privacyguides/privacyguides.org
1
1
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2026-03-04 05:20:35 +00:00
Code Issues Activity
Files
48892749ccd819e4d2766ee67bccebc925098dd2
privacyguides.org/docs/activism/toolbox/tip-protect-your-allies.md
Em 48892749cc update!: Add Activism section (#3197) 
Signed-off-by: Em <em@privacyguides.org>
Co-authored-by: Jonah Aragon <jonah@privacyguides.org>
2026-03-03 00:00:38 -06:00

107 lines
5.3 KiB
Markdown
Raw Blame History

---
title: Protect Your Allies
description: Through your privacy work, it's crucial to protect the data of your allies in all that you do, whether it's individual action or leading an organization.
icon: fontawesome/solid/shield-heart
cover: activism/banner-toolbox-tip-protect.webp
---
Through your privacy advocacy work, be careful to never collect or share the data of others without their prior explicit consent. It's crucial to **protect your allies' data** in all that you do, whether it's individual action, organizing an event, or leading an organization.
Here's what you can do to safeguard the data of your privacy comrades:
## Where we might collect and share the data of others
There are many ways we might collect the data of others in the course of our advocacy, sometimes without even realizing it.
It's important to develop an awareness of the data we collect and share ourselves, and protect the data of others with the greatest care. Not only is this critical for [integrity](tip-stay-true-to-your-principles.md), but it's also fundamental to build and keep the trust of our allies. This in return is essential to build and grow our movement.
Here are a some examples of other people's data we might collect or share in the context of our privacy advocacy work, whether intentionally or inadvertently:
<div class="grid" markdown>
<div markdown>
- [ ] Contact information (personal advocacy or professional work)
- [ ] Donation information (including legal names, emails, and phone numbers)
- [ ] Purchase information (including legal names and shipping addresses)
- [ ] Mailing list email addresses
- [ ] Email content
- [ ] Instant messaging content
- [ ] Forum post content
- [ ] Login credentials
- [ ] Internet Protocol (IP) addresses
- [ ] Website telemetry data
- [ ] Website cookies and fingerprinting data
- [ ] Chatbot logs
- [ ] Survey answers
- [ ] Shared documents
</div>
<div markdown>
- [ ] Shared photos and images
- [ ] Legal names of people on work contracts or partnership agreements
- [ ] Home addresses of people on work contracts or partnership agreements
- [ ] Resumes and cover letters from job applicants
- [ ] Recordings or screenshots of video or audio meetings
- [ ] Behind-the-scene video footage from interviews
- [ ] Videos we take during meetups, events, or protests
- [ ] Photos we take during meetups, events, or protests
- [ ] License plates information from event photos or event parking lot management
- [ ] Security camera footage
- [ ] Dietary restrictions/preferences and health information for events
- [ ] Screenshots of people's social media posts
- [ ] And so much more
</div>
</div>
## How to protect the data of others
Each time we collect data from others, we become its guardian. This isn't a small responsibility, and we should always treat the data of others as [toxic asset](https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html).
We should always only collect and keep what was obtained consensually, and what is strictly required for operations.
Regardless of the data we have to collect, we should always make sure to:
1. **Minimize** data collection by verifying that it is absolutely necessary for the task ([data minimization](https://en.wikipedia.org/wiki/Data_minimization)).
2. **Ask for consent** from the data subject *before* collecting any data, and make sure consent is explicit and informed.
3. **Protect** the collected data with adequate and proportional security measures, ideally using [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption) every time this is possible.
- If this data needs to be shared with a third-party or a service provider, obtain data subject's consent prior to sharing, and verify the third-party or service provider offers adequate protections and proper deletion mechanisms.
4. **Delete** the data as soon as it isn't needed anymore, and ensure deletion is done thoroughly.
### Some practices to normalize in our advocacy work
- [x] Asking for consent before sharing someone's information (legal name, location, contact information, photos, etc.).
- [x] Asking people what name and pronouns they want to be referred to publicly.
- [x] Asking people how (and if) they would like to be credited publicly.
- [x] Asking for permission before using the quote of someone else in our own work.
- [x] Asking for permission before publishing a screenshot of someone else's post.
- [x] Respecting people's choices to show their face publicly or not.
- [x] Asking for consent before taking photos at meetups or events.
- [x] Blurring the faces of strangers in crowd photos (especially for children).
- [x] Using consent badges for photo permission at event, or ideally forbidding taking nonconsensual photos entirely.
- [x] Warning people in advance when there are recording technologies on premise (such as smart speakers or other recording devices).
- [x] Not requiring guests to sign up for events. Making sure all the information is public, without requiring to provide any personal information in order to participate.
## More resources
- [Data is a toxic asset (*Bruce Schneier*)](https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html)
- [The importance of protecting the data of others (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/)
View Git Blame Copy Permalink