-75

Activity Data section within the Users Preference page

Stack Overflow and Stack Exchange sites currently have an “Activity data” section within the Users Preference page. It looks like this:

a depiction of the activity data section on the profile preference page

What’s changing?

Our Trust & Safety team has determined that both sections currently found on the preference page are legacy and obsolete for the following reasons:

  • For the first section, data subject rights requests, including information/access and data portability requests, can be submitted here in accordance with our Privacy Policy.
  • For the second section, these preferences are managed via the cookie consent preference center which can be accessed by selecting “Cookie Settings” in the site footer.

In an effort to provide a uniform and compliant solution, as well as to streamline the data privacy experience, we will be removing the Activity data section from the profile preference page on February 26th, 2024.

To manage your on-site activity and content relevancy, we have and will continue to rely on your cookie setting preferences, which you can update by selecting “Cookie Settings” at the bottom of any Stack Overflow or Stack Exchange page and confirming your settings. The cookie consent preference center dialog has the option to select only necessary cookies or customize your settings.

We understand this change may impact how you’ve accessed some of these settings in the past and we apologize if this update creates any disruption to your workflow.

Google Conversion Pixel Deprecation

Another change, led by Google, is that on February 22, 2024, Google Ad Manager is ending support for all advertising publishers for Spotlight activities and conversions as part of the third-party cookies phased deprecation. Therefore, we will no longer provide advertisers with a Google conversion pixel with their campaign on Stack Overflow or any Stack Exchange site. This change will not impact users; however, we wanted to share this update with the community.

We are making updates to various resources for our advertising partners to reflect this change, and will also be removing this information from our Privacy Policy in the next periodic update.

If you have any questions, concerns, or feedback about these updates, our team is here to help. We will monitor your responses until the changes take effect and we will reply to what we can. Thank you for your understanding as we work to improve our site’s legal compliance and implement best practices concerning data privacy.

Improve this question
16
  • 102
    that seems like a much more difficult process to obtain activity data than the existing one.
    – Kevin B
    Commented Feb 15 at 17:42
  • 6
    How does this affect the annoucement made here - or are we talking about different categories of pixels?
    – Journeyman Geek
    Commented Feb 16 at 2:13
  • 4
    "we might show you questions" - how? where? .... what? The stuff that shows up when I click active, hot, week, month? Does that show me different lists based on anything other than what I have on ignore? – "recommendations" ? If those show up in the cookie box then I'll never see them. I ad-blocked that 10y ago. "this change may impact how you’ve accessed some of these settings in the past" yeah: can't. But don't care.
    – Mazura
    Commented Feb 16 at 3:04
  • @Mazura see comments here might shed some light.
    – Shadow Wizard
    Commented Feb 16 at 8:09
  • 23
    Accept all is easy. “Cookie Settings” at the bottom doesn't have a single button for none, ever, under any circumstances whatsoever. If you really wanted to streamline it.....
    – Mazura
    Commented Feb 17 at 2:02
  • 72
    How exactly does a multi-step data request submission that requires the user to manually fill out a form and also manual staff involvement to fulfill "obsolete" a simple already functional one-click solution?
    – goldPseudo
    Commented Feb 17 at 2:13
  • 12
    The German localisation of policies.stackoverflow.co/data-request is actually Dutch in large parts
    – Bergi
    Commented Feb 17 at 3:27
  • @Bergi: Oh wow, it certainly is. Specifically, the "You can use this form [...] visit our Privacy Policy." text at the top, and the descriptive text under "Country and User Type" ("We are a global service provider [...] the more restrictive timeline.") is all translated into Dutch instead of German – even though the text field labels (and the descriptive text under "Please Provide Us with More Details") do seem to be correctly translated into German. Weird.
    – V2Blast
    Commented Feb 18 at 20:23
  • 14
    I can't resist myself but I wonder if genAI was involved in translation 😁
    – Journeyman Geek
    Commented Feb 19 at 2:02
  • "For the second section, these preferences are managed via the cookie consent preference center which can be accessed by selecting “Cookie Settings” in the site footer." - Do you know what doesn't work if you have an ad blocker? If you guessed "The cookie settings link in the footer", you win! (previously reported a month ago)
    – Andy
    Commented Feb 19 at 4:07
  • I tried requesting data from the page specified above. When I submitted a request for "Access", two buttons requesting "Data Deletion" were added to my request. I did not want to request any deletion of data.
    – robjohn
    Commented Feb 20 at 16:54
  • I do not use either of settings myself, but I am worrying when existing features gets removed, made obscure, complicated, unobvious, etc. I expect to see new shiny and useful feature, but I only see stupid ones (Collectives, Discussions, etc.) so I am using all my chances to show my unhappiness by giving a thumbs down.. sorry.
    – Sinatr
    Commented Feb 22 at 9:12
  • 1
    "For the second section, these preferences are managed via the cookie consent preference center which can be accessed by selecting “Cookie Settings” in the site footer." In the cookie consent preference center, I can't find an option allowing to "show more relevant content". What specific option should I activate to do that? And does it change anything compared to the current option? (e.g. if I activate the relevant option, will you now share this data with partners of yours? -assuming this wasn't already the case)
    – J-J-J
    Commented Feb 23 at 8:07
  • 11
    "to streamline the data privacy experience" - Did you mean complicate, obscure, or confuse?
    – rgettman
    Commented Feb 27 at 19:36
  • 1
    streamline means meta.stackexchange.com/questions/398127/… ?
    – Toseef Khilji
    Commented Mar 6 at 10:09

