-23

Mods can view some PIIs of SE users. There seems to be no easy for regular (non-moderator) users to view if/when a moderator accessed their PII.

Feature request: allow regular (non-moderator) users to easily view if/when a moderator accessed their PII. By easily, I mean not having to contact mods/SE/admins but instead click somewhere and see the info.

Motivation: Checking if the access to PIIs is justified. Transparency increases trust. Lack of transparency decreases trust.

Improve this question
14
  • It would also be in compliance with GDPR: Article 13, section 1, parts (C) and (F). See ICO website or the UK's Govt website if you want it in English, EU if you want other languages. An issue that would reflect on the law applicable would be that mods live in countries different from the member (potentially).
    – W.O.
    Commented Feb 14 at 5:41
  • 3
    @W.O. The section/parts of the GDPR you reference have nothing to do with this feature request.
    – Makyen
    Commented Feb 14 at 5:50
  • 14
    @FranckDernoncourt Just knowing that some portion of your PII was accessed gives you no information that allows you to determine if that access was justified. It just tells you that the access happened. To know if it was justified, you would need to know the circumstances surrounding that access, which is, usually, inappropriate to disclose, and in many cases may be illegal to disclose, because it involves one or more other users
    – Makyen
    Commented Feb 14 at 5:54
  • 2
    @Mayken. The policy re mods and data is currently a mess. The company are required to set this all up when someone joins the site, giving notifications as to who has access ("the company" is insufficient). Mod data-access absolutely should be notified to the user there and then, but it wasn't (esp. re exporting data outside the user's country, the right to demand that data is erased, etc..). We should therefore have had (every one of us) notifications that update the users with that info. Have you had such a notification? I haven't.
    – W.O.
    Commented Feb 14 at 5:55
  • @W.O. That's a completely separate issue that has nothing to do with this feature request.
    – Makyen
    Commented Feb 14 at 5:57
  • 1
    It's backstory as to what should have happened, but didn't - consequently this query arises, which it shouldn't need to if everything had been sorted from the start. @Makyen
    – W.O.
    Commented Feb 14 at 5:58
  • @W.O. This feature request would have been written as it is regardless of any such prior specific, explicit disclosure to users at the time of collecting PII of the fact that moderators can view PII. Frank is (or should be) well aware that moderators can view PII. The issue you have is that users are not specifically told that moderators have access to PII. That's a very different issue than what is in this feature request. Feel free to create a new question which brings up that issue.
    – Makyen
    Commented Feb 14 at 6:05
  • 1
    @Makyen No, but it allows users to become aware that there was an access. Without that info, it's hard to know if there was an unjustified access.
    – Franck Dernoncourt
    Commented Feb 14 at 6:20
  • 2
    @W.O. The fact that moderators can access some PII is disclosed in the Privacy Policy. I, personally, don't feel what's stated there adequately describes the limited scope of what moderators can view, but someone else could see it as adequate. So, SE/SO's compliance with what you are concerned with is, at worst, debatable.
    – Makyen
    Commented Feb 14 at 6:22
  • Thanks for the link. I'm thinking about it, but there seems quite a bit to cover and investigate and I'm not sure I'd get an answer anyhow, but I'm still contemplating it, yes. @Makyen It's of great and increasing significance in the modern world.
    – W.O.
    Commented Feb 14 at 6:25
  • @Makyen It's super easy to know if it was justified or not. You simply run to meta with a corresponding question whenever you notice a mod accessed your precious PII. ;-)
    – Christian Rau
    Commented Feb 14 at 12:46
  • 1
    @Makyen My TransAmerica credit reports tell me when someone asks for a review of my credit history. It provides no information but is provided, as Franck suggests, for the sake of transparency and so I can ask questions like, "hey, why did you ping my credit history?" I would think that what's good for TransAmerica would also be good for Stack Exchange.
    – JBH
    Commented Feb 14 at 19:46
  • 2
    @JBH Who accessed your credit report is provided by credit reporting companies for multiple reasons, not the least of which is that the number of inquiries about your credit report directly affects your credit score and the wiliness of lenders to lend to you. In part, that's needed because your credit data can be requested by nearly anyone. What credit reporting companies provide is substantially different than what's asked for here. This feature request asks for, effectively, a dynamic list which a user can regularly check any time they want, potentially many times in a day.
    – Makyen
    Commented Feb 14 at 20:13
  • 2
    @JBH What credit reporting companies provide is more analogous to having information about PII accesses be available through a GDPR data request. Requesting PII access data be included with the data provided in response to a GDPR data request would be a different feature request. However, such information may already exist in the data returned with a GDPR data request response. I'd suggest checking to see if it is already there prior to creating a feature request to have it included. Having that data included in the response to a GDPR data request would likely be received more positively.
    – Makyen
    Commented Feb 14 at 20:13

2 Answers 2

Reset to default
18

No. I think it would be a bad idea, because this will most likely cause a flood of users ranting all around "mod accessed my private info!!!1!!!" in every possible platform.

Most people won't really understand, or accept, the fact the moderators sometimes need to check their private info for legit reasons. It's very like the concept of downvotes: for most people, it's personal, bad, and some even consider it toxic and abusive, even if the downvotes were totally justified.

So let's not give them more fuel, please.

Improve this answer
2
  • "this will most likely cause a flood of users ranting all around "mod accessed my private info!!!1!!!" in every possible platform." how about allowing access only to users with at least x rep?
    – Franck Dernoncourt
    Commented Feb 14 at 8:03
  • 13
    @FranckDernoncourt yeah this might help a bit, but judging from cases I've seen, even high rep users get very sensitive for downvotes sometimes, and same can happen if/when they'll be aware their private info is being accessed. Also, it doesn't feel like a privilege, so kind of wrong to tie it up with rep, IMO.
    – Shadow Wizard
    Commented Feb 14 at 8:08
8

Without knowing why moderators accessed your PII, this information is useless. There could be queries in the moderator tools that hypothetically return all the addresses of users who were interacting with the system in a particular time range. Your PII might be in that query, but the moderator wasn't specifically looking at your user account.

I don't think it would be reasonable to expect a moderator to provide a reason every time they might need to access a report that contains someone's IP address or email address. The type of PII a moderator has access to is not extremely sensitive PII, like banking information or health information. I think being able to request whether a moderator on a specific site accessed your PII within a specific time range is transparency enough.

Improve this answer
2
  • From what I know (not directly) there's a button moderator has to click to confirm viewing user's PII, pretty sure the request here is only for that, not for low level access via reports or e.g. by staff in the db.
    – Shadow Wizard
    Commented Feb 14 at 12:52
  • 6
    @ShadowWizardLoveZelda I was a moderator and I can think of multiple ways I might have accessed someone's IP address without targeting them directly. That doesn't mean the access wasn't logged, but I don't have visibility into that low a level. You may be right though that aggregation is out of scope. The system might assume (incorrectly) that the only way I can associate that IP address with a specific user is by clicking certain links.
    – ColleenV
    Commented Feb 14 at 13:12

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .