Putting Policies On GitHub
3 min read
Over the last few years, we have been looking at ways in which privacy policies and data stewardship can be improved. Over that time, one of the issues we have encountered repeatedly is that it is difficult to track how and why policies change over time. This lack of transparency hurts people who want to learn about privacy, and how an application treats student data. It also hurts companies - these decisions should be part of organizational culture, and losing them means losing an opportunity to see how a company has evolved and improved over time.
These issues are addressed via a small, simple change: placing terms of service, privacy policies, and other related policy docs on GitHub. Over on the Clever blog, Mohit Gupta has a great blog post describing how to get this done.
The short version: to get started here, all you need to is create a repository on GitHub that contains your terms. Ideally, use this structure: COMPANY_NAME/policies. Use Clever's terms as an example.
Putting policies on GitHub creates some immediate benefits that will accrue over time.
- Increase transparency - Terms on GitHub are easy to find.
- Create an annotated log of changes - Git (the system used on GitHub) is designed to manage changes in a codebase over time. If we apply this to privacy policies, this means that every change to a policy can be created with a corresponding note explaining why the change occurred. Over time, this creates an annotated list explaining every change.
- Creates an opportunity to close the gap between policy creation and software - Generally, gaps exist within companies between policies and developers. Policies governing the use of software are often created without any contact with the people who develop the actual software. This disconnect can result in policies that have little connection to how the software works, and policies that drift away from the organizational mission. Putting terms on GitHub makes them available in a space that is immediately accessible to developers.
- Provides clear starting points and best practices for new companies - I have spoken with a lot of new companies who are concerned with getting policies right, but don't know where to start. Placing terms on GitHub creates an easily accessible, very visible starting point: a new company can fork and modify terms. This is no substitute for working with a lawyer who is versed in education, but having ready access to existing terms will help provide a solid foundation.
Putting terms on GitHub is not a panacea - this won't magically fix weak terms. However, making terms of service and policies available to broader audiences in an accessible format will help more people understand how data gets used - and doesn't get used - in software. Creating concrete steps that help companies commit to greater transparency helps shift norms around privacy. Creating tools that help us identify sound practice allows us to improve the conversation around privacy, one facet at a time.
Most importantly, this is something that can be done now.
I'm very happy to say that a group of companies have already committed to getting their policies on GitHub. In the next 1-2 weeks, we will be announcing the "official" launch, and doing some additional outreach. If you want to get your terms onto GitHub and be part of the initial announcement, please get in touch.