5 Answers 5

Reset to default
162
+500

Please don't call this streamlining

In an effort to provide a uniform and compliant solution, as well as to streamline the data privacy experience, ...

Before: click a link, download data.

After: somehow find your way to the "submit a data request" page, fill out a form, explaining in words what data you want and why, enter a CAPTCHA, wait some unspecified amount of time for it to be actioned by a human, and then get some sort of notification, and hopefully download the data.

This is...not streamlining.

You have your reasons for doing what you're doing, but it's an insult to our intelligence to call it "streamlining" the process.

Improve this answer
4
  • 2
    is it possible that the new process provides more data than what the old data provided? I suppose it possibly could be less too
    – Kevin B
    Commented Feb 21 at 2:33
  • 7
    I can't agree more. Really. Well said!
    – Shadow Wizard
    Commented Feb 21 at 8:06
  • 1
    @KevinB It's entirely possible that there are benefits to users, yes. But usability does not appear to be one of them.
    – Steve Bennett
    Commented Feb 23 at 3:17
  • @KevinB The new process isn't new, it must have existed for a while already, for regulatory reasons.
    – Cornelius Roemer
    Commented Feb 28 at 22:36
84

A clarification question.

The first point you are planning to remove states that "Stack Overflow never sells or shares your activity data with third parties."

The current profile section stating no data is shared

Some time ago ColleenV pointed out that

if you are allowing a third-party advertiser to know what page I'm on when you serve their ad and you allow them to send a tracking pixel that uniquely identifies me, you ARE sharing my activity data with a third party

To which Sasha replied:

I have asked our legal team to look into this to make sure the language used accurately reflects what happens on the back end.

Screenshot of the original comment by Sasha, in case it gets deleted

Consider the timing, should we take this change as a confirmation that the legal team suggested to remove that line as it didn't match what was really happening?

Update: I have just noticed that one of the available request types on the data request page is... "Do not sell my information".

