[其他]:CLA Privacy Concerns #4222
Comments
|
通过 GitHub 授权 CLA Assistant 时移除 URL 中的 |
|
可以挪到cfpabot上 然后我把隐私协议写好 |
已经提供可公开的邮箱,大部分用户是 github 邮箱,在 commit 消息中也有体现。而这个 CLA Bot 要求提供全部私人邮箱,这会涉及企业绑定的邮箱,有重大的隐私风险 |
@Cyl18 是否有进展 |
|
看了下 checks,似乎只是消息取消了 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Detailed information
The current CLA requires access to all of a user's mail, including private emails, which raises concerns about user privacy protection c, oncerns see cla-assistant/cla-assistant#730.
SAP SE, the service provider of CLAassistant, provides an unsatisfactory [Privacy Statement](https://gist.github.com/CLAassistant/ 3a73e4cd729c9d0a6e30#file-privacy-md), stating that it will pass on personal privacy data to third parties and possibly for advertising purposes. Furthermore, although the Privacy Statement indicates that the user has the right to withdraw consent, the user does not have the possibility to exercise this right independently, without restriction, in any circumstances and at any times (see cla-assistant/cla-assistant#648), in violation of the laws of the relevant states.
In addition, CFPAOrg is not a legal entity registered in any states or regions, nor does it provide any privacy statement or policy, and it cannot fulfill its obligations of secure and compliant data protection or any liability for infringement of rights after receiving personal information from its users.
详细信息
当前的 CLA 需要获取用户的所有邮件,包括私人邮件,这带来了关于用户隐私保护问题的担忧,参见 cla-assistant/cla-assistant#730。
CLAassistant 的服务供应商 SAP SE 提供了不令人满意的隐私声明,表示其将会传递个人隐私数据到第三方,并且有可能作为广告用途。另外,虽然隐私声明表示用户拥有撤销同意的权利,但用户并无可能独立地、不受限制的、在任何情况和时间下行使此项权利(参见 cla-assistant/cla-assistant#648),这违反了相关地区的法律。
此外,CFPAOrg 并无在任何国家或地区注册的法律实体,也没有提供任何的隐私声明和政策,其接收用户个人信息后,无法履行安全且合规的数据保护义务,也无法承担任何侵权责任。
The text was updated successfully, but these errors were encountered: