<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://wikideal.net/w/index.php?action=history&amp;feed=atom&amp;title=Policies%2Fen%2FData-Publication-Guidelines</id>
	<title>Policies/en/Data-Publication-Guidelines - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://wikideal.net/w/index.php?action=history&amp;feed=atom&amp;title=Policies%2Fen%2FData-Publication-Guidelines"/>
	<link rel="alternate" type="text/html" href="https://wikideal.net/w/index.php?title=Policies/en/Data-Publication-Guidelines&amp;action=history"/>
	<updated>2026-07-14T23:51:52Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.43.0</generator>
	<entry>
		<id>https://wikideal.net/w/index.php?title=Policies/en/Data-Publication-Guidelines&amp;diff=1603&amp;oldid=prev</id>
		<title>AI-Admin-Assistant: Migration block 2: create page adapted from Wikimedia Foundation Governance Wiki (CC BY-SA 4.0), proposal to be adopted</title>
		<link rel="alternate" type="text/html" href="https://wikideal.net/w/index.php?title=Policies/en/Data-Publication-Guidelines&amp;diff=1603&amp;oldid=prev"/>
		<updated>2026-07-05T01:36:15Z</updated>

		<summary type="html">&lt;p&gt;Migration block 2: create page adapted from Wikimedia Foundation Governance Wiki (CC BY-SA 4.0), proposal to be adopted&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;&amp;#039;&amp;#039;This is a draft version. Source: adapted &amp;#039;&amp;#039;&amp;#039;notably&amp;#039;&amp;#039;&amp;#039; from the Wikimedia Foundation Governance Wiki, https://foundation.wikimedia.org/wiki/Legal:Data_publication_guidelines (CC BY-SA 4.0), with changes. Status: proposal, to be adopted. See the [[Policies/en/Disclaimer|detailed disclaimer]].&amp;#039;&amp;#039;&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;In simple words:&amp;#039;&amp;#039;&amp;#039; publishing statistics about the platform (how many users, how many contracts signed, in which countries) is useful and transparent, but publishing numbers that are too precise could identify individual people. This page proposes rules for publishing data safely: risk levels, thresholds (for example, never publish a statistic about fewer than 25 users), and a checklist before any publication.&lt;br /&gt;
&lt;br /&gt;
__TOC__&lt;br /&gt;
&lt;br /&gt;
= Data publication guidelines =&lt;br /&gt;
&lt;br /&gt;
The right to privacy is at the core of how communities would contribute to the WikiDeal platform, and upholding this right is intended to be central to the human rights commitments of the Ynternet.org Foundation. These data publication guidelines describe best practices for managing risk in data publication. They complement the [[Policies/en/Data-Retention-Guidelines|data retention guidelines]] and the [[Policies/en/Data-Collection-Guidelines|data collection guidelines]], and would contribute to the commitment to protect users&amp;#039; data as elaborated in the [[Policies/en/Privacy-Policy|Privacy policy]].&lt;br /&gt;
&lt;br /&gt;
On WikiDeal, aggregated usage statistics are part of the data published by design (for example, how many contracts of a given template were signed). These guidelines propose the thresholds and reviews that would keep such publications safe for individual users.&lt;br /&gt;
&lt;br /&gt;
== Data publication risk tiering grid ==&lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
! &amp;#039;&amp;#039;&amp;#039;Data classification&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
! &amp;#039;&amp;#039;&amp;#039;Confidential&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
! colspan=&amp;quot;2&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Restricted&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; rowspan=&amp;quot;2&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Risk level&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
| &amp;#039;&amp;#039;&amp;#039;Tier 1: High risk&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
| &amp;#039;&amp;#039;&amp;#039;Tier 2: Medium risk&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
| &amp;#039;&amp;#039;&amp;#039;Tier 3: Low risk&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
|-&lt;br /&gt;
| Data that could &amp;#039;&amp;#039;certainly&amp;#039;&amp;#039; be used to cause harm&lt;br /&gt;
| Data that could &amp;#039;&amp;#039;likely&amp;#039;&amp;#039; or &amp;#039;&amp;#039;possibly&amp;#039;&amp;#039; be used to cause harm&lt;br /&gt;
| Data that is unlikely to be used to cause harm or is private for administrative reasons&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; | Examples (non-exhaustive list)&lt;br /&gt;
|&lt;br /&gt;
* Data containing personally identifiable information (see the [[Policies/en/Privacy-Policy|Privacy policy]])&lt;br /&gt;
* Granular analyses of&lt;br /&gt;
** countries on the country protection list&amp;lt;ref name=&amp;quot;cpl&amp;quot;&amp;gt;The &amp;#039;&amp;#039;&amp;#039;country protection list&amp;#039;&amp;#039;&amp;#039; would be a reference guide for countries potentially dangerous for internet freedom; it is not indicative of a working relationship with each country. Such a list would be established for WikiDeal.&amp;lt;/ref&amp;gt;&lt;br /&gt;
** fundraising data&lt;br /&gt;
* Recurring data releases of medium risk data&lt;br /&gt;
|&lt;br /&gt;
* High-level analyses of&lt;br /&gt;
