It’s been a busy few months for my work on behalf of open source privacy initiatives. This is a periodic update on what I have been working on with the support of your sponsorship.
Cross-CMS open source privacy
In January the cross-CMS open source privacy working group – consisting of representatives from the privacy initiatives in WordPress, Drupal, Joomla, Umbraco, and Typo3’s privacy initiatives – got to work. Our vision is that “through collaboration, open source CMS projects can help transform our development communities into ones which empower user privacy through a positive and proactive approach to governance, standards, and tools, rather than a negative and reactive approach to privacy as a legal compliance obligation.”
On the internal level, we have set up a Github repo where we work in the open; we hold supportive weekly office hour chats, where we discuss what our projects have achieved and where we need further support; and we have begun giving talks at each others’ conferences in support of the cross-project work.
On the external level, we’ve learnt that the greatest practical need right now is for us to support each others’ projects in creating and resourcing privacy initiatives, help projects to acknowledge those teams within project governance structures, and help privacy initiatives to define the scope of their work.
One example of the ways we are supporting each other has been creating a draft auditing framework which developers of plugins, modules, and extensions can use to evaluate the privacy health of their work. The questions deal with general privacy principles rather than specific legal requirements, and can be customised to each project’s codebases and data handling issues. Have a look and leave a comment.
Mozilla Open Leaders
In January I was accepted into the Mozilla Open Leaders training programme, an intensive 14 week course on developing leadership skills for open source projects, in support of my work in the cross-CMS open source privacy initiative. There are, as far as we know, very few precedents for open source teams collaborating across projects, so it is important that we establish our own governance and approaches correctly. The programme is equipping me with the practical skills needed to set up a new open project, as open by design, from the start. The mentor and cohort support is also helping me to navigate the small-p politics of working across multiple complex open source projects.
One of the best things about the Mozilla project is that participation brings you into the Mozilla network of experts and projects – all of whom sincerely want to help me and our project succeed. I’m making the most of it!
WordPress.org core-privacy team
I continue to provide weekly input and support to the WordPress.org core privacy team, which works to ship enhancements to the base standard of privacy for 33.3% of the sites on the open web, while also supporting the work of the development ecosystem. This week the team shipped its V2 roadmap where we outlined our plans for what we’ll be working on in 2019. It’s a beauty.
I am incredibly proud of what a relatively small team has accomplished, as well as how several members of that team are beginning to develop leadership skills in privacy well beyond simple ticket fixes.
Last weekend I spoke at DrupalCamp London about the cross-CMS privacy initiative to a small but very receptive group of developers.
I have two upcoming talks in April: first, a pep talk for mobile app developers at CodeMobile in Chester; and second, a half-day workshop on building privacy-conscious projects at PHP Yorkshire in York.
The latter is a test run for a toolkit I’m developing for projects and companies to use to integrate best privacy practice on the governance, project, and code levels – so I’d really love to see you there.
23 days to go
Finally, I continue to track the implications of Brexit for the tech and digital sectors in the UK at https://afterbrexit.tech. What’s ahead will impact all of our work, open source or not, and it is important for us to have the facts we need to react accordingly.
Bills bills bills
As always, I am seeking out further sources of financial support for my work on open source privacy so that I can keep the lights on and the rent paid. The Mozilla programme has taken my time commitments on open source privacy to over 20 hours per week; and believe me, those are 20 pretty intense hours, all of which remain unpaid and unsupported by any project.
If you know of projects, developers, influencers, or companies which would be willing to sponsor my time, please direct them here.
I will not use your details for any purpose other than to email you an occasional update.