As part of our work to open source policies for other companies to adapt and use, and in accordance with the UK Modern Slavery Act, we’ve included our Statement Against Modern Slavery and Child Labor in the latest round of updates to our Site Policy repository.
While modern slavery (slavery, forced or compulsory labor, trafficking, servitude, and workers who are imprisoned, indentured, or bonded) and child labor are not typically associated with software, businesses in all industries are increasingly recognizing that there are possibilities for these abuses to occur in their own labor force or through their sourcing practices.
We have no reason to believe modern slavery or child labor is occurring in our business or supply chain, and we have outlined our policies and due diligence processes to help ensure it won’t happen in the future. Given the abhorrent nature of modern slavery and child labor, prohibiting these atrocities in our business and supply chain is a logical and important commitment for GitHub to make.
While publishing a statement is a requirement for certain businesses under UK law, our statement goes beyond the requirements of that law by holding our suppliers to our statement too. Our statement also highlights our partnership with the FairHotel Program, through which we encourage GitHub employees to choose hotels where workers are paid fair wages, receive adequate benefits, and have a voice on the job. To ensure our commitment to preventing modern slavery and child labor in our business and supply chain, we’ll publish a new statement annually, building on our previous statements.
Both the EU Council and EU Parliament heard developers who responded to our call to action on the EU’s proposal to require copyright filters for uploaded content. Upload filters raise a number of efficacy, speech, and privacy concerns for software developers and the public. Although upload filters remain an unsettled part of the debate, EU policymakers are making more concerted attempts to narrow the scope of who filters would apply to.
In their latest proposals, Council and Parliament each exclude “non-for-profit open source software developing platforms.” Despite their intentions, neither the Council nor Parliament has yet to effectively protect open source software development because most open source software development is built on platforms, like GitHub, that aren’t not-for-profit.
DIGITALEUROPE, an organization representing the digital technology industry in Europe, emphasized this point in its recent letter to the EU Council:
The scope of Article 13 remains far too broad and out of proportion with its stated goals. We are not aware of any calls to address a value gap in relation, for example, to open source software repositories, yet such services are only excluded if they operate on a non-profit basis (which is not the case for many such service providers).
On Friday, the Council considered adopting its current version of the copyright proposal, but was unable to reach agreement. Two of the main sticking points were Article 11 and Article 3, each of which could affect developers.
Article 11 would create a new right for press publishers, sometimes referred to as “ancillary copyright,” and would enable them to require a license to post the snippets of text that describe links. Requiring this kind of permission would add overhead to anyone developing software for the web. It also would run counter to exceptions to copyright that allow copying for certain limited purposes, such as to comment on a copyrighted work.
Article 3 proposes a copyright exception for text and data mining in the EU, but only by research organizations for scientific purposes on a not-for-profit basis. Text and data mining is critical to AI and machine learning, and in the US is considered fair use. Article 3’s narrow exception would undermine the future of software development in the EU, including the EU’s own efforts to promote AI.
These articles (upload filters, ancillary copyright, and text and data mining) remain the most controversial parts of the Copyright Directive and each potentially affects developers. Discussions continue in Council, which hopes to agree on a proposal soon, and in Parliament, which currently plans to vote on its version of the proposal in late June.
There is still time to help policymakers effectively protect software development in the EU and it’s still important for those policymakers to hear from developers directly. Write to us to find out ways to engage with EU policymakers to protect software development!
When the U.S. Federal Communications Commission (FCC) published its repeal of net neutrality regulations in the Federal Register on February 22, the U.S. Congress had 60 legislative days to disapprove of the FCC order. Approximately half of that time is up. To learn more about how this timeline works—and why the pressure is on—check out the following resources:
On May 2, small businesses will deliver a letter to Congress, urging disapproval of the FCC order. The first week of May is Small Business Week, and Congresspeople take business owners from their districts very seriously. If you represent a small business in the U.S., sign the letter.
Meanwhile, at least 33 U.S. states and many cities have enacted or have pending actions to protect net neutrality. California is considering passing S.B. 822, the strongest and most comprehensive set of net neutrality protections in the country. GitHub joined almost 60 startups in a letter of support for this bill, which has its second committee hearing tomorrow. If you’re in California, tell state legislators to protect net neutrality by supporting S.B. 822.
Not in the U.S.? Help spread the word about the fight for net neutrality, or learn more about and get involved in the most pressing open internet issues in your country.
We’re in the process of updating our policies, and we’d like to get your input! We want to hear what you think of them and whether any of our changes or clarifications can be improved. Head on over to our Site Policy repository to see the open pull requests.
About every six months, we review our terms and policies to make sure they’re as clear as they can be and decide whether we should make any updates. This time around, we’re very focused on bringing our policies into alignment with a new law in Europe known as the General Data Protection Regulation, so we’ve made some changes to our Privacy Statement and Terms of Service to cover our compliance with that law. We’ve made other changes to our terms to clarify account control and developer obligations when integrations are created for others.
Over the last few months, we’ve gotten a few questions asking about our General Data Protection Regulation (GDPR) compliance. We are proud to announce that we are compliant with the GDPR. Additionally, we have always provided the same level of privacy protection to our users regardless of their residency, location, or citizenship—and that will not change. We provide strong privacy and security protection to all of our users.
For the most part, our changes to the Privacy Statement are only points of clarification. GitHub doesn’t ask for more personal data from our users than we need to provide our services to you. Where we offer you the option of giving us more data, we provide you the ability to access and delete the data you have given us. For example, you can always remove your profile information, your comments in issues, and your repository contents. We have gone through our Privacy Statement to provide more context and transparency, though, so our users understand exactly why we ask for information and what we’ll do with it.
Much like the changes to the Privacy Statement, most of the changes to our terms are clarifications of pre-existing sections. Here are a few sections we’d like to highlight:
We’ll leave the pull requests open until 5 pm Friday, May 18. Then, we’ll take a week to go through your comments and make changes to improve the policies. We’ll enact the new policies on Friday, May 25.
We look forward to hearing from you!
Today we’re joining a collective of companies across the technology supply chain in committing to a common set of cybersecurity principles. We are pledging to:
We’re committed to working collaboratively with engineers, researchers, policy makers, and others who play a role in cybersecurity to make the internet a more secure and resilient global resource. Protecting the internet is becoming more urgent every day as more fundamental vulnerabilities in infrastructure are discovered—and in some cases used by government organizations for cyberattacks that threaten to make the internet a theater of war. Reaching industry-wide agreement on security principles and collaborating with global technology companies is a crucial step toward securing our future.
We believe security needs to be embedded into software development, and we’re building features to make that a reality. For years, we’ve participated in bug bounties to find and fix problems with existing infrastructure. And this is just the beginning. We’ll continue advocating against policies that will make software more fragile and for policies that promote stronger internet security.
We’re all in this together. We welcome other companies who share our commitment to the Cybersecurity Tech Accord principles to join this effort, and we encourage governments to protect civilians from the harm of cyberattacks.