<div dir="ltr"><div dir="ltr">Hi Seb! I missed this :). Reactions inline but some of these matters are probably easier to discuss a different format.<div><br></div><div>On Tue, Oct 5, 2021 at 10:54 AM Sebastian Benthall <<a href="mailto:sbenthall@gmail.com" target="_blank">sbenthall@gmail.com</a>> wrote:<br></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Thomas,<div><br></div><div>Pro bono legal advice sounds good to me!</div><div><br></div><div>Regarding the substantive points, I'm not shooting anyone.</div><div>I am disagreeing with your interpretation.</div><div><br></div><div>I understand that the GDPR is written in a way that leads to these kinds of debates.</div><div>I think it's worth discussing what the "defense" of BigBang is, and I'm happy to do that.</div><div>I think we are far from making a decision about anything, but I think the status quo is defensible.</div></div></div></blockquote><div><br></div><div><font color="#9900ff">My understanding was that the status quo is about to change with BigBang making data available to others -- which raises a different set of concerns (analytically - under GDPR almost anything you can do with data is "processing").</font></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>@Seb: Don't shoot the messenger :). GDPR may be "clearly overbroad" but that's arguably by design - I'd be happy to interpret it more narrowly but I don't see how? In my understanding, the consent provisions in the <a href="https://www.ietf.org/privacy-statement/" target="_blank">IETF privacy statement</a> that you cite only apply to the IETF - not to BigBang or anyone else who acquires personal data initially submitted to ("collected by") the IETF.</div></div></div></blockquote><div><br></div><div>The question is whether IETF participants would reasonably expect transparency in electronic Internet media to involve processing by third-parties.</div><div><br></div></div></div></blockquote><div><font color="#9900ff">The question is: what kind of processing? (if one wants to rely on consent and not some other legal basis)</font></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div></div><div>Consider Google, which absolutely does collect and process this data as part of its being a searching engine: <a href="https://tinyurl.com/fsb4mafd" target="_blank">https://tinyurl.com/fsb4mafd</a></div><div>Do IETF contributors know that this processing is going to happen? Absolutely. They are the IETF.</div><div>You don't get an Internet without constantly processing data. UNLESS, and this is a question for you, "processing" is defined in some very narrow way. Is it?</div><div><br></div></div></div></blockquote><div><font color="#9900ff">I agree with all of this. I think one can sensibly make the claim that BigBang's processing is comparable even though the purposes are different: in Google's case, personal data is made accessible (and Google can say: that's what was being consented to - IETF is clear about transparency); in BigBang's case, the data is being analyzed to derive insights - did IETF participants consent to that?</font></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div></div><div>I understand that you are taking a somewhat formalist legal approach to interpret the GDPR here.</div><div>But a legal realist approach would suggest that if there's money to be made on suing people for misuse of IETF data, the first target would be a rich company like Google, not a handful of academics.</div><div><br></div></div></div></blockquote><div><font color="#9900ff">That's true but that's not how European data protection lawyers tend to think :).</font></div><div><font color="#9900ff">(Full disclosure for everyone else on this list: I used to be an European lawyer but I happily crossed the Atlantic to escape said formalism)</font></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div></div><div>If your legal counsel friends find that we are in violation of something, I'd encourage them to try to sue Google on behalf of the IETF.</div><div>The upside for the IETF could be very large.</div><div><br></div><div>In the meantime, that would buy us time for our public interest research.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div> By creating a dataset that contains "personal data" BigBang becomes a "controller" with corresponding obligations under GDPR. Note that the IETF statement explicitly states that ISOC also counts as third-party. The same applies, mutatis mutandis, to BigBang. </div></div></div></blockquote><div><br></div><div>I'm not clear on this -- BigBang is currently an open source software project.