Most newbie people who generate a GEDCOM, do so in order to share their family tree with others --- usually a researcher who is not part of the tree. The first several times that I did this, I never thought to look inside the contents of the GEDCOM file, thinking that all it contained was the tree. Part of my reasoning, is that GEDCOM files need to minimize size to make emailing easier, so they would not contain any extraneous data other than family relationships and names.
Not long ago, I discovered, to my horror, that every GEDCOM contains every single email from every single person in the tree. And since ours was a sizeable tree, the GEDCOM files I had sent out had carried with them the private email addresses of dozens of my relatives without their consent!!!!
This is a huge privacy violation. Granted, I had not done it intentionally, but this situation demands that Geni take steps to prevent the inadvertent disseminations by family members of the private data (emails) of other relatives without their consent.
First of all, I honestly have no idea what the value of email addresses would be in a GEDCOM. The main purpose of generating such a file is to share tree data with people outside the family. The emails are utterly extraneous to this, and indeed, merely add bulk to a file for no good reason.
An argument can be made that it is useful/beneficial to include emails in GEDCOMs when these files are generated for data-backup purposes, but the user *should* have the choice to decide whether to include --- or not include --- sensitive email data, depending on what the purpose is and who the prospective recipients of the file are.
It's been pointed out to me that the user can open a GEDCOM in 3rd party software to remove the email data. However, I would strongly point out that the stripping of data *after* generation by the user is an unwise policy for Geni to hang its hat on. As mentioned earlier, most inexperienced users are completely unaware that emails are part of the data included in a GEDCOM. By the time they discover that they have been sharing GEDCOMs that inadvertently violate others' privacy (due to Geni's hidden inclusion of the email data without warning the user of the fact), the damage is done! Moreover, even once an inexperienced user learns of the problem, they may not be advanced enough and thus lack the knowledge or skill to know how to strip the data themselves after generation. In fact, the situation may actually work to discourage the inexperienced user from utilizing the GEDCOM feature, to their detriment ("Gosh, this GEDCOM thing violates my family's privacy, and I really don't understand how to strip the data, so I just wont do this GEDCOM thing at all, because it's just easier and safer to avoid the whole mess."). Does Geni really want to set things up so as to discourage the researcher from any steps (e.g. sharing tree data with researchers) that would lead to genealogical progress?
Therefore, I propose the implementation of the following features into Geni:
1.) A warning: "By default, all generated GEDCOM files include every email address associated with every profile in the user's tree. If the GEDCOM file is being created by the user to share family-tree relationship data with researchers or other parties not related to the user, Geni recommends the user click on the 'No email addresses' button, prior to clicking on the 'Export GEDCOM' button."
2.) As implied in the previous paragraph, add a 'No email addresses' button/option to be checked by the user. Doing so would cause the GEDCOM generator to not supply emails.
Geni goes to great lengths to protect people’s privacy. Heck, you wont even let me communicate directly with other users who are not in my tree unless they specifically made their info public. And yet here you are, sharing thousands of email addresses without the consent of their owners! It’s a hole in your privacy policy big enough to drive a truck through, and yet it should be easy to address, because the fix is just a database sorting tweak.
I hope you can address this promptly. I mentioned this issue to a couple of people and they went ballistic.