enter image description here

Improve this answer
16
  • 2
    Pretty sure Legal doesn't approve of any language they didn't craft :) Of course the legal team would recommend shifting everything to the policy documents they've written.
    – ColleenV
    Commented Feb 16 at 12:30
  • 2
    @ColleenV I am just trying to get some transparency since it looks like your posts were the trigger for this sudden "streamlining".
    – SPArcheon - on strike
    Commented Feb 16 at 12:44
  • 1
    I don't doubt they were based on Sasha's comment. I don't need credit for that; I'd just like it fixed. If you ask Legal "is this OK" they'll definitely say "no" if it touches any part of an existing policy that was written by Legal.
    – ColleenV
    Commented Feb 16 at 12:51
  • 14
    @ColleenV Sorry, I wasn't clear. I was not doing this because I wanted them to credit you. If the things are related as it seems I simply want them to recognize they had a problem and were sharing data despite claiming not to instead of trying to present this as an unrelated change done out of kindness to improve the user experience. It is a matter of transparency. It would be bad enough realizing that data was shared despite claiming it wasn't but trying to "hide" that issue behind some buzword would be worse.
    – SPArcheon - on strike
    Commented Feb 16 at 13:07
  • 4
    You understand that they can't publicly admit certain things because it opens them to liability right? No competent legal department would allow a staff member to confirm in writing that they had misleading language around their privacy practices for years on the user preferences page.
    – ColleenV
    Commented Feb 16 at 13:51
  • 15
    @ColleenV nor does that mean they should get a free pass for it, at least not under the current messed up relationship with the community.
    – SPArcheon - on strike
    Commented Feb 16 at 14:08
  • 1
    They just missed some text on a user preferences page that was at one point true. I don't think they need to be beat up for fixing it. I actually am happy with how quickly they responded. I'd be happier if they weren't involved in creepy intrusive advertising, but that battle isn't going to be won until there's no money in it, or new laws are passed. Demanding that they open themselves up to litigation because feelings isn't productive.
    – ColleenV
    Commented Feb 16 at 14:19
  • 8
    @ColleenV would have been fine with something like "In an effort to provide a uniform and compliant solution, as well as to update the user experience to the current policy, we will be removing the Activity data section from the profile preference page on February 26th, 2024.". Just something that acknowledge that the thing needed to be update without looking like they were doing this out of charity. Again, this is not "streamlining", this is just "updating"
    – SPArcheon - on strike
    Commented Feb 16 at 14:25
  • 2
    They aren't going to say anything that implies that they were ever out of compliance with their policy. It would be an incredibly stupid thing to do. They aren't streamlining this for charity. They're doing it to make their lives easier because maintaining things in multiple places is a PIA. It's a good thing they gave us advance notice with some detail. I'm not going to nitpick their wording.
    – ColleenV
    Commented Feb 16 at 14:29
  • 1
    @ColleenV Sure, you may be under order to not speak about something, but you can't be ordered to lie about it. If they were indeed allowed to say it that way, they'd say so explicitly. That they didn't say anything means, therefore, that they did perceive it that way. See: Warrant canary for another example.
    – Sonic the Anonymous Hedgehog
    Commented Feb 16 at 19:42
  • 2
    @SonictheAnonymousHedgehog Lawyers often prohibit things that will muddy the legal waters, like having a casual paraphrase of something that is stated explicitly in a policy. It doesn't mean they think they couldn't defend that statement in court or that my layperson's confusion about it is accurate. Warrant canaries are a completely different thing. By "Legal" I meant SE's legal department, not "legal" as in complies with the law.
    – ColleenV
    Commented Feb 16 at 19:56
  • 2
    Two birds with one stone. If I want to change this, now I'd have to un-U-Block the cookie box. If it's got the wrong language then it needs to change. But why make the easy button into a hoop to jump through?
    – Mazura
    Commented Feb 17 at 1:50
  • 1
    Where is that data request page where I can request not to sell my activity?
    – Florian F
    Commented Feb 19 at 23:35
  • 2
    @FlorianF I think you are looking for this page. I am currently trying to clarify what the intended use of the "Do not sell my information" option is.
    – SPArcheon - on strike
    Commented Feb 20 at 8:59
  • 2
    How about an option not to sell or share my information?
    – robjohn
    Commented Feb 20 at 16:37
59

For the second section, these preferences are managed via the cookie consent preference center which can be accessed by selecting “Cookie Settings” in the site footer.

Are they? Cookie Settings lets me configure a browser session, but the existing system lets me configure my account. I don't even know which of the Cookie Settings options corresponds to Activity data. By moving things from Site Settings to a per-session configuration panel, you're making it harder to indicate consent, whereas I don't see that that's necessary.

(There is a trend for companies to only provide the options required by the "industry standard" interpretation of applicable law. Stack Exchange is slowly moving to follow that trend. I don't like it.)

Cookie Settings is surely a misnomer by now. Activity data is very much server-side: it has almost nothing to do with cookies. Please reconsider the UX of this (third-party) consent management system: if I have no idea what I'm consenting to, what does that say for the actual target audience of such communications (casual first-time visitors)?

Side note: I have Performance, Functional and Targeting Cookies set to off, but Activity data set to on – because I'm fine with Stack Exchange having my data, but not with third-parties called out by Amnesty International having it. I don't expect your new system to allow me to express this preference.

Therefore, we will no longer provide advertisers with a conversion pixel with their campaign on Stack Overflow or any Stack Exchange site.