</div><div>We have been talking about setting up an organization which could offer curated data under some kind of license.</div><div>But we haven't created that organization yet.</div></div></div></blockquote><div><br></div><div> <font color="#9900ff">You can be a controller without being an organization. In BigBang's case, it would be the individuals who - together - decide why and how personal data is being processed (note that: sharing = processing).</font></div><div><font color="#9900ff"><br></font></div><div><font color="#9900ff">The relevant article of GDPR reads:</font></div><div><font color="#9900ff"><br></font></div><div><span style="background-color:transparent;font-family:Roboto-Light,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";font-size:16px;font-variant-numeric:normal;font-variant-east-asian:normal"><font color="#9900ff">‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;</font></span><font color="#9900ff"><br></font></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div><br></div><div>Rather, what's currently happening is that individuals are collecting and processing data locally using BigBang software, which they execute on their own machines.</div><div>BigBang software doesn't contain any data.</div><div> </div></div></div></blockquote><div><font color="#9900ff">Right - but that would change if you made a dataset available, no?</font></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>How IETF handles (personal) data is immaterial, in my view. The question is how BigBang handles personal data. The problem is that publicly available data remains protected as personal data under GDPR. I'm not sure whether one could claim that mailing list participants consented to processing of their emails beyond publication by IETF - it seems like a stretch to me, to be honest. Other grounds for processing are available, as discussed, but some data protection rights (eg Art 14 GDPR) don't go away and may be difficult to comply with.</div></div></div></blockquote><div><br></div><div>The implication here seems to be that if I run my own email server, and build a search engine over that email to find mentions of the word "sustainability", then I may be in violation of the GDPR because I'm using personal data that was sent to me without a consent form.</div></div></div></blockquote><div><br></div><div><font color="#9900ff">Note that <a href="https://policies.google.com/privacy?hl=en" target="_blank">Gmail's terms of service</a> explicitly address this issue: </font></div><div><font color="#9900ff"><br></font></div><div><font color="#9900ff">"We also collect the content you create, upload, or receive from others when using our services. This includes things like email you write and receive, photos and videos you save, docs and spreadsheets you create, and comments you make on YouTube videos."</font></div><div><font color="#9900ff"><br></font></div><div><font color="#9900ff">Followed by the relevant sections under:</font></div><div><font color="#9900ff"><br></font></div><div><font color="#9900ff">We use data to build better services<br>We use the information we collect from all our services for the following purposes: etc.</font><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div><br></div><div>In other words, according to your interpretation, the GDPR seems broadly inconsistent with email as a communications protocol.</div></div></div></blockquote><div><br></div><div><font color="#9900ff">I don't think so. GDPR simply continues to guarantee certain data protection rights, even if personal data is transmitted via email. That's not an inconsistency.</font></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div><br></div><div>Has there been any research on that topic? Perhaps previous legal research on the applicability of GDPR to email would shed light on what a hypothetical BigBang organization could do.</div><div><br></div><div> </div></div></div></blockquote><div><font color="#9900ff">I'm not aware of any papers that are directly on point. I think the discourse on research data is probably most relevant. See eg this paper: <a href="http://www.iiakm.org/ojakm/articles/2020/OJAKM_Volume8_1pp16-31.php">http://www.iiakm.org/ojakm/articles/2020/OJAKM_Volume8_1pp16-31.php</a> (discussing the problem of publicly available data; advocating for anonymization as a solution).</font></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 5, 2021 at 9:29 AM Niels ten Oever <<a href="mailto:mail@nielstenoever.net" target="_blank">mail@nielstenoever.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi all,<br>
<br>
