Policies Overview

We will always put Data Rights' independence first. 

We are conscious of the importance of our funding sources. For this reason, as long as we are a small entity we do not accept grants from any private entity. If we grow we will elaborate our policy, for instance by deciding on a certain percentage acceptable or with robust rules regarding how such money cannot be used on topics relevant for prof-profits.

Sources of funding so far: 

• Open Society Foundation
• Digital Freedom Fund
• Privacy International
  

We strive to uphold the General Data Protection Regulation (GDPR) in all of our activities. On top of the principles below we aim to apply strict retention times. Any question not answered here? Please check the privacy notice below or reach us!

“The worst enemy of security is complexity.”
– Bruce Schneier

• Keeping it simple: We do not engage with a gazillion of processors, or implement gadgets and trackers and whatnot. We will keep it simple, and use standardized methods and formats as much as possible. We will periodically review our practices to ensure we stay true to this principle.
• Data Minimisation: We collect personal data if necessary in relation to specified, explicit and legitimate purposes, and only where adequate and relevant. To the reasonable extent that is technically feasible with our capabilities, we will ensure our systems work without the need to retain directly-identifiable information, e.g. by applying pseudonymisation or other measures under data protection by design and by default principles.
• Third Parties: We will never sell personal data to third parties. This is a practice we condemn. Sometimes, we will need to provide personal data to third parties. For instance, we use a European data hosting service. We will always ensure third parties have adequate data protection and security policies, and we will enter into contract arrangements with them for any systematic or wide provision of personal data (whether they are acting themselves as recipient, controller, or processor on our behalf).
• Consequences for negligence: Data Rights expects the strictest respect of confidentiality from its team. 

We process personal data in the following contexts:

• to operate (HR, finance, IT, governance);
  
• to run the website's contact form;
• to support cases;
• during interviews;
  
• to respond when we are contacted.

In all these instances, Data Rights France will be a data controller. Depending on the context, recipients of your personal data may generally include: Board Members, advisors, and employees. All have agreed to comply with this Policy and, as applicable, are bound to confidentiality obligations. 

Your rights

You have the right to request access to and rectification or erasure of your personal data or the restriction of the data processing (I.e. how your data is used/retained/protected/etc) concerning you, or to object to processing as well as the right to data portability.

Address your request to: contact@datarights.ngo

You may also have the right to lodge a complaint with a data protection authorities. Do note that usually they will expect you to have first tried to resolve your concerns with us first before they are reached. The authorities are the CNIL, the Autoriteit Persoonsgegevens, or a data protection authority in your country.

International transfers

Our day-to-day activities do not involve the reliance on personal data being transferred outside of the EU.

When personal data is processed with international transfers for a project we notify individuals.

Access by Public Authorities

We have not received any request or order to provide access to personal data controlled or processed by us, by any public authorities, in relation to an investigation or specific law enforcement, intelligence or police operation. If we were we would challenge them to ensure strict legitimate necessity. In any case, the data minimization principle presented above is a strong safeguard with regards to what data we hold.

We do not use any cookies. And guess what? That's good for the environment!

With time we will probably look into ways to collect anonymised data to understand how the website is used by readers. For instance to know if there are projects we realise need to be promoted more. We see there are technologies developing to avoid having to use cookies. Solutions we would consider need to uphold strong data protection and cybersecurity standards and be energy efficient. We will update this section when find such solution and decide it is appropriate to try.

We periodically monitor the impact of our online presence using ecoIndex and ecograder.

We aim to continuously improve the ratio of sustainable energy we rely on, not just for the website. 

We see eco-friendly web design agencies are starting to bloom, like this one. We are excited to try services like this in the future.

Data Rights celebrates the diversity of European societies.

It is important for us to welcome individuals that wish to work with us or seek our support, regardless of their personal background or how they look. To quote artists working in the digital rights circles, ‘All creatures welcome!’.

In addition, diversity and inclusion need to be infused in the way we select projects. We want our work to be impactful, and our definition of impact includes who is impacted. For instance, before we join forces on a litigation case we ask ourselves whether the people that would benefit the most are already in a position of privilege. If so, our energy might be more useful elsewhere.

