Had a message from my pal this evening saying he’s been pulled into the office at the DZ after an unsolicited email from Dekunu with our profile photos and action details to say I am not happy is an understatement!
I get that our data is in the cloud, but sharing it and especially with our photos is proper GDPR territory!!
I should start by saying that the DZO and pretty well all the DZ staff are “technophobes” and still use analogue altis, that is the context of how an unsolicited email from Dekunu was received.
Specific issues they had:
It had a graphic included of “off-landings”. Fortunately this DZ follows the process but our governing body insists on incident reports for off landings as the Civil Aviation Authority monitors this as a measure as to whether a DZ is suitable. If this data was publically shared it could cause issues for any DZ.
It had a piece of data for average plane ride and this was just plain wrong, by a factor of 100%. Given that of the actions at the DZ in the last month 80% were by myself I know that the rported time was masisvely out. Again the DZO saw this a a real negative, if people look at the DZ data and see such a metric they would stay away.
It listed the users with Actions together with our profile pictures. That is a GDPR issue in itself but it also detailed how many actions each user had carried out at the DZ. The DZO challenged me as to what the hell is ‘outstanding for them to do’. Took me a while to work out what he meant but they just had no concept of the Dekunu terminology.
This report needs a rethink; it should be subscribed to by the DZO not sent unsolicited.
The data security needs to be explained on the report, who else can see the data? Where is it kept? What is and is not public? What is collated and shared with governing bodies?
The Dekunu terminology needs to be outlined.
Now for the real negative: the DZO is considering banning Dekunu’s as a result of seeing what data about his DZ is being collected and shared without his permission.
Bit of a data protection issue this one, and would be good to know Dekunu’s stance on this. I noticed the email we personally received around the same time stated “beta”; did the emails go to the DZ’s accidentally?
Hi @roundyuk and @Patch - thank you to alerting us to this. The DZ reports are currently in Beta and are definitely not intended to be comprehensive nor to violate any GDPR regulations. The overwhelming response from DZs so far has been positive however we know we can improve the strategy for the appropriateness of all stakeholders. We are reviewing the report content and strategy this week and will have an update for you before the next reports are due to be sent. We will also be in touch with the dropzone in question.
It’s good to hear you are reviewing this Brent, whilst I don’t object to my data being used to improve the Dekunu product, service and community; that was a proper curve ball with regard to what the DZ received.
As an organisation you should be asking the question “am I being transparent about what I am sharing and do I have good reason” even before you go down the route of what you should/shouldn’t share; what could the impact be on the individual?
To be honest, there should be an option to exclude yourself from the data share at the basic level; realistically the DZ only needs access to their “In the Loop” page IMHO https://dekunu.cloud/dropzone/805
I would suggest a thorough DPIA takes place before any further sharing of data is made
I am just hoping my cover hasn’t now been blown as in 1972, I was sent to prison by a military court for a crime I didn’t commit. I promptly escaped from a maximum security stockade to the Los Angeles underground. Today, I am still wanted by the government and only survive as a soldier of fortune!
Hi all, a quick update for you regarding this report.
We have reviewed the content and have decided to remove jumper names from it. To shine some additional light onto our thinking for the beta report I’d like to share what data was specifically included in the last report. We figured that each DZ is aware of each jumper who is there so we didn’t think it would be an issue to put the active jumpers names into the report - this was short-sighted, admittedly. There is a map highlighting landing locations for the month but no information linking landing locations to jumpers. For additional obscurity, the report was only sent if there were more than 5 Dekunu jumpers at that DZ for the month.
The next reports to go out to the dropzones will no longer contain jumper names.
We are always working on ways to leverage the Dekunu infrastructure to benefit many stakeholders and will continue to do so with privacy front and centre.
I thank you all for your input, as always. We are listening and take on board all feedback. This product is for everyone and with your input we can continually make it better.