I think this would be a relatively simple issue if the data storage is a regularly updated sync of authoritative archives, right? Because with an updated sync message would be removed downstream. We could make it obligatory for the usage of the data storage to do the same in the agreement?<br>
<br>
Best,<br>
<br>
Niels<br>
<br>
<br>
<br>
On 10/5/21 3:21 PM, Riccardo Nanni wrote:<br>
> Hi there!<br>
> <br>
> My two cents on this very interesting and important conversation, which I'm following closely. It is my understanding that GDPR recognises the 'right to be forgotten', so in my understanding that would apply to the mailing list in some way as well as the Datatracker.<br>
> However, the right to be forgotten is not absolute and is limited by issues of public interest. Should standard-making be recognised as public policy-making (and there would be good reasons to do so, though I'm not sure to what extent a judge would agree), it could be possible that this right were not to apply to the mailing lists.<br>
> <br>
> Hope this helps, at least a little bit...<br>
> Best,<br>
> <br>
> Riccardo<br>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
> *Da:* Bigbang-dev <<a href="mailto:bigbang-dev-bounces@data-activism.net" target="_blank">bigbang-dev-bounces@data-activism.net</a>> per conto di Sebastian Benthall <<a href="mailto:sbenthall@gmail.com" target="_blank">sbenthall@gmail.com</a>><br>
> *Inviato:* martedì 5 ottobre 2021 15:04<br>
> *A:* Colin Perkins <<a href="mailto:csp@csperkins.org" target="_blank">csp@csperkins.org</a>><br>
> *Cc:* <a href="mailto:bigbang-dev@data-activism.net" target="_blank">bigbang-dev@data-activism.net</a> <<a href="mailto:bigbang-dev@data-activism.net" target="_blank">bigbang-dev@data-activism.net</a>>; <a href="mailto:thomas.streinz@law.nyu.edu" target="_blank">thomas.streinz@law.nyu.edu</a> <<a href="mailto:thomas.streinz@law.nyu.edu" target="_blank">thomas.streinz@law.nyu.edu</a>><br>
> *Oggetto:* Re: [Bigbang-dev] Data sharing allowance<br>
> <br>
> That statement makes a good point that personal information in the DataTracker can be removed or modified at the data subject's request.<br>
> <br>
> It would be interesting to know if people can make similar interventions to mailing list archives.<br>
> <br>
> In any case that suggests that if we make any derivative data products available, we regularly update them from the sources (DataTracker) to bring in any recent changes, even for "historical" data.<br>
> <br>
> On Sat, Oct 2, 2021 at 12:54 PM Colin Perkins <<a href="mailto:csp@csperkins.org" target="_blank">csp@csperkins.org</a> <mailto:<a href="mailto:csp@csperkins.org" target="_blank">csp@csperkins.org</a>>> wrote:<br>
> <br>
> There’s also <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_help_personal-2Dinformation&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=-9MO3z8kU0U_iBUo_gpTOMfPxEuVggSb8XP6ZKvltyQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_help_personal-2Dinformation&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=-9MO3z8kU0U_iBUo_gpTOMfPxEuVggSb8XP6ZKvltyQ&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_help_personal-2Dinformation&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=-9MO3z8kU0U_iBUo_gpTOMfPxEuVggSb8XP6ZKvltyQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_help_personal-2Dinformation&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=-9MO3z8kU0U_iBUo_gpTOMfPxEuVggSb8XP6ZKvltyQ&e=</a> > and the IETF requests participants to consent to the use of their personal data as part of the meeting registration, etc.<br>
> <br>
> If there are questions about the way IETF handles personal data, then the IETF Executive Director, Jay Daley <<a href="mailto:exec-director@ietf.org" target="_blank">exec-director@ietf.org</a> <mailto:<a href="mailto:exec-director@ietf.org" target="_blank">exec-director@ietf.org</a>>>, should be able to help.<br>
> <br>
> Colin<br>
> <br>
> <br>
> <br>
>> On 2 Oct 2021, at 02:00, Sebastian Benthall <<a href="mailto:sbenthall@gmail.com" target="_blank">sbenthall@gmail.com</a> <mailto:<a href="mailto:sbenthall@gmail.com" target="_blank">sbenthall@gmail.com</a>>> wrote:<br>
>><br>
>> So there's a line about consent ...<br>
>><br>
>> "<br>
>><br>
>><br>
>> Your consent to disclosure<br>
>><br>
>> By providing us with your Personal Data, you are consenting to our disclosure and use of it for the purposes as described in this Statement"<br>
>><br>
>> But there are no purposes explicit in the document except the "commitment to transparency", which includes being "public... by electronic means", which the IETF would understand to include data processing because literally what Internet protocols do is process electronic publications?<br>
>><br>
