Skip to content

Commit

Permalink
Fix forum links, update project to activity in some places
Browse files Browse the repository at this point in the history
  • Loading branch information
@madprime
madprime committed Apr 7, 2020
1 parent fc90a0b commit c6149f6
Show file tree
Hide file tree
Showing 7 changed files with 87 additions and 82 deletions.
28 changes: 14 additions & 14 deletions open_humans/templates/pages/community_guidelines.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

<li><a href="#naming">Naming Guidelines</a></li>

<li><a href="#project">Project Guidelines</a></li>
<li><a href="#activity">Activity Guidelines</a></li>
</ul>

<div class="tab-content">
Expand All @@ -26,7 +26,7 @@ <h1>Community Guidelines</h1>
<ul id="table-of-contents">
<li><a href="#public-data">Public Data Guidelines</a></li>
<li><a href="#naming">Naming Guidelines</a></li>
<li><a href="#project">Project Guidelines</a></li>
<li><a href="#activity">Activity Guidelines</a></li>
</ul>
</div>
</div>
Expand Down Expand Up @@ -129,18 +129,18 @@ <h4>Not otherwise misleading or confusing</h4>
be misleading and are therefore not allowed.</p>
</div>

<div class="tab-pane" id="project">
<h2>Project Guidelines</h2>
<div class="tab-pane" id="activity">
<h2>Activity Guidelines</h2>
<p class="lead">
Open Humans has the following practices that it expects connected studies
and other projects to follow.
and other activities to follow.
</p>
<hr>
<h4>Data management</h4>
<ul>
<li><p><b>Explain the data you'll receive</b></p>
<p>
Give a plain English list of the data your project will access and
Give a plain English list of the data your activity will access and
store. Describe the potential sensitivity and identifiability of this
data. Give these lists to your participants or users, and (if you
are a study) to your IRB or equivalent ethics board.
Expand All @@ -158,7 +158,7 @@ <h4>Data management</h4>
<li><p><b>Explain what you will do with the data you'll receive</b></p>
<p>
Give a plain summary that explains what you will do with the data you
will access. Describe the kind of study or project you are running and
will access. Describe the kind of study or activity you are running and
why you would like to access the data.
</p>
<p>
Expand All @@ -171,7 +171,7 @@ <h4>Data management</h4>
</li>
<li><p><b>Explain your data privacy and security</b></p>
<p>
You are responsible for how your project manages data.
You are responsible for how your activity manages data.
</p>
<p>
Give a plain English description of how you will manage the data.
Expand All @@ -191,9 +191,9 @@ <h4>Data management</h4>
</p>
</li>
<li>
<p><b>Explain what happens with the data after a user leaves your project</b></p>
<p><b>Explain what happens with the data after a user leaves your activity</b></p>
<p>
Users can leave your project on Open Humans at any time. Explain what
Users can leave your activity on Open Humans at any time. Explain what
you will do with their data after this happens. (For example: will you
delete your copies of their data?)
</p>
Expand Down Expand Up @@ -227,18 +227,18 @@ <h4>Data management</h4>
<p>
For example, avoid unnecessary granularity that makes data more
identifiable. If someone's year of birth is sufficient for your
project, don't ask for the month and day.
activity, don't ask for the month and day.
</p>
</li>
<li><p><b>Share data with project members</b></p>
<li><p><b>Share data with activity members</b></p>
<p>
Open Humans supports the philosophy of "equal access": when generating
data about individuals, we should try to give them access to that data.
For example, we would like to support a study that wished to give their
participants access to resulting raw genome data.
</p>
<p>
Projects can use our APIs to upload data for their project members.
Activities can use our APIs to upload data for their activity members.
Your data will be private in their account, where they will be able
to manage it as an additional data source.
</p>
Expand Down Expand Up @@ -277,7 +277,7 @@ <h4>Security</h4>
</li>
<li><p><b>Keep secrets secret</b></p>
<p>
Your project will have secret keys, codes, and tokens, that
Your activity will have secret keys, codes, and tokens, that
are used to authenticate identity and encrypt interactions. These
MUST be kept secret (e.g. as local files or environment variable).
You should use encrypted communications to share these with other
Expand Down
45 changes: 23 additions & 22 deletions open_humans/templates/pages/data-processing-activities.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ <h2 class="page-header">Open Humans: Records of Personal Data Processing Activit
Per Article 30 of the European Union General Data Protection Act, this report
documents Open Humans personal data processing activities in writing. Because
our platform enables users to create new personal data inputs and outputs, we
maintain a semi-automated report based on the current active projects.
maintain a semi-automated report based on the current active "activities" (or
projects) within Open Humans.
</p>
<h3>Name & contact details</h3>
<p>
