Brackets does not respect GDPR

[julienbenjamin]

Description

I installed Brackets through Flatpak without knowing there was automatic telemetry when launched.

GDPR-compliant software requires prior information of the user, and, more importantly, requires explicit consent, prior to any personal data being sent. Pseudonymization does not affect any of that.

Steps to Reproduce

1. Install Brackets
2. Launch Brackets
3. See tooltip telling how the user can disable Health Data report being sent.

Expected behavior:

1. Prior information to users
2. Choice/consent being given at first launch

Actual behavior:

Data collected and sent before any information has been given to the user, no consent can be given.

Versions

OS: Linux (Debian 12/testing/bookworm).

[abose]

We do not have an official Linux release at the moment. I am unsure of the flatpack distribution source. Can you provide the source?

Secondly, regarding GDPR compliance, I am presuming it was done because the user has already consented to the MIT License terms during installation as a desktop app. We inherited it from Adobe and it shows a notification on the first boot. No data will be sent until you close the popup.

But be assured that Brackets do not collect personally identifiable information like emails or any user data. Most things we send are just counts and statistics. You should be able to see the things sent by going to help>health data and choose to disable it from there at any time.

Our open-source community is in its infancy and we have no lawyers to go around, I will look into this in the next native release to properly address this.