From c6149f63b5996c6c60b501ebadfe0413a5e21f37 Mon Sep 17 00:00:00 2001 From: Mad Price Ball Date: Tue, 7 Apr 2020 12:02:17 -0700 Subject: [PATCH] Fix forum links, update project to activity in some places --- .../templates/pages/community_guidelines.html | 28 ++++++------ .../pages/data-processing-activities.html | 45 ++++++++++--------- open_humans/templates/pages/gdpr.html | 38 ++++++++-------- .../partials/activity-panel-info.html | 2 +- .../templates/direct-sharing/approval.html | 44 +++++++++--------- .../templates/direct-sharing/overview.html | 10 +++-- .../direct-sharing/partials/setup.html | 2 +- 7 files changed, 87 insertions(+), 82 deletions(-) diff --git a/open_humans/templates/pages/community_guidelines.html b/open_humans/templates/pages/community_guidelines.html index be2a0bd2e..ea81c8ee0 100644 --- a/open_humans/templates/pages/community_guidelines.html +++ b/open_humans/templates/pages/community_guidelines.html @@ -12,7 +12,7 @@
  • Naming Guidelines
    • -
  • Project Guidelines
    • +
  • Activity Guidelines
    • @@ -26,7 +26,7 @@

    Community Guidelines

    @@ -129,18 +129,18 @@

    Not otherwise misleading or confusing

    be misleading and are therefore not allowed.

    -
    -

    Project Guidelines

    +
    +

    Activity Guidelines

    Open Humans has the following practices that it expects connected studies - and other projects to follow. + and other activities to follow.

    Data management

    • Explain the data you'll receive

      - Give a plain English list of the data your project will access and + Give a plain English list of the data your activity will access and store. Describe the potential sensitivity and identifiability of this data. Give these lists to your participants or users, and (if you are a study) to your IRB or equivalent ethics board. @@ -158,7 +158,7 @@

      Data management

    • Explain what you will do with the data you'll receive

      Give a plain summary that explains what you will do with the data you - will access. Describe the kind of study or project you are running and + will access. Describe the kind of study or activity you are running and why you would like to access the data.

      @@ -171,7 +171,7 @@

      Data management

    • Explain your data privacy and security

      - You are responsible for how your project manages data. + You are responsible for how your activity manages data.

      Give a plain English description of how you will manage the data. @@ -191,9 +191,9 @@

      Data management

    • -

      Explain what happens with the data after a user leaves your project

      +

      Explain what happens with the data after a user leaves your activity

      - Users can leave your project on Open Humans at any time. Explain what + Users can leave your activity on Open Humans at any time. Explain what you will do with their data after this happens. (For example: will you delete your copies of their data?)

      @@ -227,10 +227,10 @@

      Data management

      For example, avoid unnecessary granularity that makes data more identifiable. If someone's year of birth is sufficient for your - project, don't ask for the month and day. + activity, don't ask for the month and day.

      • -

    • Share data with project members

      +

    • Share data with activity members

      Open Humans supports the philosophy of "equal access": when generating data about individuals, we should try to give them access to that data. @@ -238,7 +238,7 @@

      Data management

      participants access to resulting raw genome data.

      - Projects can use our APIs to upload data for their project members. + Activities can use our APIs to upload data for their activity members. Your data will be private in their account, where they will be able to manage it as an additional data source.

      @@ -277,7 +277,7 @@

      Security

    • Keep secrets secret

      - Your project will have secret keys, codes, and tokens, that + Your activity will have secret keys, codes, and tokens, that are used to authenticate identity and encrypt interactions. These MUST be kept secret (e.g. as local files or environment variable). You should use encrypted communications to share these with other diff --git a/open_humans/templates/pages/data-processing-activities.html b/open_humans/templates/pages/data-processing-activities.html index cc4eccb08..4b30fcdf9 100644 --- a/open_humans/templates/pages/data-processing-activities.html +++ b/open_humans/templates/pages/data-processing-activities.html @@ -10,7 +10,8 @@

      Open Humans: Records of Personal Data Processing Activit Per Article 30 of the European Union General Data Protection Act, this report documents Open Humans personal data processing activities in writing. Because our platform enables users to create new personal data inputs and outputs, we - maintain a semi-automated report based on the current active projects. + maintain a semi-automated report based on the current active "activities" (or + projects) within Open Humans.

      Name & contact details

      @@ -50,7 +51,7 @@

      Purposes of personal data processing

      Member-managed personal data sharing with third parties

      Members can explicitly opt-in to share selected personal data with arbitrary - third party projects that operate on the site. These projects include the + third party activities that operate on the site. These activities include the following potential uses members may wish to have:

        @@ -62,7 +63,7 @@

        Contact and notification

        Emails are collected from users to enable contact regarding events specific to their account, messages sent to them by other members or - projects, and substantive changes to the site, as well as newsletters + activities, and substantive changes to the site, as well as newsletters for users that opt-in to receiving these.

        Personalization

        @@ -104,15 +105,15 @@
        Logging data
        Primarily this contains IP addresses. This is collected by servers to enable us to audit usage and debug site issues.