Expand Down Expand Up @@ -50,7 +51,7 @@ <h3>Purposes of personal data processing</h3>
<h4>Member-managed personal data sharing with third parties</h4>
<p>
Members can explicitly opt-in to share selected personal data with arbitrary
third party projects that operate on the site. These projects include the
third party activities that operate on the site. These activities include the
following potential uses members may wish to have:
</p>
<ul>
Expand All @@ -62,7 +63,7 @@ <h4>Contact and notification</h4>
<p>
Emails are collected from users to enable contact regarding events
specific to their account, messages sent to them by other members or
projects, and substantive changes to the site, as well as newsletters
activities, and substantive changes to the site, as well as newsletters
for users that opt-in to receiving these.
</p>
<h4>Personalization</h4>
Expand Down Expand Up @@ -104,40 +105,40 @@ <h5>Logging data</h5>
Primarily this contains IP addresses. This is collected by servers to
enable us to audit usage and debug site issues.
</p>
<h5>Project data</h5>
<h5>Activity data</h5>
<p>
Projects deposit data at the explicit opt-in behest of a member to
Activities deposit data at the explicit opt-in behest of a member to
their account. This data is typically personal data of diverse categories,
and is known to include genetic data, location data, and other identifiable
data.
</p>
<p>
The following project data sources are documented for Open Humans:
The following activity data sources are documented for Open Humans:
</p>
<ul>
{% for project in project_data_sources %}
<li><b><a href="{% url 'activity' project.slug %}">{{ project.name }}:</a></b> {{ project.returned_data_description }}</li>
{% endfor %}
</ul>
<h3>Categories of data recipients</h3>
<h4>Projects</h4>
<h4>Activities</h4>
<p>
Projects operated in the site are potential recipients of personal data.
Data is only accessible by a project if a member explicitly opts in,
joining the project and authorizing Open Humans share one or more
Activities operated in the site are potential recipients of personal data.
Data is only accessible by an activity if a member explicitly opts in,
joining the activity and authorizing Open Humans share one or more
categories of personal data in their account.
</p>
<p>
Projects are required to follow the site terms of use, which include
<a href="{% url 'community_guidelines' %}#project">project guidelines</a>
Activities are required to follow the site terms of use, which include
<a href="{% url 'community_guidelines' %}#activity">activity guidelines</a>
that mandate secure practices and transparent communication
with members, including the presence of identifiable data and potential
risks. Projects undergo a
risks. Activities undergo a
<a href="{% url 'direct-sharing:project-approval' %}">community review
process</a> prior to being made broadly available to members.
</p>
<p>
The following project data recipients are documented for Open Humans:
The following activity data recipients are documented for Open Humans:
</p>
<ul>
{% for project in project_data_recipients %}
Expand All @@ -155,17 +156,17 @@ <h4>Projects</h4>
</ul>
<h3>Time limits for erasure</h3>
<p>
Account data and project data should be permanently deleted after 60 days,
Account data and activity data should be permanently deleted after 60 days,
and are immediately removed from processing activities when requested
by a member. Logging data should be permanently deleted after 120 days.
</p>
<h3>Security measures</h3>
<h4>Pseudonymization and encryption</h4>
<p>
Project data shared with data recipient projects is done via randomly
assigned project-specific identifiers. Data itself may or may not
contain non-anonymous content. Projects are required by
<a href="{% url 'community_guidelines' %}#project">project guidelines</a>
Activity data shared with data recipient activities is done via randomly
assigned activity-specific identifiers. Data itself may or may not
contain non-anonymous content. Activities are required by
<a href="{% url 'community_guidelines' %}#activity">activity guidelines</a>
to make members aware of identifiable features in data they offer to add
to a member's account.
</p>
Expand All @@ -188,15 +189,15 @@ <h4>Ensuring ongoing integrity and security of processing systems and operations
<h4>Data preservation</h4>
<p>
Backups are automatically performed for account data on a daily basis, and
are retained for a minimum of one month. Backups of project data occurs
are retained for a minimum of one month. Backups of activity data occurs
automatically on a continuous basis and are retained for 60 days.
</p>
<h4>Security review</h4>
<p>
Projects are made broadly available on the site only after they pass a
Activities are made broadly available on the site only after they pass a
<a href="{% url 'direct-sharing:project-approval' %}">community review
process</a>. This provides an open forum for regular review
of security measures in the platform and project operations. Open Humans
of security measures in the platform and activity operations. Open Humans
also maintains a <a href="http://slackin.openhumans.org/">public community
