A”legal process”? What does that even mean? What did she say and who did she tell?
I still am having current GitLab employees reaching out to me, ones I never even met before, sharing their stories about how they are afraid to make reports, asking me about the legitimacy of the Lighthouse reporting tool, asking if it is truly anonymous and who reviews the reports. I guess the must be really pushing use of that tool now based on the number of questions I have gotten about it.
Thank you for your support! That really means a lot. And for the record, performance was not given as a reason for my termination. I was told it was because I could not get along with, or work with my managers, whom I had reported concerns against.
Well actually we have over 1000 team members (all are remote) and only half are in the US. The other half are in 63 other countries. If you want to see where we all work from you can check out our team https://about.gitlab.com/company/team/.
The reason this is viewed from a US legal perspective is because we are a US company so we are governed by US laws.
Personally for me, coming into a company that was so transparent was very difficult at first, especially as an attorney. However, over time I realized how much I developed and grew from it. I became much more open and accepting of criticism and feedback. Instead of becoming defensive, I listened to it and learned from it. I also welcomed all of the extra eyes on my work, it helped me create much better work product, just as the open source community does with open source code. When you are transparent, people know what you are doing and that you are genuinely putting the efforts in to do your best. You never know what is going on with others behind closed doors.
GitLab obtains affirmative consent to its use of personal data under privacy policy, plus users also have the ability to opt out if they wish revoke their acceptance.
GitLab offers a blanket checkbox on signup with a bunch of legalese, there is no fine grained opt-in to the data collected. Worse, as you said, it is all opt-out.
GitLab has a strict opt in policy for processing personal information for marketing for all users, even in jurisdictions where opt in is not required. We very much respect the privacy of our users. With regard to services, consent isn't required since the personal information we process is necessary for providing the services. There seems to be confusion on what consent is needed for.
The waiver is only one aspect of it. Waiver only applies when consent is required. Article 6 of GDPR also allows for the use of personal information when "processing is necessary for the performance of a contract to which the data subject is party..." Consent is not required when it is a necessary part of performance under a contract. GitLab's updated terms state that as part of the agreement to voluntarily contribute to GitLab projects, contributors acknowledge and agree that their personal information will become part of the repository as part of the Git functionality. Therefore, their personal information will not be deleted and will remain in the repository so as not to impact the code base. This only applies to those who contribute to GitLab projects. This does not apply to general use of the software. There is still much that is unclear regarding GDPR but we are doing our best to comply and protect individuals' privacy. An important function of this waiver and acknowledgement is to provide transparency to our contributors. If an individual does not want their information to be maintained, they have the option not to contribute.
It is actually 45 days and in our subscription terms, Section 5.2: "If Customer terminates this Agreement pursuant to Section 6.2 within 45 calendar days from receipt of the initial invoice for the Licensed Materials, GitLab will refund all Fees paid hereunder."
Absolutely. The default position should be to remove the personal data where it is possible. But in instances where it the data is necessary for the stability and integrity of the codebase, it should remain.
There are many things to consider when choosing a license. It is all very personal to what rights you want to grant and what risks you are willing to accept.
There is a nice tool I came across that can help you assess which license makes most sense for your open core free version. https://choosealicense.com/about/
As for commercial terms for the paid product, I would recommend seeking a legal resource to assist with those because you will want to make sure you are adequately protected. It is not as easy to simply copy someone else’s commercial terms because every product has differing risks, and every product owner has differing risk tolerances. A small investment in a legal resource upfront is significantly less expensive than hiring an attorney on the back end, once a problem arises.
I still am having current GitLab employees reaching out to me, ones I never even met before, sharing their stories about how they are afraid to make reports, asking me about the legitimacy of the Lighthouse reporting tool, asking if it is truly anonymous and who reviews the reports. I guess the must be really pushing use of that tool now based on the number of questions I have gotten about it.