>> Or is "process" a more limited term here that somehow does not include everything done in the operations of, say, making email archives available online through multiple indexed user interfaces, but does for some reason include plotting word usage over time (for example).<br>
>><br>
>> I think an interpretation of GDPR that disallows what we're doing with BigBang is clearly overbroad and will get pushback from much, much bigger fish in the ocean.<br>
>><br>
>><br>
>><br>
>> On Fri, Oct 1, 2021, 2:24 PM Stephen McQuistin <<a href="mailto:sm@smcquistin.uk" target="_blank">sm@smcquistin.uk</a> <mailto:<a href="mailto:sm@smcquistin.uk" target="_blank">sm@smcquistin.uk</a>>> wrote:<br>
>><br>
>> It's worth noting that some of the organisations hosting the mailing lists have explicit policies around participant's contributions. The IETF, for example, has this: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_privacy-2Dstatement_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=uH2g-iM-amfu3NSNXdJ7crTjKMwdv4oaW-26-slydVs&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_privacy-2Dstatement_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=uH2g-iM-amfu3NSNXdJ7crTjKMwdv4oaW-26-slydVs&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_privacy-2Dstatement_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=uH2g-iM-amfu3NSNXdJ7crTjKMwdv4oaW-26-slydVs&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_privacy-2Dstatement_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=uH2g-iM-amfu3NSNXdJ7crTjKMwdv4oaW-26-slydVs&e=</a> >. <br>
>><br>
>> Stephen<br>
>><br>
>>> On 1 Oct 2021, at 19:44, Thomas Streinz <<a href="mailto:tfs253@nyu.edu" target="_blank">tfs253@nyu.edu</a> <mailto:<a href="mailto:tfs253@nyu.edu" target="_blank">tfs253@nyu.edu</a>>> wrote:<br>
>>><br>
>>> <br>
>>> Thanks, Seb. I should have been clearer: the "making manifestly public" prong only helps with Article 9 - *but not with other provisions*. In terms of lawfulness of processing (Article 6), for example, there is a question whether one could rely on Article 6(1)(f) - legitimate interests by claiming that there is (global?) public interest in this (personal) data (contained in the emails) being publicly available or at least available to researchers. The problem with this prong is that it's ultimately a balancing exercise and there is a risk that a Court would say that the data protection rights of the data subjects outweigh the public interest in access to the emails they sent (this is one of many reasons why commercial actors so often rely on Article 6(1)(a) - consent). So, unfortunately, BigBang can't rest easy.<br>
>>><br>
>>> I'm also not quite sure (as in: genuinely uncertain) whether it's right to say that the authors of emails assumed that their input would be publicly available to (potentially) billions or mined by researchers in the way BigBang does? Doesn't it make a difference (normatively) that the community of Internet researchers was initially relatively small and close-knit and access to the public mailing lists only sought by insiders? <br>
>>><br>
>>><br>
>>><br>
>>> On Fri, Oct 1, 2021 at 1:19 PM Sebastian Benthall <<a href="mailto:sbenthall@gmail.com" target="_blank">sbenthall@gmail.com</a> <mailto:<a href="mailto:sbenthall@gmail.com" target="_blank">sbenthall@gmail.com</a>>> wrote:<br>
>>><br>
>>> Thanks so much, Thomas. Let me join the others in welcoming your input on this.<br>
>>><br>
>>> My two cents are that we are totally fine with respect to the GDPR, because:<br>
>>><br>
>>> > For example, it's not clear whether (for purposes of escaping the additional requirements for sensitive data under Article 9) the data subjects in question made the personal data contained in their email "manifestly" public (that is: with the intention of further processing) - did the participants foresee the eventual creation of BigBang?<br>
>>><br>
>>> The answer to this question is "Yes". Not specifically BigBang, of course, but these are the people designing Internet protocols, who are the least naive people on the planet about what it means to put data in clear text on the Internet. Since "further processing" of this data includes being indexed by search engines, which has been going on long before BigBang, and has no doubt been used by the participants as they engage these materials, the data absolutely IS manifestly public. We can rest easy.<br>
>>><br>
>>><br>
>>><br>
>>> On Fri, Oct 1, 2021, 6:22 AM Thomas Streinz <<a href="mailto:tfs253@nyu.edu" target="_blank">tfs253@nyu.edu</a> <mailto:<a href="mailto:tfs253@nyu.edu" target="_blank">tfs253@nyu.edu</a>>> wrote:<br>
>>><br>
>>> Hi group,<br>
>>><br>
