Telemetry Data Collection and Usage Policy
Effective Date: October 21, 2019
Software (whether open source or proprietary) sometimes includes functionality to collect Telemetry Data, which is a term to denote data about how the software is used or performing. Telemetry Data is often collected through a “phone home” mechanism built into the software itself. An end user deploying the software is typically presented with an option to opt-in to share statistical data with the developers of the software.
Any Linux Foundation project is required to obtain permission from the Linux Foundation before using a mechanism to collect Telemetry Data from an open source project. In reviewing a proposal to collect Telemetry Data, the Linux Foundation will review a number of factors and considerations.
For our purposes, “Telemetry Data” does not include aggregate statistics collected outside of the software. As an example, an aggregate count of total downloads of the software itself is not “Telemetry Data.”
The collection of Telemetry Data by open source software, and the use and distribution of Telemetry Data within a project community, can raise at least four relevant concerns for users of that software:
- individual data privacy: Does the Telemetry Data lead to the ability to track or uniquely identify the user? Even if it doesn’t, does the Telemetry Data otherwise include some form of personal information that is subject to laws and regulations, or even just that the user doesn’t realize is being shared?
- data confidentiality: Does the Telemetry Data result in any potentially business-sensitive information being sent to the project community? Does a business realize that the open source software is sharing this data? Even if a staff member clicked to consent, were they authorized to enable data sharing on behalf of their employer?
- awareness of collection: Does the software ensure that all relevant users and installers of the software are aware of the Telemetry Data collection, before it is enabled? Is it opt-out or opt-in? Can notices or consents be inadvertently bypassed when the software is installed through automated means?
- security of collection mechanism: Does the “phone home” functionality open up any inadvertent security vulnerabilities? Could those vulnerabilities be present even for users who refuse to enable Telemetry Data?
Open source projects should take special care before enabling the collection of Telemetry Data. Recent data privacy legislation across different jurisdictions also reflects the sensitivity of considerations surrounding these practices.
The following policy describes the Linux Foundation’s current policy towards Telemetry Data collection by its project communities.
By default, projects of the Linux Foundation should not collect Telemetry Data from users of open source software that is distributed on behalf of the project.
If a project community desires to collect Telemetry Data, it must first coordinate with members of the legal team of the Linux Foundation to undergo a detailed review of the proposed Telemetry Data and collection mechanism. The review will include an analysis of the following:
- the specific data that is proposed to be collected;
- demonstrating that the data is fully anonymized, and does not contain anything that can arguably be considered data about an individual (such as personal data, personally identifiable information, or similar concepts under applicable laws); that could be considered end user data; or that could be sensitive or confidential to users;
- the manner in which users of the software are (1) notified of all relevant details of the Telemetry Data collection, use and distribution; and (2) required to consent prior to any Telemetry Data collection being initiated;
- the manner in which the collected Telemetry Data is stored and used by the project community; and
- the security mechanisms that are used to ensure that collection of Telemetry Data will not result in (1) unintentional collection of data; or (2) security vulnerabilities resulting from the “phone home” functionality.
Requests for review should be coordinated with the project manager for the project, who will work with the legal team to conduct the review.
Telemetry Data should not be collected unless and until the legal team approves the proposed collection, and until the project community has implemented any requested changes thereto.
This policy applies only to Telemetry Data collected on behalf of the project itself, by the project software in its default source configuration. This policy does not apply to to Telemetry Data collected by third parties – including by individuals and entities who participate in the project – if they do so on their own behalf and using their own separate distributions of the project software.
This policy may be amended from time to time. Comments and feedback on this policy should be sent to firstname.lastname@example.org.