Indeed, Data Rights’ position is rooted in the mindfulness that technology has historically been in the hands of the most powerful players, serving primarily their own interests. Plus, Data Rights observes that technology multinationals are replicating feudal and colonial dynamics.

Data Rights is committed to fairness, equality, equity, diversity and inclusivity. To be precise, Data Rights recognizes that certain characteristics require particular attention to ensure that the level of historical and/or systemic disempowerment of individuals it taken into account. For instance, we note that many technologies are not developed with the elderly in mind or with the input of individuals of colour or neurodiverse individuals. It is a loss.

Let us know if you wish to see our complete policy.

We are mindful of our privileges and the power dynamics that are at play. We uphold Oxfam's Feminist Principles. These principles inspire us as they are not about women, but about every one needing to be kind and supportive to one another. In times of doubt these principles help us question our behavior and perspectives. Our favourite Principles are: 

• I share power
• I challenge my behaviour
• I want a supportive environment
• I believe in freedom of expression
• Eliminate gender-based violence

We like the idea that unless people specified the gender they wish to be associated with, one should not try to figure that out for themselves. This is basic privacy - why should we need to know? When one does not know someone's gender they should be referred to by "them/they". 

As we often work with the law we have observed that a lot of laws are written with the masculine gender. For instance, at the time of writing of this section, the Universal Declaration on Human Rights on the website of the UN uses the masculine to describe rights that are universal. For instance, "Article 12: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks." As feminists we strive to make these laws inclusive when we cite them in our work, by replacing "his" with "their". 

Non cis-male persons need to feel they are part of the world. We need to practice the change we want to see.

We pay a solution that retributes artists, to generate ethical original work. The images we use are from Shutterstock. We are considering releasing the pictures with a Public Domain License after some time. Ideally at some point we will receive donations, it is just fair that content we generate joins the Public Domain fairly soon.

With regards to Shutterstock's AI model, we can imagine the payments are not enough to sustain artists. It is the best option that we found. If you know of a better option please let us know, we are very interested!

So many websites hyperlink to broken links or worst, the end of the Internet!

We want to make sure going through the website is seamless and useful. For this reason we chose to have a position on link rotting. Most links need to be put in the Wayback Machine before reaching the website. In fact, we feel the Wayback Machine is playing such an important role to the internet ecosystem that we have decided to make donations to the Wayback Machine, and recommend other organisations, especially for-profits and entities paid with public money, do the same.

You may have noticed, some links have not gone through the Wayback Machine. That's probably because:

- The page is evolving and that evolution is relevant (like published metrics);

- The page is public but on a cloud. It seems the Wayback Machine has a data protection policy darkening screens when scanning a cloud page, possibly because it may have been made public by mistake and harm someone. Very thoughtful!;

- We would know if that page was to be down;

- We expect the page to evolve. For instance, the ethical website guide linked to above is a second edition. We expect EDRi will maintain this resource. You are better off being sent to the actual page, as there may be a new edition by the time to hit that side of the Internets.

That said, no system is perfect. If you spot a broken link it would be lovely if you could let us know.

This section does not apply to images generation. See the relevant section above.

Most of us use AI in the course of our work, for instance by using the online translation tool linguee/DeepL. We are not opposed to the use of AI in our work processes as long as we make sure that text written with AI is reviewed by two pairs of eyes.

In any case, we commit to having a parsimonious use of AI as we are acutely aware of its impact on the planet. Generating an image on Mid Journey requires the energy to charge a smartphone. This is absurd.

We strive to use and promote tools aligned with open source communities' ethos. An ethos of common digital goods and openness, to promote safety and accountability. Without lock-in! For instance, NextCloud hosting and Odoo business management features. If you are looking for more resources on the subject, this EDRi guide is a good starting point. 

Information security requires to be mindful of threat models to be proportionate. When appropriate we kindly invite partners to use tools that better uphold the ethos of open source communities (as long as they are maintained by an active community/business).