>>> I have been a lurker on this mailing list for quite a while and I'm glad that I may be able to provide some context on this issue that may be helpful. Let me also state at the outset that the following does *not* constitute legal advice and that I won't bill you 300 Euros for it either (indeed, I'm afraid, that number may be way too low to get actual legal advice that goes beyond reciting the relevant provisions of GDPR).<br>
>>><br>
>>> That said, I found this guidance from IAPP (the international Association of Privacy Professionals which has evolved into a a quite influential organization): <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__iapp.org_news_a_publicly-2Davailable-2Ddata-2Dunder-2Dgdpr-2Dmain-2Dconsiderations_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=3JnMkWnTZeVxYgcAeIHZLy99tmQHPQsOyM5x3rSba5o&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__iapp.org_news_a_publicly-2Davailable-2Ddata-2Dunder-2Dgdpr-2Dmain-2Dconsiderations_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=3JnMkWnTZeVxYgcAeIHZLy99tmQHPQsOyM5x3rSba5o&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__iapp.org_news_a_publicly-2Davailable-2Ddata-2Dunder-2Dgdpr-2Dmain-2Dconsiderations_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=3JnMkWnTZeVxYgcAeIHZLy99tmQHPQsOyM5x3rSba5o&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__iapp.org_news_a_publicly-2Davailable-2Ddata-2Dunder-2Dgdpr-2Dmain-2Dconsiderations_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=3JnMkWnTZeVxYgcAeIHZLy99tmQHPQsOyM5x3rSba5o&e=</a> > Note how some of the guidance provided there is in tension with pervasive research practices, especially in data science fields ("when the data is part of official registers, such registers should be consulted on a need-to-know basis rather than copied in bulk just in case some data might be relevant").<br>
>>><br>
>>> My reading of this and the relevant provisions of GDPR suggests a ton of open questions, many of which indeed have not been resolved. For example, it's not clear whether (for purposes of escaping the additional requirements for sensitive data under Article 9) the data subjects in question made the personal data contained in their email "manifestly" public (that is: with the intention of further processing) - did the participants foresee the eventual creation of BigBang? It's also not clear to me how the requirements under Article 14 (need to inform data subjects) can be fulfilled in practice.<br>
>>><br>
>>> The scope of the research exception (Article 89) has been contested for a while and is a good example for the tensions in data protection law: researchers were worried that data protection law might make their work impossible; data protection activists were worried that a too broad exception would be exploited, including by commercial actors. The result is a terribly drafted provision. In my personal political opinion, I don't understand why Article 89 GDPR does not distinguish between public research in the public interest and private research in the private interest. I attach the leading commentary on Article 89, which unfortunately doesn't offer much useful guidance for our purposes. At least it references the relevant recitals at the beginning of GDPR which are part of the political compromise and can be helpful to understand better what the lawmakers had in mind (this is, for example, where the advice to use pseudonomization may be coming from, because<br>
>>> that idea is mentioned in the relevant recitals; I'm not convinced this actually solves the problem because even pseudonomized data remains personal data and it will often be easy to re-identify the individuals if one wants to). I'm wondering, however, if it might be feasible to make the datasets only available for research purposes and only to other researchers to stay within the bounds of the research exception?<br>
>>><br>
>>> Like Niels, I have been worried for a while that data protection law might eventually throw a wrench into the important work that this group is doing. I haven't been privy to the whole conversation so far. I assume that the issue is whether or not the datasets you have assembled can or should be shared, and if so, under what conditions?<br>
>>><br>
>>> Note that the exceptions for "public" archives don't apply because those provisions only refer to archives that are required by law (which is not the case for IETF mailing lists). As Niels suggests, under a functional analysis, this research should be treated the same as research scrutinizing public communications of parliamentarians. Unfortunately, I doubt that a European Court would see it that way.<br>
>>><br>