chatroom</a> and <a href="https://github.com/openhumans">open source
repositories</a>, encouraging discussion and feedback on potential improvements.
Expand Down
38 changes: 19 additions & 19 deletions open_humans/templates/pages/gdpr.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@ <h3>You can do it yourself.</h3>
</p>
<h3>Right to access</h3>
<p>
All the data that projects have put into your Open Humans account is
All the data that activities have put into your Open Humans account is
available to you. You can download copies of these data at any time
from the relevant project pages.
from the relevant activity pages.
</p>
<p>
You can also see an <a href="{% url 'my-member-data' %}">overview of
Expand All @@ -40,21 +40,21 @@ <h3>Right to portability</h3>
<p>
Your data's portability to third parties, and your control over this,
is an important aspect of Open Humans. This enables you to participate
in various projects related to your personal data &ndash; from data
in various activities related to your personal data &ndash; from data
retrievals, to data analyses, to data donations.
</p>
<p>
We are not the gatekeepers to your data: you are. Anyone can
<a href="{% url 'create' %}">create a project</a> on the site.
Projects can immediately use our APIs and interact with members
that join it. If you join and authorize that project, it
has access: it's between you and the project.
<a href="{% url 'create' %}">create an activity</a> on the site.
Activities can immediately use our APIs and interact with members
that join it. If you join and authorize that activity, it
has access: it's between you and the activity.
</p>
<p>
However, we also want to balance this with the safety of our community
members. For a project to be available to all members (i.e. publicly
members. For an activity to be available to all members (i.e. publicly
listed and without a user cap), it must agree to our
<a href="{% url 'community_guidelines' %}#project">project guidelines</a>
<a href="{% url 'community_guidelines' %}#activity">activity guidelines</a>
and go through a <a href="{% url 'direct-sharing:project-approval' %}">community
review process</a>.
</p>
Expand All @@ -67,23 +67,23 @@ <h3>Right to privacy</h3>
</p>
<h3>Right to erasure</h3>
<p>
To delete files related to a specific project you're a member of:
To delete files related to a specific activity you're a member of:
</p>
<ul>
<li>Go to the project activity page</li>
<li>Withdraw from the project</li>
<li>Go to the activity page</li>
<li>Withdraw from the activity</li>
<li>When asked, say you also wish to delete associated data files</li>
</ul>
<p>
If you have withdrawn from a project in the past but didn't delete that
project's files from your account, that option is available on the project's
If you have withdrawn from an activity in the past but didn't delete that
activity's files from your account, that option is available on the
activity page.
</p>
<p>
Projects you've shared data with might have their own copies of your
Activities you've shared data with might have their own copies of your
personal data, outside Open Humans. How they manage this data is according
to their agreement with you. We provide tools to facilitate members making
data erasure requests for projects that support this.
data erasure requests for activities that support this.
</p>
<p>
To delete your account entirely, go to your
Expand All @@ -92,7 +92,7 @@ <h3>Right to erasure</h3>
<p>
When you delete your account or files, they are immediately removed. Your
data is deleted in our database, and any files you've added can no longer
be accessed by the website or by projects you've authorized.
be accessed by the website or by activities you've authorized.
</p>
<p>
Because Open Humans might be the only place a member has stored highly
Expand All @@ -108,9 +108,9 @@ <h3>Community leadership</h3>
highest level. Reflecting this, three of our nine board seats are
elected by the members of Open Humans.
</p>
<h3>Project features for GDPR compliance</h3>
<h3>Activity features for GDPR compliance</h3>
<p>
In addition to our own site complying with GDPR, we enable the projects
In addition to our own site complying with GDPR, we enable the activities
that operate within it to also comply. To that end, we have features on
our site that enable this &ndash; e.g. the ability to support data erasure
requests, with email notifications and/or an API webhook for full
Expand Down
2 changes: 1 addition & 1 deletion open_humans/templates/partials/activity-panel-info.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,7 @@ <h2>Project information</h2>
<div class="d-flex">
<p>
<a href="{{ project.review_url }}">See review in our forum</a>
<br><small class="text-muted">Projects are community reviewed! <a href="https://discourse.openhumans.org/t/project-review-guide/15">Read more about contributing.</a></small>
<br><small class="text-muted">Projects are community reviewed! <a href="https://forums.openhumans.org/t/activity-review-guide/15">Read more about contributing.</a></small>
</p>
</div>
</div>
Expand Down
Loading

0 comments on commit c6149f6

Please sign in to comment.