** countries on the country protection list&amp;lt;ref name=&amp;quot;cpl&amp;quot; /&amp;gt;&lt;br /&gt;
** fundraising data&lt;br /&gt;
* Granular analyses of&lt;br /&gt;
** countries &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;not&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039; on the country protection list&lt;br /&gt;
** Markets and Portals&lt;br /&gt;
** editing data&lt;br /&gt;
** interaction data&lt;br /&gt;
** reading data&lt;br /&gt;
* Recurring data releases of low risk data&lt;br /&gt;
|&lt;br /&gt;
* High-level analyses of&lt;br /&gt;
** countries &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;not&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039; on the country protection list&lt;br /&gt;
** Markets and Portals&lt;br /&gt;
** editing data&lt;br /&gt;
** interaction data&lt;br /&gt;
** reading data&lt;br /&gt;
* Any analyses that utilize [https://en.wikipedia.org/wiki/Differential_privacy differential privacy]&amp;lt;ref&amp;gt;This process requires specialist help to ensure that the differential privacy algorithm is correctly configured, as well as adequate documentation.&amp;lt;/ref&amp;gt;&lt;br /&gt;
* Collations and combinations of already-public data that it may be inconvenient or difficult for external parties to access&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Response time goal&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
| 3 work weeks&lt;br /&gt;
| 5 work days&lt;br /&gt;
| Not applicable&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; colspan=&amp;quot;4&amp;quot; | &amp;#039;&amp;#039;&amp;#039;What this would mean for the teams&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Follow-up actions&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
|&lt;br /&gt;
* Do not upload this data to servers outside the control of the Ynternet.org Foundation&lt;br /&gt;
* Clear outputs before committing code, even to private repositories&lt;br /&gt;
* The legal and security reviewers would consider publication of high risk data on a case-by-case basis after review and risk mitigation&lt;br /&gt;
|&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;Unsanitized data&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039; could be uploaded to &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;private&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039; servers outside of the Foundation (private repositories, internal messaging, shared drives)&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;Sanitized data&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039; is considered to be low risk, and could be uploaded to &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;public&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039; servers (public repositories, presentations, mailing lists). Data sanitization involves&lt;br /&gt;
** clearing all outputs that display raw data&lt;br /&gt;
** filtering out or obfuscating granular analyses as defined by the threshold table below&lt;br /&gt;
* The legal and security reviewers would consider publication of medium risk data on a case-by-case basis after review and risk mitigation&lt;br /&gt;
|&lt;br /&gt;
* This data could be uploaded to public servers (public repositories, presentations, mailing lists)&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
=== Frequently asked questions ===&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Q: What is the risk tiering grid used for?&amp;#039;&amp;#039;&amp;#039; The risk tiering grid would help teams that work with data know when their work requires privacy review by the legal and security reviewers.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Q: What are the key risks the tiering grid measures?&amp;#039;&amp;#039;&amp;#039; The key risks are on both the overuse and underuse ends of the spectrum. If the grid is used in such a way that too many things are triaged to the reviewers, then the review becomes a bottleneck for necessary workflow. On the other hand, if projects go live that would have been halted or mitigated under privacy review, that exposes the Foundation to privacy risks, including reputational, legal and security risks.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Q: Who are the intended audiences of the tiering grid?&amp;#039;&amp;#039;&amp;#039; Teams that work with data in product and technology.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Q: What is the process for updating the tiering grid or resolving tiering disagreements?&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
** Get privacy approval&lt;br /&gt;
** Anyone can initiate an update or amendment, but approval must be sought across the board before implementing&lt;br /&gt;
** Ongoing feedback immediately following launch, regular recalibration thereafter (for example every quarter or half year)&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Q: What should I do if I am unsure whether to reach out to the reviewers?&amp;#039;&amp;#039;&amp;#039; When in doubt, it is better to err on the side of caution and submit a review request.&lt;br /&gt;
&lt;br /&gt;
=== Threshold table ===&lt;br /&gt;
&lt;br /&gt;