This is misleading. You provide some advertisers with a retargeting pixel on their ads, which can be used just fine as a conversion pixel. (Well, it can in Plausible and Matomo, anyway.)

This ambiguity in mSE communication would be fine if your Cookie Policy explained more precisely what's going on. But, while you comply with the "industry standard" interpretation of how to inform your users, I am not informed. Which is, y'know, the actual requirement under applicable law.

Improve this answer
6
  • 15
    When I read privacy policies like this, I feel like I am informed about how well the company will protect my privacy, which is not at all. The only reason to do this to users is because the company is going to be as intrusive as is legally permissible. If this was about informed consent, people would have to opt-in to tracking. But then companies might have to offer something of real value to entice people to choose to be tracked.
    – ColleenV
    Commented Feb 19 at 10:56
  • 1
    We will no longer provide advertisers a Google conversion pixel with their campaign on Stack Overflow or any Stack Exchange site. This update only relates to Google's conversion pixel.
    – Emerson StaffMod
    Commented Feb 21 at 16:22
  • 2
    @Emerson Thanks for clarifying. That's not what the announcement says. It is how I read it, after researching the topic, but my original hunch was largely cynicism. It might be worth editing the question.
    – wizzwizz4
    Commented Feb 21 at 21:39
  • 1
    @wizzwizz4 I see what your saying. I made an edit to be more specific in the question.
    – Emerson StaffMod
    Commented Feb 22 at 17:10
  • 3
    What is the difference between a "retargeting pixel" and a "conversion pixel"? Does anyone who doesn't work in marketing analytics know these terms?
    – Steve Bennett
    Commented Feb 23 at 3:20
  • 2
    @SteveBennett A “retargeting pixel” tracks someone that has already been seen on another site related to that advertiser, i.e. stalks them across the internet. A conversation pixel tracks users who have interacted with a particular ad, i.e. helps advertisers measure how well an ad is working. And yeah, I had to look it up to understand the difference.
    – ColleenV
    Commented Feb 23 at 11:29
21

I'm assuming the privacy policy will be updated as part of this change to remove references to controlling privacy settings in the user's Account Settings, so here are a few places I found some writing issues in the current policy that would be nice to fix:

At the top of the policy it says

...owned and operated by Stack Exchange, Inc. (“Stack Overflow”, “we” or “us”),...

"Stack" isn't included in that list.

We may on occasion share this information with third parties with whom we have contracts for products and services to assist Stack.

In this next sentence I would expect "cookies and similar technologies" instead of just "cookies" because this policy doesn't explain that the usage of "cookie" encompasses similar technologies. "Cookies and similar technologies" was used earlier, so leaving off the last part and directing readers to the "Cookie policy" makes it seem like only cookies and not similar technologies are covered there.

Also, "details" should probably be "detail" because it is directing the user to a more granular explanation of how cookies are used (but, it's not wrong exactly). On the other hand, this statement directing users to the cookie policy happens many times in the policy and it's worded differently each time. I think this makes the policy more difficult to read.

information about your device or the software you use, e.g., its IP address, technical specification and uniquely identifying data; cookies and similar technologies we use to recognize you, remember your preferences and tailor the content we provide to you – our cookie policy contains more details about how we use cookies.

Also, in the table about information collected automatically, Stack Exchange/Stack Overflow has been truncated to "Stack"

More information on how Stack uses cookies and how you can disable them can be found in our cookie policy.

This sentence needs to be broken up into shorter sentences.

Do not share your password with anyone you do not trust, and make sure your computer accesses Stack Overflow via a secure network and that you do not leave your personal information vulnerable to hackers and other bad actors by leaving your computer unattended or by failing to logout of your account when you have ended your session activity.

Stack instead of a defined term is used here again under the California section:

Identifiers, like your Stack username, email address, IP address, and cookie information.

Improve this answer
5
2

Your two stated reasons only motivate removing the "Download Activity Data" button and the "Use my on-site activity" toggle.

Therefore, surely, you should keep the statement:

Stack Overflow never sells or shares your activity data with third parties.

on the page. That's quite important - probably for legal reasons, but certainly for symbolic ones, including validating users' trust in you, such as it is.

Additionally, you could have a link to those other pages for managing relevant settings, so that users which happen to look for them in the Preference page don't fail to find them.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .