Earlier today we did a mod purge of inactive mods that were not contributing as mods based on the mod audit log.
In response, people behind the inactive accounts messaged me to complain about needing the access for "data collection" and asked to be made mods again so they could do that, no doubt thinking that I was also a person who was involved in this unknown data collection. I was not involved, so I started an investigation.
I was confused so I asked "what data collection" and "who was in on it", so they confirmed to me that /r/DreyMS in his official capacity as a MSFT employee and as a mod here, gave access to others at MSFT to mod only data he should not have given to his employer under the agreement to be a mod, primarily reddit usage data that is normally private/mod only as well as possibly other unknown data. This was confirmed by multiple other accounts that he gave access he should not have given to others, including a long discussion I just had with multiple now-ex-mods that wanted to be reinstated so that they could finish the work they are doing in a paid capacity for MSFT using the data collected, without this communities consent.
I feel this violates the GDPR and so I feel like this is evidence that MSFT violented the GDPR by collecting private mod only data whiteout the communities informed consent, or even the informed consent of the rest of the mod team. I feel like they violated the trust placed in them as mods.
From the resulting discussion it was because they wanted to track usage of this sub; to quote: "Just to be clear, we have not collected any User data so there is no privacy issue. We only used the Mod window to view traffic information and views." however I do not knwo if that is true or not.
My problem with this is simple: The data was private, that's why it was "mod only". Nobody was asked. Nobody gave consent. So in my mind, the data was stolen.
I want to give people the ability's to comment etc before I act, but right now I fully intend to remove all mods with any connection to MS who were involved in this.
Our users never consented to any form of data collection. To find that MSFT is abusing the /r/Azure community in this way is a huge violation of trust from my perspective.
What are the communities thoughts?