>>> Maybe we can discuss this at one of the next BigBang meetings, in case helpful. One literature that I haven't consulted this morning concerns the interplay between "open data" and data protection law, which may offer some cues as to what's legally possible and what's clearly off limits (eg this paper: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__papers.ssrn.com_sol3_papers.cfm-3Fabstract-5Fid-3D2695005&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=H6Re9N6OrcmQ8Eg6PQzZCoBT9HT7fj-e0X4V7VvDwz8&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__papers.ssrn.com_sol3_papers.cfm-3Fabstract-5Fid-3D2695005&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=H6Re9N6OrcmQ8Eg6PQzZCoBT9HT7fj-e0X4V7VvDwz8&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__papers.ssrn.com_sol3_papers.cfm-3Fabstract-5Fid-3D2695005&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=H6Re9N6OrcmQ8Eg6PQzZCoBT9HT7fj-e0X4V7VvDwz8&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__papers.ssrn.com_sol3_papers.cfm-3Fabstract-5Fid-3D2695005&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=H6Re9N6OrcmQ8Eg6PQzZCoBT9HT7fj-e0X4V7VvDwz8&e=</a> >). <br>
>>><br>
>>> Sorry this got so long. All best to all of you on this list (whether actively participating or just lurking) -- Thomas<br>
>>><br>
>>> PS: For browsing GDPR, I recommend: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__gdpr-2Dinfo.eu_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=3LQKffMtOQY8TTEcJW_kpSuum-u88GrDjwUL1fd9dDQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__gdpr-2Dinfo.eu_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=3LQKffMtOQY8TTEcJW_kpSuum-u88GrDjwUL1fd9dDQ&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__gdpr-2Dinfo.eu_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=3LQKffMtOQY8TTEcJW_kpSuum-u88GrDjwUL1fd9dDQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__gdpr-2Dinfo.eu_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=3LQKffMtOQY8TTEcJW_kpSuum-u88GrDjwUL1fd9dDQ&e=</a> > (which also lists the relevant recitals under each article)<br>
>>><br>
>>><br>
>>> On Fri, Oct 1, 2021 at 5:49 AM Niels ten Oever <<a href="mailto:mail@nielstenoever.net" target="_blank">mail@nielstenoever.net</a> <mailto:<a href="mailto:mail@nielstenoever.net" target="_blank">mail@nielstenoever.net</a>>> wrote:<br>
>>><br>
>>> Yeah, I was kinda of afraid for this. I would definitely support spending some money on the legal advice.<br>
>>><br>
>>> Weird thing is that data protection officers at university deal with this all very differently, I guess GDPR is also still a developing practice. So would be good to get a specialist to look at it.<br>
>>><br>
>>> One part of this that the person did not reply to, it that these mailinglists imho should be understood as public policy making. And policy makers have less expectations of privacy. I think that argument can also be made because the openness of the mailinglists is also explicitly used as legitimacy strategy for the standard-setting institutions.<br>
>>><br>
>>> Best,<br>
>>><br>
>>> Niels<br>
>>><br>
>>><br>
>>> On 9/30/21 11:01 PM, Christoph Becker wrote:<br>
>>> > Hi all,<br>
>>> > you might have noticed that here has been discussion on how we should share the datasets we have collected of public mailing archives. Our data format is quite different from how they are presented on GNU mailman or Listserv, which creates certain points of concern we should not neglect.<br>
>>> > I have been in contact with some people through the Prototype fund and have obtained the following advise:<br>
>>> ><br>
>>> > """<br>
>>> > Since you are dealing with "fully or partially automated processing of personal data" (Art. 2 Para. 1 GDPR), you fall under the provisions of the GDPR. Where you got the data from should be irrelevant for this point. Since you have collected the data without the consent of the persons, Art. 14 GDPR (information obligation if the personal data was not collected from the person concerned) could also be of interest. There are exceptions for scientific purposes (Art. 89 GDPR), but here too you have to pay close attention. Note that hashing mail addresses does not necessarily make the data "less dangerous". It would be better to pseudonymized the whole thing.<br>
>>> > My tip would be not to pass on any data, to refer to the scientific aspect of the processing and to spend € 200-300 on legal advice.<br>
>>> > """<br>
>>> ><br>
>>> > Through the Prototype fund we have the financial means to pay for legal advise.<br>
>>> > Please share your thoughts, comments, ideas.<br>
>>> ><br>
>>> > Best Wishes,<br>
>>> > Christoph<br>
>>> ><br>
>>> ><br>