Use this table to determine whether an analysis is &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;granular&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039; or &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;high-level&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;, informing which tier or risk level the analysis is considered as. Note: thresholds are determined based solely on the statistics being released; if you are only releasing information about edits, you do not need to account for how many contributors generated the edits.&lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;text-align: center;&amp;quot;&lt;br /&gt;
! rowspan=&amp;quot;2&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Data unit type&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
! colspan=&amp;quot;2&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Classification of analysis based on counts&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
|-&lt;br /&gt;
! &amp;#039;&amp;#039;&amp;#039;&amp;quot;Granular&amp;quot;&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
! &amp;#039;&amp;#039;&amp;#039;&amp;quot;High-level&amp;quot;&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Users (including unique devices)&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
| under 25&lt;br /&gt;
| 25 or more&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Edits&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
| under 50&lt;br /&gt;
| 50 or more&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; | &amp;#039;&amp;#039;&amp;#039;App interactions&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
| under 100&lt;br /&gt;
| 100 or more&lt;br /&gt;
|-&lt;br /&gt;
! scope=&amp;quot;row&amp;quot; | &amp;#039;&amp;#039;&amp;#039;Views&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
| under 250&lt;br /&gt;
| 250 or more&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
For reverts, report the rate and a rough total if the reverted edit count or total edit count are less than the threshold. For example:&lt;br /&gt;
&lt;br /&gt;
* If 8 out of 49 edits were reverted: &amp;quot;16.3% reverted (out of &amp;lt;50 edits)&amp;quot;&lt;br /&gt;
* If 49 out of 49 edits were reverted: &amp;quot;100% reverted (out of &amp;lt;50 edits)&amp;quot;&lt;br /&gt;
* If 20 out of 580 edits were reverted: &amp;quot;3.4% reverted (out of ~600 edits)&amp;quot; or &amp;quot;3.4% reverted (out of &amp;gt;500 edits)&amp;quot;&lt;br /&gt;
* If 50 out of 50 edits were reverted: OK to leave as-is (both counts meet the threshold)&lt;br /&gt;
&lt;br /&gt;
This guidance also applies to reporting below-threshold percentages for other data types.&lt;br /&gt;
&lt;br /&gt;
== Publication risk mitigation checklist ==&lt;br /&gt;
&lt;br /&gt;
This self-service checklist is intended to help data scientists and analysts lower the risk of a high or medium risk data publication, and reduce unintentional disclosures of private information.&lt;br /&gt;
&lt;br /&gt;
Before you post data publicly (which includes pushing a notebook to a public repository), have you:&lt;br /&gt;
&lt;br /&gt;
* entered this data publication into the data publication log (the concrete logging tool would be defined upon adoption of this proposal)?&lt;br /&gt;
* cleared outputs that display raw data?&lt;br /&gt;
* cleared outputs that display granular data (as defined in the threshold table above)?&lt;br /&gt;
* obfuscated or filtered out rows that display granular data (for example, replacing a count of users below 25 by &amp;quot;&amp;lt;25&amp;quot;, or removing rows below the threshold)?&lt;br /&gt;
&lt;br /&gt;
== General risk heuristics ==&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;Below, &amp;quot;X &amp;gt; Y &amp;gt; Z&amp;quot; means that X is riskier than Y, which is in turn riskier than Z.&amp;#039;&amp;#039;&lt;br /&gt;
&lt;br /&gt;
* Data type:&lt;br /&gt;
** Geography:&lt;br /&gt;
*** city &amp;gt; (sub-national) region &amp;gt; country &amp;gt; subcontinent &amp;gt; continent &amp;gt; global&lt;br /&gt;
*** country protection list &amp;gt; non-country protection list&lt;br /&gt;
** Device details:&lt;br /&gt;
*** raw user-agent &amp;gt; browser or OS type &amp;gt; device type&lt;br /&gt;
*** raw IP &amp;gt; partially-redacted IP range&lt;br /&gt;
** Temporal:&lt;br /&gt;
*** timestamp &amp;gt; hourly &amp;gt; daily &amp;gt; monthly&lt;br /&gt;
** Combinations of multiple keys &amp;gt; any key on its own (for example country + Market &amp;gt; country or Market)&lt;br /&gt;
* User activity type:&lt;br /&gt;
** fundraising activity &amp;gt; contracting activity &amp;gt; editing activity &amp;gt; interaction activity &amp;gt; reading activity&lt;br /&gt;
* Foundation activity type:&lt;br /&gt;
** data collection &amp;gt; data analysis&lt;br /&gt;
** granular analysis &amp;gt; high-level analysis&lt;br /&gt;
&lt;br /&gt;
== Contact us ==&lt;br /&gt;
&lt;br /&gt;
If you think that these guidelines have potentially been breached, or if you have questions or comments about compliance with the guidelines, please contact info@wikideal.net.&lt;br /&gt;
&lt;br /&gt;
== Notes ==&lt;br /&gt;
&amp;lt;references /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== See also ==&lt;br /&gt;
&lt;br /&gt;
* [[Policies/en/Privacy-Policy|Privacy policy]]&lt;br /&gt;
* [[Policies/en/Data-Collection-Guidelines|Data collection guidelines]]&lt;br /&gt;
* [[Policies/en/Data-Retention-Guidelines|Data retention guidelines]]&lt;br /&gt;
&lt;br /&gt;
[[Category:Migration June 2026]]&lt;br /&gt;
&amp;lt;!-- visible --&amp;gt;&lt;/div&gt;</summary>
		<author><name>AI-Admin-Assistant</name></author>
	</entry>
</feed>