Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[🐛 Bug]: Analytics data collection unlawful under the Privacy and Electronic Communications Regulations 2003 (EU/UK) #14880

Closed
jamesbebbington opened this issue Dec 9, 2024 · 2 comments

Comments

@jamesbebbington
Copy link

jamesbebbington commented Dec 9, 2024

What happened?

While debugging a slow running test suite, I unexpectedly received the following warning:

2024-12-09 10:47:36 WARN Selenium [:selenium_manager] Error sending stats to Plausible: error sending request for url (https://plausible.io/api/event) 

I had neither previously been notified that Selenium was collecting telemetry data, nor had consent be requested. I see no mention of it in the README either.

Apologies, I know this has been brought up previously in #14588 and #14643, however I would like to respectfully draw your attention to Regulation 6 of the Privacy and Electronic Communications (EC Directive) Regulations 2003, which states:

Confidentiality of communications
6.—(1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment—

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.

(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.

(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.

(4) Paragraph (1) shall not apply to the technical storage of, or access to, information—

(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

While GDPR is what most people focus on, it's not the first piece of legislation that needs to be applied when it comes to these sorts of matters. PECR is quite clear that users need to be informed of the data access, and that in this case consent is required, as the desire for collecting analytics data is not strictly necessary for the functioning of the Selenium software.

How can we reproduce the issue?

Use Selenium. Note how there is no notification of the processing taking place and consent is not requested.

Relevant log output

2024-12-09 10:47:36 WARN Selenium [:selenium_manager] Error sending stats to Plausible: error sending request for url (https://plausible.io/api/event) 


### Operating System

macOS Sequoia

### Selenium version

Ruby 4.27.0

### What are the browser(s) and version(s) where you see this issue?

Chrome 127

### What are the browser driver(s) and version(s) where you see this issue?

Unknown

### Are you using Selenium Grid?

_No response_
Copy link

github-actions bot commented Dec 9, 2024

@jamesbebbington, thank you for creating this issue. We will troubleshoot it as soon as we can.


Info for maintainers

Triage this issue by using labels.

If information is missing, add a helpful comment and then I-issue-template label.

If the issue is a question, add the I-question label.

If the issue is valid but there is no time to troubleshoot it, consider adding the help wanted label.

If the issue requires changes or fixes from an external project (e.g., ChromeDriver, GeckoDriver, MSEdgeDriver, W3C), add the applicable G-* label, and it will provide the correct link and auto-close the issue.

After troubleshooting the issue, please add the R-awaiting answer label.

Thank you!

@diemol
Copy link
Member

diemol commented Dec 28, 2024

Could you please contact pono [at] sfconservancy.org for this topic?

@diemol diemol closed this as not planned Won't fix, can't repro, duplicate, stale Dec 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants