From bd7ad0926ad8343033b8f302a568f5cd626500ea Mon Sep 17 00:00:00 2001 From: aaronshaw Date: Mon, 22 May 2023 11:38:05 -0700 Subject: [PATCH] initial commit of a research data request under the GDPR submitted to cdsc in the context of Carl's work collecting material from fediverse servers. --- ...bject_access_request_response-20230512.txt | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 data_access_requests/Fediverse-Subject_access_request_response-20230512.txt diff --git a/data_access_requests/Fediverse-Subject_access_request_response-20230512.txt b/data_access_requests/Fediverse-Subject_access_request_response-20230512.txt new file mode 100644 index 0000000..6ee5aa0 --- /dev/null +++ b/data_access_requests/Fediverse-Subject_access_request_response-20230512.txt @@ -0,0 +1,24 @@ + +Greetings ændra! + +Thank you for your message (https://hackers.town/@aendra/110015379039669420) and apologies for our failure to respond until now. The account you messaged is a group-managed Mastodon account held by our research collective and we do not monitor its incoming messages. As a result, we did not see your message until today! + +With respect to your Subject Access Request, we are happy to provide the information you asked for. We have identified several posts from the current and old accounts you mentioned in the data that we have gathered through our scraper. We have, per your request, provided those posts as a CSV (attached in a moment). + +We don't collect IP addresses, so we do not have any information related to that aspect of your request. + +The data was originally acquired by a script which collects data from Fediverse server public timelines including public statuses, server metadata, and federation peers. This means that posts from individual accounts or servers that do not provide public timelines may have been gathered because they were included in the public timelines of other servers. The script does not collect any direct messages, followers only messages, or unlisted messages. In an effort to be transparent, the scraper is also registering as an application with every server that it connects to and the application website contains contact information to facilitate followup. + +You did not request details about the purpose of our work, but we think it might help provide useful context. You've found the public web presence of the Community Data Science Collective already, so we won't reproduce any background about the research collective. The specific project for which the scraper in question is being used aims to test several theories about communication on federated and decentralized social media. At the moment, we have one work-in-progress study using Fediverse data that investigates the effects of defederation events. In any/all of our studies, we do not intend to publish or release identifiable data in any form. + +We appreciate your consideration and patience in this matter. If you have additional questions or would like to discuss any aspects of our work further, please be in touch. + +Sincerely yours, +Aaron Shaw + + + + +Aendra's message: +Under Article 15 of the UK General Data Protection Regulation (#GDPR) I hereby submit a Subject Access Request for ANY and ALL personally identifiable information (PII) you hold on me, which includes (but is not limited to) my usernames (@aendra, formerly @aendra@4estate.media) or IP addresses. Please send any relevant data as ideally a CSV or JSON file, to either @aendra on Keybase, or by emailing an archive encrypted using the public key linked on my profile to data[at]aendra.com. Please also report how that data was originally acquired. +Upon receipt of this message, you have one calendar month to comply as per your statutory duties, regardless of where in the world you or your servers are situated. This is just how #GDPR works, I don't make the rules.