>>> > --<br>
>>> > <><><><><><><><><><><><><><><><><br>
>>> > //<br>
>>> > /Christoph Becker /(/he/him/his/)///<br>
>>> > PostDoc at the/<br>
>>> > /<br>
>>> > Institute for Biodiversity and Ecosystem Dynamics and<br>
>>> > Institute for Advanced Study<br>
>>> > University of Amsterdam<br>
>>> > P.O.Box 94248, NL - 1090 GE Amsterdam<br>
>>> > The Netherlands<br>
>>> > <a href="http://christovis.github.io/" rel="noreferrer" target="_blank">christovis.github.io/</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__christovis.github.io_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=ifS9piVM7O31fc8AKpUqbzBbgY-xXMMyjljIP8oigLI&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=http-3A__christovis.github.io_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=ifS9piVM7O31fc8AKpUqbzBbgY-xXMMyjljIP8oigLI&e=</a> > <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__christovis.github.io_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=ZVATk_IeiqyeMm2n5u8DDKmvxJUjANEua9ce_ETyYmY&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__christovis.github.io_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=ZVATk_IeiqyeMm2n5u8DDKmvxJUjANEua9ce_ETyYmY&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__christovis.github.io_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=ZVATk_IeiqyeMm2n5u8DDKmvxJUjANEua9ce_ETyYmY&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__christovis.github.io_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=ZVATk_IeiqyeMm2n5u8DDKmvxJUjANEua9ce_ETyYmY&e=</a>> >/<br>
>>> ><br>
>>> > _______________________________________________<br>
>>> > Bigbang-dev mailing list<br>
>>> > <a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a> <mailto:<a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a>><br>
>>> > <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=pgSXsvdUDcyIdwWzzuG2nEnGqcHzA0ZFQL7R7qQOW5w&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=pgSXsvdUDcyIdwWzzuG2nEnGqcHzA0ZFQL7R7qQOW5w&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=pgSXsvdUDcyIdwWzzuG2nEnGqcHzA0ZFQL7R7qQOW5w&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=pgSXsvdUDcyIdwWzzuG2nEnGqcHzA0ZFQL7R7qQOW5w&e=</a>><br>
>>> ><br>
>>><br>
>>> -- <br>
>>> Niels ten Oever, PhD<br>
>>> Postdoctoral Researcher - Media Studies Department - University of Amsterdam<br>
>>> Affiliated Faculty - Digital Democracy Institute - Simon Fraser University<br>
>>> Research Fellow - Centre for Internet and Human Rights - European University Viadrina<br>
>>> Associated Scholar - Centro de Tecnologia e Sociedade - Fundação Getúlio Vargas<br>
>>><br>
>>> W: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nielstenoever.net&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=nfRmXWnggXqHU8A2tmrYcBp45DZ5g0ASFe1T57NR4s4&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__nielstenoever.net&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=nfRmXWnggXqHU8A2tmrYcBp45DZ5g0ASFe1T57NR4s4&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nielstenoever.net&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=nfRmXWnggXqHU8A2tmrYcBp45DZ5g0ASFe1T57NR4s4&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__nielstenoever.net&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=nfRmXWnggXqHU8A2tmrYcBp45DZ5g0ASFe1T57NR4s4&e=</a>><br>
>>> E: <a href="mailto:mail@nielstenoever.net" target="_blank">mail@nielstenoever.net</a> <mailto:<a href="mailto:mail@nielstenoever.net" target="_blank">mail@nielstenoever.net</a>><br>
>>> T: @nielstenoever<br>
>>> P/S/WA: +31629051853<br>
>>> PGP: 2458 0B70 5C4A FD8A 9488 643A 0ED8 3F3A 468A C8B3<br>
>>><br>
>>> Read my latest article on Internet infrastructure governance in Globalizations here: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.tandfonline.com_doi_full_10.1080_14747731.2021.1953221&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=RZamNp83LA7uP9EJSscHVW-OXZ0zPM5VQ9p5jiK3smI&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.tandfonline.com_doi_full_10.1080_14747731.2021.1953221&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=RZamNp83LA7uP9EJSscHVW-OXZ0zPM5VQ9p5jiK3smI&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.tandfonline.com_doi_full_10.1080_14747731.2021.1953221&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=RZamNp83LA7uP9EJSscHVW-OXZ0zPM5VQ9p5jiK3smI&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.tandfonline.com_doi_full_10.1080_14747731.2021.1953221&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=RZamNp83LA7uP9EJSscHVW-OXZ0zPM5VQ9p5jiK3smI&e=</a>><br>
>>><br>
>>> _______________________________________________<br>
>>> Bigbang-dev mailing list<br>
>>> <a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a> <mailto:<a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a>><br>
>>> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=pgSXsvdUDcyIdwWzzuG2nEnGqcHzA0ZFQL7R7qQOW5w&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=pgSXsvdUDcyIdwWzzuG2nEnGqcHzA0ZFQL7R7qQOW5w&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=pgSXsvdUDcyIdwWzzuG2nEnGqcHzA0ZFQL7R7qQOW5w&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=kfk0LmXR_KN7j89dcn1Aq1wYb3ZohW8qxS8pxEbaDXs&s=pgSXsvdUDcyIdwWzzuG2nEnGqcHzA0ZFQL7R7qQOW5w&e=</a>><br>
>>><br>
>>> _______________________________________________<br>
>>> Bigbang-dev mailing list<br>
>>> <a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a> <mailto:<a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a>><br>
>>> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=</a> ><br>
>>><br>
>>> _______________________________________________<br>
>>> Bigbang-dev mailing list<br>
>>> <a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a> <mailto:<a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a>><br>
>>> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=</a> ><br>
>><br>
>> _______________________________________________<br>
>> Bigbang-dev mailing list<br>
>> <a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a> <mailto:<a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a>><br>
>> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=</a> ><br>
> <br>
> <br>
> <br>
> -- <br>
> Colin Perkins<br>
> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__csperkins.org_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=Uq5_7cy6bFrMhxcq89161hfem5TjQKUkHmjz08069Wk&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__csperkins.org_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=Uq5_7cy6bFrMhxcq89161hfem5TjQKUkHmjz08069Wk&e=</a> <<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__csperkins.org_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=Uq5_7cy6bFrMhxcq89161hfem5TjQKUkHmjz08069Wk&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__csperkins.org_&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=Uq5_7cy6bFrMhxcq89161hfem5TjQKUkHmjz08069Wk&e=</a> ><br>
> <br>
> <br>
> <br>
> <br>
> <br>
> _______________________________________________<br>
> Bigbang-dev mailing list<br>
> <a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a><br>
> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=</a> <br>
> <br>
<br>
-- <br>
Niels ten Oever, PhD<br>
Postdoctoral Researcher - Media Studies Department - University of Amsterdam<br>
Affiliated Faculty - Digital Democracy Institute - Simon Fraser University<br>
Research Fellow - Centre for Internet and Human Rights - European University Viadrina<br>
Associated Scholar - Centro de Tecnologia e Sociedade - Fundação Getúlio Vargas<br>
<br>
W: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nielstenoever.net&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=l9NJByUTq6U0hj5i9eZajHzzjFfIIWmavFXFxO1oTyQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__nielstenoever.net&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=l9NJByUTq6U0hj5i9eZajHzzjFfIIWmavFXFxO1oTyQ&e=</a> <br>
E: <a href="mailto:mail@nielstenoever.net" target="_blank">mail@nielstenoever.net</a><br>
T: @nielstenoever<br>
P/S/WA: +31629051853<br>
PGP: 2458 0B70 5C4A FD8A 9488 643A 0ED8 3F3A 468A C8B3<br>
<br>
Read my latest article on Internet infrastructure governance in Globalizations here: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.tandfonline.com_doi_full_10.1080_14747731.2021.1953221&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=qZdOZz_jMXayyId2wcdpNQZEGHUb3P7Xwa-2-GHjnm4&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.tandfonline.com_doi_full_10.1080_14747731.2021.1953221&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=qZdOZz_jMXayyId2wcdpNQZEGHUb3P7Xwa-2-GHjnm4&e=</a> <br>
_______________________________________________<br>
Bigbang-dev mailing list<br>
<a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ghserv.net_mailman_listinfo_bigbang-2Ddev&d=DwIGaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=6izWEoU5Au7hYN0VzT06cQ&m=k_eIX8xHZcNSD1A1T9LBJwBMzfK8knwgnz3JRS35bQM&s=yx211zsWD-kLlE8F3YyqQQfijBcupxUTRN1vWfZ55TQ&e=</a> <br>
</blockquote></div></div>
_______________________________________________<br>
Bigbang-dev mailing list<br>
<a href="mailto:Bigbang-dev@data-activism.net" target="_blank">Bigbang-dev@data-activism.net</a><br>
<a href="https://lists.ghserv.net/mailman/listinfo/bigbang-dev" rel="noreferrer" target="_blank">https://lists.ghserv.net/mailman/listinfo/bigbang-dev</a><br>
</blockquote></div></div>
</blockquote></div></div>