GitLab, the provider of a web-based DevOps platform, reversed course on its decision to implement product usage tracking in the form of third-party telemetry for paying customers who use the company's proprietary products.
The addition of a Pendo snippet to GitLab.com (SaaS) was initially proposed two months ago to allow the company to track and properly understand user behavior throughout its products.
"GitLab.com (GitLab’s SaaS offering) and GitLab's proprietary Self-Managed packages (Starter, Premium, and Ultimate) will now include additional Javascript snippets (both open source and proprietary) that will interact with both GitLab and possibly third-party SaaS telemetry services (we will be using Pendo)," said the company yesterday, in an official blog post describing the new changes.
GitLab also said when announcing the intent to add telemetry to some of its products using third-party JavaScript snippets that all access to its API and web interface would be blocked for GitLab.com users until they log in and agree to the new and updated terms of service.
For GitLab.com users: as we roll out this update you will be prompted to accept our new Terms of Service. Until the new Terms are accepted access to the web interface and API will be blocked. So, for users who have integrations with our API this will cause a brief pause in service via our API until the terms have been accepted by signing in to the web interface. - GitLab
Negative feedback and user backlash
Following this announcement, GitLab started receiving negative feedback from all customers who were affected by the new product usage tracking, on the company's issue tracking platform [1, 2], on Twitter [1, 2, 3, 4], on Reddit, and on Y Combinator's Hacker News.
"I'm glad you have paused on this change for the time being, but at this point, I am done with GitLab unless this change is completely ditched," one GitLab user said.
"Most of your user base flocked to you because of shady practices like this by other Git offerings online. And now you are doing the same kind of deceptive things that made people leave those other places. This is greatly harming your user trust."
Some GitLab customers pointed out that the company's decision to offer "a way for self-hosted customers to opt-out" breaches EU's General Data Protection Regulation (GDPR) given that it expressly requires companies to provide the option to opt-in.
Additionally, GDPR's Article 7.2 also prohibits forcing users to agree to have their data collected for using a service. This would prevent users from migrating their data from the platform and have some of it shared with third parties, which would potentially lead to formal complaints filed with data protection commissioners all over the EU.
"Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment," as per GDPR Recital 42.
No third-party telemetry for now
Following the huge backlash coming from its customers, GitLab reconsidered their decision to add third-party telemetry, rolling back all changes to the Terms of Service and the Privacy policy, as well as updating their blog post accordingly.
"We've heard your concerns and questions. There were many more concerns than we expected. We’re going to process the feedback and rethink our plan," says GitLab in an update.
"We will not activate product usage tracking on GitLab.com or GitLab self-managed before we address the feedback and re-evaluate our plan."
"We will make sure to communicate our proposed changes prior to any changes to GitLab.com or self-managed instances, and give sufficient time for people to provide feedback for a new proposal. We'll work in this issue."
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now