Exceptionalism really does not work very well as a legal strategy.
I'm not saying that the IETF is unique in the universe, but I am saying
that all of the arguments advanced so far for privacy policies are
relevant to corporations with employees and revenue and contacts, which
the IETF definitely is not.
Someone pointed out that the IAOC, which does have a legal existence,
think that anyone who proposes such a policy should at least be familiar
with the (non)structure of the IETF and identify what aspects of it apply
to what four-letter bits.
Ietf mailing list