Confirm, emeritus
1,217
edits
Changes
Initial data collection policy draft
DRAFT: this document is not yet finalized.
Firefox sends various data back to Mozilla. This data keeps the browser up to date, powers various features, provides user support, and helps improve the product itself. This page documents the policy for how and why we add new data collection metrics. The owner and peers of the Firefox Data Collection policy module are responsible for making decisions about data collection systems and measurements.
== Data Collection Properties ==
When proposing a new measurement or data system, please consider your requirements and the necessary data properties:
Function:
* is the data collection necessary for Firefox to function properly? For example, the automatic update check must be sent in order to keep Firefox up to date.
* Is there a specific user-visible function planned for the data?
* Population: Is it necessary to take a measurement from all users? Or is it sufficient to measure only prerelease users?
* Sampling: is it necessary to get data from all users, or is it sufficient to collect data from a smaller sample?
* Will data submission be automatic, or will there be opt-in UI?
Analysis and Reporting:
* who will be analyzing the data?
* Will the data that's being collected answer the questions we have?
* Will it be a single or periodic report?
* Is it desirable to track data changes over time? With what frequency? With what latency?
* Will the data reporting be private or public?
* Will the raw data being collected be private or public?
* Is it necessary to keep the measurement forever, or is it sufficient to run a short-term experiment/single report?
Privacy (and Legal):
* Does the data contain PII (Personally identifiable information)?
* Can the data be used in combination with other measurements to identify a particular person?
* What kind of users controls will be exposed to control data submission?
* Will users be able to see their own data before or after it has been submitted, either within Firefox or from the server?
* Does the data conform to the existing Mozilla [https://www.mozilla.org/en-US/privacy/principles/ privacy principles], the [https://www.mozilla.org/en-US/privacy/ Mozilla Privacy Policy], and the [https://www.mozilla.org/en-US/privacy/firefox/ Firefox privacy notice]?
* Does this data collection represent any unusual privacy or legal risk to users or Mozilla?
== Requesting Approval ==
It is our intention to review every new data collection within Mozilla, but to do so quickly and with minimal overhead. For every new measurement, even a simple new Telemetry probe, please request approval by setting the NEEDINFO flag for the module owner or a peer. Simple requests should be handled within a day.
Owner: [https://mozillians.org/en-US/u/bsmedberg/ Benjamin Smedberg] (:bsmedberg)
Peer: [https://mozillians.org/en-US/u/bsmedberg/ Taras Glek] (:taras)
More complex requests, and especially requests which add a new kind of data collection mechanism or require changes to the privacy notice, will require more extensive review. Please consider pinging the team about these as they are being designed! Additional review may include:
* Formal privacy review: This may involve requesting feedback from the mozilla.dev.privacy mailing list and/or scheduling a meeting with privacy experts within and outside of Mozilla to discuss the feature and its privacy impact.
* Legal review: If necessary, the module owner will request a legal review from Mozilla's legal team. A legal review will be necessary for any changes to the privacy policies/notices.
* Data review: In cases where data analysis and quality is uncertain, the module owner will request additional feedback from the Mozilla metrics team and other experts to validate data analysis plans.
* UX review: We may request/require feedback from the Firefox UX team on any proposed privacy/data-control UI.
Firefox sends various data back to Mozilla. This data keeps the browser up to date, powers various features, provides user support, and helps improve the product itself. This page documents the policy for how and why we add new data collection metrics. The owner and peers of the Firefox Data Collection policy module are responsible for making decisions about data collection systems and measurements.
== Data Collection Properties ==
When proposing a new measurement or data system, please consider your requirements and the necessary data properties:
Function:
* is the data collection necessary for Firefox to function properly? For example, the automatic update check must be sent in order to keep Firefox up to date.
* Is there a specific user-visible function planned for the data?
* Population: Is it necessary to take a measurement from all users? Or is it sufficient to measure only prerelease users?
* Sampling: is it necessary to get data from all users, or is it sufficient to collect data from a smaller sample?
* Will data submission be automatic, or will there be opt-in UI?
Analysis and Reporting:
* who will be analyzing the data?
* Will the data that's being collected answer the questions we have?
* Will it be a single or periodic report?
* Is it desirable to track data changes over time? With what frequency? With what latency?
* Will the data reporting be private or public?
* Will the raw data being collected be private or public?
* Is it necessary to keep the measurement forever, or is it sufficient to run a short-term experiment/single report?
Privacy (and Legal):
* Does the data contain PII (Personally identifiable information)?
* Can the data be used in combination with other measurements to identify a particular person?
* What kind of users controls will be exposed to control data submission?
* Will users be able to see their own data before or after it has been submitted, either within Firefox or from the server?
* Does the data conform to the existing Mozilla [https://www.mozilla.org/en-US/privacy/principles/ privacy principles], the [https://www.mozilla.org/en-US/privacy/ Mozilla Privacy Policy], and the [https://www.mozilla.org/en-US/privacy/firefox/ Firefox privacy notice]?
* Does this data collection represent any unusual privacy or legal risk to users or Mozilla?
== Requesting Approval ==
It is our intention to review every new data collection within Mozilla, but to do so quickly and with minimal overhead. For every new measurement, even a simple new Telemetry probe, please request approval by setting the NEEDINFO flag for the module owner or a peer. Simple requests should be handled within a day.
Owner: [https://mozillians.org/en-US/u/bsmedberg/ Benjamin Smedberg] (:bsmedberg)
Peer: [https://mozillians.org/en-US/u/bsmedberg/ Taras Glek] (:taras)
More complex requests, and especially requests which add a new kind of data collection mechanism or require changes to the privacy notice, will require more extensive review. Please consider pinging the team about these as they are being designed! Additional review may include:
* Formal privacy review: This may involve requesting feedback from the mozilla.dev.privacy mailing list and/or scheduling a meeting with privacy experts within and outside of Mozilla to discuss the feature and its privacy impact.
* Legal review: If necessary, the module owner will request a legal review from Mozilla's legal team. A legal review will be necessary for any changes to the privacy policies/notices.
* Data review: In cases where data analysis and quality is uncertain, the module owner will request additional feedback from the Mozilla metrics team and other experts to validate data analysis plans.
* UX review: We may request/require feedback from the Firefox UX team on any proposed privacy/data-control UI.