        -
        Project data
        +
        Activity data

        - Projects deposit data at the explicit opt-in behest of a member to + Activities deposit data at the explicit opt-in behest of a member to their account. This data is typically personal data of diverse categories, and is known to include genetic data, location data, and other identifiable data.

        - The following project data sources are documented for Open Humans: + The following activity data sources are documented for Open Humans:

          {% for project in project_data_sources %} @@ -120,24 +121,24 @@
          Project data
          {% endfor %}

        Categories of data recipients

        -

        Projects

        +

        Activities

        - Projects operated in the site are potential recipients of personal data. - Data is only accessible by a project if a member explicitly opts in, - joining the project and authorizing Open Humans share one or more + Activities operated in the site are potential recipients of personal data. + Data is only accessible by an activity if a member explicitly opts in, + joining the activity and authorizing Open Humans share one or more categories of personal data in their account.

        - Projects are required to follow the site terms of use, which include - project guidelines + Activities are required to follow the site terms of use, which include + activity guidelines that mandate secure practices and transparent communication with members, including the presence of identifiable data and potential - risks. Projects undergo a + risks. Activities undergo a community review process prior to being made broadly available to members.

        - The following project data recipients are documented for Open Humans: + The following activity data recipients are documented for Open Humans:

          {% for project in project_data_recipients %} @@ -155,17 +156,17 @@

          Projects

        Time limits for erasure

        - Account data and project data should be permanently deleted after 60 days, + Account data and activity data should be permanently deleted after 60 days, and are immediately removed from processing activities when requested by a member. Logging data should be permanently deleted after 120 days.

        Security measures

        Pseudonymization and encryption

        - Project data shared with data recipient projects is done via randomly - assigned project-specific identifiers. Data itself may or may not - contain non-anonymous content. Projects are required by - project guidelines + Activity data shared with data recipient activities is done via randomly + assigned activity-specific identifiers. Data itself may or may not + contain non-anonymous content. Activities are required by + activity guidelines to make members aware of identifiable features in data they offer to add to a member's account.

        @@ -188,15 +189,15 @@

        Ensuring ongoing integrity and security of processing systems and operations

        Data preservation

        Backups are automatically performed for account data on a daily basis, and - are retained for a minimum of one month. Backups of project data occurs + are retained for a minimum of one month. Backups of activity data occurs automatically on a continuous basis and are retained for 60 days.

        Security review

        - Projects are made broadly available on the site only after they pass a + Activities are made broadly available on the site only after they pass a community review process. This provides an open forum for regular review - of security measures in the platform and project operations. Open Humans + of security measures in the platform and activity operations. Open Humans also maintains a public community chatroom and open source repositories, encouraging discussion and feedback on potential improvements. diff --git a/open_humans/templates/pages/gdpr.html b/open_humans/templates/pages/gdpr.html index 56bf40143..15486e182 100644 --- a/open_humans/templates/pages/gdpr.html +++ b/open_humans/templates/pages/gdpr.html @@ -28,9 +28,9 @@

        You can do it yourself.

        Right to access

        - All the data that projects have put into your Open Humans account is + All the data that activities have put into your Open Humans account is available to you. You can download copies of these data at any time - from the relevant project pages. + from the relevant activity pages.

        You can also see an overview of @@ -40,21 +40,21 @@

        Right to portability

        Your data's portability to third parties, and your control over this, is an important aspect of Open Humans. This enables you to participate - in various projects related to your personal data – from data + in various activities related to your personal data – from data retrievals, to data analyses, to data donations.

        We are not the gatekeepers to your data: you are. Anyone can - create a project on the site. - Projects can immediately use our APIs and interact with members - that join it. If you join and authorize that project, it - has access: it's between you and the project. + create an activity on the site. + Activities can immediately use our APIs and interact with members + that join it. If you join and authorize that activity, it + has access: it's between you and the activity.

        However, we also want to balance this with the safety of our community - members. For a project to be available to all members (i.e. publicly + members. For an activity to be available to all members (i.e. publicly listed and without a user cap), it must agree to our - project guidelines + activity guidelines and go through a community review process.

        @@ -67,23 +67,23 @@

        Right to privacy

        Right to erasure

        - To delete files related to a specific project you're a member of: + To delete files related to a specific activity you're a member of:

          -
        • Go to the project activity page
          • -
        • Withdraw from the project
          • +
        • Go to the activity page
          • +
        • Withdraw from the activity
        • When asked, say you also wish to delete associated data files

        - If you have withdrawn from a project in the past but didn't delete that - project's files from your account, that option is available on the project's + If you have withdrawn from an activity in the past but didn't delete that + activity's files from your account, that option is available on the activity page.

        - Projects you've shared data with might have their own copies of your + Activities you've shared data with might have their own copies of your personal data, outside Open Humans. How they manage this data is according to their agreement with you. We provide tools to facilitate members making - data erasure requests for projects that support this. + data erasure requests for activities that support this.

        To delete your account entirely, go to your @@ -92,7 +92,7 @@

        Right to erasure

        When you delete your account or files, they are immediately removed. Your data is deleted in our database, and any files you've added can no longer - be accessed by the website or by projects you've authorized. + be accessed by the website or by activities you've authorized.

