The agreement prohibits posting another person's personal information without their consent, characterizing such conduct as a privacy violation subject to enforcement under the AUP.
This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a consent-based standard for posting third-party personal information, which has operational significance for repositories that include user-generated data, research datasets, or scraped data that may contain personal identifiers.
Interpretive note: The definition of 'personal information' and the scope of the consent requirement varies across jurisdictions, and the provision's interaction with applicable data protection law depends on the location of the data subject and the nature of the information posted.
Under this clause, posting personal information about another person without their consent is prohibited on GitHub. This restriction applies to all content hosted on GitHub's platform, including repositories, issues, comments, and wiki pages.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You may not violate the privacy of any third party, such as by posting another person's personal information without their consent.— Excerpt from GitHub's GitHub Acceptable Use Policies
1) REGULATORY LANDSCAPE: This provision engages GDPR for EU-based users and data subjects, CCPA for California residents, and various US state privacy laws. Posting personal information without consent may constitute unlawful processing under GDPR Article 6 or a violation of CCPA's personal information protections. Enforcement authorities include EU national data protection authorities and state attorneys general. 2) GOVERNANCE EXPOSURE: Medium. The prohibition is stated in general terms and cross-references a subsidiary doxxing and invasion of privacy sub-policy. Organizations hosting datasets, research outputs, or logs that include personal identifiers should assess whether their content practices comply with both this provision and applicable data protection law. 3) JURISDICTION FLAGS: EU and EEA users face the highest compliance exposure under GDPR, where unauthorized disclosure of personal data may trigger notification obligations and regulatory penalties. California residents benefit from CCPA protections. Illinois (BIPA) is relevant where biometric data is involved. 4) CONTRACT AND VENDOR IMPLICATIONS: Organizations publishing research, security disclosures, or operational data to GitHub repositories should review data minimization and pseudonymization practices to avoid inadvertent personal information exposure. Vendor assessments should confirm that GitHub's privacy practices for hosted content align with applicable data protection obligations. 5) COMPLIANCE CONSIDERATIONS: Legal and compliance teams should audit repository content, issue trackers, and wiki pages for personal data exposure. Data processing agreements with GitHub should be reviewed to confirm that personal data hosted on the platform is covered by appropriate contractual protections, particularly for EU-based organizations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a consent-based standard for posting third-party personal information, which has operational significance for repositories that include user-generated data, research datasets, or scraped data that may contain personal identifiers.
Under this clause, posting personal information about another person without their consent is prohibited on GitHub. This restriction applies to all content hosted on GitHub's platform, including repositories, issues, comments, and wiki pages.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.