What isn’t changing
No changes are being made to the policy on service usage data collection from SaaS or Self-Managed customers at this time.
What is changing
- Further limit access levels to a smaller number of individuals with access to identifiable information.
- Introduction of a new system to de-identify users and other personal information from multi-user instances before the information lands in GitLab’s analytics environment. This will allow GitLab to roll up more aggregated, de-identified user-level activity at the account level.
De-identification isn’t perfect
While we will be de-identifying userID and PI, there is a gap for single user namespaces. If a namespace only has a single user, there is potential for them to be linked to that account directly, even after de-identification. We will continue to investigate a solution to this.
Timeline and implementation
We will collect input on design and implementation over the next 30 days in the GitLab Community Forum. We plan to implement these changes starting in June 2021.