothing to hide: You feel that your behaviour online, unless you are doing online banking or getting your blood results, is not interesting to anyone as you are not doing anything wrong

These are all understandable, and we won’t quibble with your reasons. At Plug.events, we make our best effort to protect your data in a way we think you would want to and in a way that is best for broader societal interests as well.

In fact, we don’t even believe that consent is a good measure for privacy, because it is rarely informed or freely given. If we want to get super philosophical, we would even advocate that some personal data should not be owned by the data subject to which the data pertains, but be a social resource. The reason is, for one, that data about “you” is very commonly not just about you but about many other individuals or communities as well, and second, the data can be used for so many great purposes that can benefit all of society. But anyway, we still obtain your consent, of course, because we have to, but we don’t take that to be the end all be all. And thankfully, neither do the privacy laws, including the GDPR. While consent still takes the centre stage, there are other, in our view more meaningful protections that businesses handling personal information have to put in place.

The Stuff that Matters

So, what do we do other than obtaining your consent?

• We only collect information that is necessary for us to provide you with our awesome services
• We only collect information about you directly from you
• We have a system in place to allow us to know at all times where we have what information stored, and to identify dormant accounts, so we can delete the information we no longer need to hold
• We have contracts in place with our third-party service providers, such as our marketing service provider Active Campaign, that obliges them to keep your information as protected as we would if we were the ones directly in control of it. We like Active Campaign as they are GDPR aware and have taken active steps to bring their services into compliance. For example, they have updated their code to not track users that did not consent to the tracking of their activity on the website that is using their services
• Oh, and we also do not sell your information to any other third parties. Duh

Verification

There is a lot of demand from users and regulators to implement user verification policies, to ensure that there is always a breadcrumb to the source of user generated content. While well-meaning and important to uphold the integrity of our online communities and society, we take a strong position on balancing these responsibilities with the responsibilities we have towards your privacy, ensuring we do not become another invasive actor in the surveillance economy.

While our fundamental model of verification is based upon a sophisticated system of peer-endorsements, built around communities of shared interests and values that you choose to trust, this is not enough to completely uphold our responsibilities to verify users and keep our platform safe from bad actors and free of negative behavior.

That is why we are exploring partnerships with third-party non-profits who provide encrypted and secure email, SMS, and ID verification services. This way we can never profit from user verification, and will not create a negative incentive to pressurise users to compromising their privacy to access important parts of this service.

For reasons of child protection, we may require ID verification in order to access less family-friendly content, what is commonly labeled adult or NSFW on other platforms. But that is with deep reluctance, and again will be implemented through an independent third-party that is dedicated to your privacy while creating a safe and inclusive internet environment.

Conclusion

Fundamentally, Plug.events has a passionate team dedicated to data privacy now. They have written our Privacy Policy and reviewed our processes, including the services Active Campaign is providing for us and it is all up to snuff. If you have any concerns, questions or comments, you can always email us at contact@about.plug.events.