        Because Open Humans might be the only place a member has stored highly @@ -108,9 +108,9 @@

        Community leadership

        highest level. Reflecting this, three of our nine board seats are elected by the members of Open Humans.

        -

        Project features for GDPR compliance

        +

        Activity features for GDPR compliance

        - In addition to our own site complying with GDPR, we enable the projects + In addition to our own site complying with GDPR, we enable the activities that operate within it to also comply. To that end, we have features on our site that enable this – e.g. the ability to support data erasure requests, with email notifications and/or an API webhook for full diff --git a/open_humans/templates/partials/activity-panel-info.html b/open_humans/templates/partials/activity-panel-info.html index 1554fc665..c1f369a2b 100644 --- a/open_humans/templates/partials/activity-panel-info.html +++ b/open_humans/templates/partials/activity-panel-info.html @@ -296,7 +296,7 @@

        Project information

        See review in our forum -
        Projects are community reviewed! Read more about contributing. +
        Projects are community reviewed! Read more about contributing.

    diff --git a/private_sharing/templates/direct-sharing/approval.html b/private_sharing/templates/direct-sharing/approval.html index 7814159e4..a337157c4 100644 --- a/private_sharing/templates/direct-sharing/approval.html +++ b/private_sharing/templates/direct-sharing/approval.html @@ -1,17 +1,17 @@ {% extends 'direct-sharing/layout.html' %} {% block content %} -

    The Open Humans Project Approval Process

    +

    The Open Humans Activity Approval Process

    - Open Humans projects are diverse: they may be managed by + Open Humans activities are diverse: they may be managed by individuals, research teams, organizations, and more. With the - exception of projects managed by Open Humans Foundation directly, - projects must apply for review to be “approved” on the site. This - removes a user limit cap & lists it publicly on Open Humans. Projects + exception of activities managed by Open Humans Foundation directly, + activities must apply for review to be “approved” on the site. This + removes a user limit cap & lists it publicly on Open Humans. Activities are approved by the Open Humans community - - following a discussion in our Discourse + + following a discussion in our forums .

    @@ -21,8 +21,8 @@

    How it works

    1. - A project requests approval, and a new topic is created - in Project + An activity requests approval via a new topic created + in Activity Reviews.
    2. @@ -35,16 +35,16 @@

      How it works

    - Project leads can create this topic on their own or ask the + Activity leads can create this topic on their own or ask the Open Humans team to help creating the topic by emailing - support@openhumans.org with the subject "Request for project approval". + support@openhumans.org with the subject "Request for activity approval". Please include a copy of your IRB approval documentation if you are requesting approval for a Study.

    - Projects that are already approved may undergo a re-review at any - time (at the request of Open Humans Foundation, the project owner, + Activities that are already approved may undergo a re-review at any + time (at the request of Open Humans Foundation, the activity owner, or a member of the community).

    @@ -55,12 +55,12 @@

    Voting

    Please vote Approve to support approval, or Deny to deny approval. Please give reasons, - especially when projects have issues that they might address + especially when activities have issues that they might address and/or others should be aware of.

    - Your vote may change if a project modifies itself in response to + Your vote may change if a activity modifies itself in response to concerns that are raised. If you change your vote, please edit to add the new vote, and retain the old vote with “strikethrough” (<s></s> HTML tags). @@ -80,7 +80,7 @@

    Guidelines for reviewers

    The primary question to answer is this: "Should this - project be visible and available for all Open Humans members to + activity be visible and available for all Open Humans members to join?"

    @@ -91,11 +91,11 @@

    Guidelines for reviewers

    - While following - Project Guidelines is expected of all projects, the review process is + While following + Activity Guidelines is expected of all activities, the review process is not necessarily limited to this. New situations may arise that lead the community to reconsider the guidelines themselves.

    diff --git a/private_sharing/templates/direct-sharing/overview.html b/private_sharing/templates/direct-sharing/overview.html index b31655153..ab6054e2b 100644 --- a/private_sharing/templates/direct-sharing/overview.html +++ b/private_sharing/templates/direct-sharing/overview.html @@ -3,16 +3,20 @@ {% load static %} {% block content %} -

    Projects on Open Humans

    +

    Activities on Open Humans

    -

    About projects

    +

    About activities

    + +

    Note: "activities" were previously called "projects" on our site, and updates to + this language change are in process! They refer to the same thing. +

    {% include 'direct-sharing/partials/about-projects.html' %}

    On-site or OAuth2?

    - There are two different types of projects you can set up, depend on how + There are two different types of activities you can set up, depend on how authorization and enrollment occurs.

    diff --git a/private_sharing/templates/direct-sharing/partials/setup.html b/private_sharing/templates/direct-sharing/partials/setup.html index b74463211..65ca12be7 100644 --- a/private_sharing/templates/direct-sharing/partials/setup.html +++ b/private_sharing/templates/direct-sharing/partials/setup.html @@ -146,7 +146,7 @@

    Creating a project

  • Review project guidelines.
    - Review our Project + Review our Activity Guidelines and ensure your project has good security and responsible data management practices before seeking project approval.