> I’m being charitable and leaving room for the possibility that they provide a tighter set of policies for some studies or revise their general policy to make commercial use be a study-by-study determination.
Read together, the problematic parts of the general privacy policy are not addressed nor remedied by the specific study's details, because a specific study addresses how that study uses the data.
Perhaps a future study would be different? I doubt it. My take is that the concerning parts of general privacy policy's language will stand (quoted a few messages above). Here's why I say this... Based on my experience with organizations and lawyers, Mozilla is unlikely to want to modify its general privacy policy based on particular discussions with each organization involved in a study; it would be too time-consuming and expensive, and it would create a path-dependence such that every previous study details would need to be reevaluated in the light of a modification to the general policy. Instead, Mozilla probably crafted their privacy policy in a general way, hoping that it will be acceptable to participants and partners. I expect they will modify it as little as possible.
> Mozilla is unlikely to want to modify its general privacy policy based on particular discussions with each organization involved in a study
They may ultimately have a legal responsibility to do so, depending on the nature of their contracts with their research partners. I’m not a lawyer, but if I were, I’d be digging into the case law to see if Mozilla + (”public university” or “federal funds”) = “a combination that must meet all severally applicable laws”.
I just reviewed these pages:
[1]: Mozilla Rally Privacy Policy https://rally.mozilla.org/privacy-policy/index.html
[2]: Political and COVID-19 News https://rally.mozilla.org/current-studies/political-and-covi...
Read together, the problematic parts of the general privacy policy are not addressed nor remedied by the specific study's details, because a specific study addresses how that study uses the data.
Perhaps a future study would be different? I doubt it. My take is that the concerning parts of general privacy policy's language will stand (quoted a few messages above). Here's why I say this... Based on my experience with organizations and lawyers, Mozilla is unlikely to want to modify its general privacy policy based on particular discussions with each organization involved in a study; it would be too time-consuming and expensive, and it would create a path-dependence such that every previous study details would need to be reevaluated in the light of a modification to the general policy. Instead, Mozilla probably crafted their privacy policy in a general way, hoping that it will be acceptable to participants and partners. I expect they will modify it as little as possible.