Hi Gordon,
I guess the interpretation of the law is unclear, but facts count. In Spain
several sites had been closed/modified because they publish data, and they
needed to pay very high penalizations (many million of Euros) because that.
Also I see more and more conferences not presenting this data, not just in the
web site, but just printed in the documentation facilitated for the attendees.
I guess the policy in the web site is a must, I think is also a legal
requirement if you are gathering the data (our lawyers asked us to put it in
any registration page, because the single fact of now having that means also
many million of Euros !).
Regards,
Jordi
----- Original Message -----
From: <Gordon(_dot_)Lennox(_at_)cec(_dot_)eu(_dot_)int>
To: <jordi(_dot_)palet(_at_)consulintel(_dot_)es>;
<ietf-admin(_at_)ietf(_dot_)org>
Sent: Friday, May 21, 2004 6:59 PM
Subject: RE: respect privacy please !
This is not an official view...
European privacy laws basically say that personal data ought to be gathered
with the explicit consent of the person, the amount of data should be
appropriate for the declared purpose (not excessive) and not used for other
purposes. They do not say you cannot gather personal data. They do not say
you cannot publish personal data. There is probably a gray area of course if
you publish information in a way that clearly facilitates further abuse.
Given the style and purpose of the iETF a public record of registration
(attendance?) may be appropriate, especially if the information published is
very limited. i would expect most people to understand why it is done. But
a statement to make it clear could be useful.
There could of course be a problem if the IETF made *all* the information it
gathered available to a third party, especially if nobody was asked for
their permission. Somehow I never thought of this happening in this context.
Personally I can also see an indication of the intended participation by
some people as part of some justification for attending.
On the other hand publishing the blue-sheets might be considered excessve!
(RFID's in the badges anyone?<g>)
Do we need a simple, very simple, statement of policy on the IETF web-site?
Gordon
-----Original Message-----
From: ietf-admin(_at_)ietf(_dot_)org
To: ietf(_at_)ietf(_dot_)org
Sent: 5/21/04 5:08 PM
Subject: Re: respect privacy please !
Hi Harald,
I'm not expert in legal stuff, but I think the European regulations (at
least in Spain because I needed to learn this in order to host web sites
with any kind of registration or list of people and comply with the
law), there is no difference in publishing it before, during or after.
Just can't be published w/o the consent of the participant.
From a practical point of view, probably is good to do what John
suggested, but alternatively also publishing only after the meetings
will be a good protection for example to avoid a thief go to your home
when you're in the IETF, as I recall somebody suggested was already
happening in UK.
I don't think a legal requirement for our process can jump over the
laws. Is like if we decide that we need to sacrifice one of us in every
meeting to sign the minutes with human blood, while we know that killing
some one is forbidden. Yes I know ... is a quite exaggerated example,
but some times is the best way to show what is wrong ;-)
May be the 1st thing to do is to be really open in all the aspects, and
that means clarifying our legal "situation", the terms under we take all
the decisions, and so on.
Regards,
Jordi
----- Original Message -----
From: "Harald Tveit Alvestrand" <harald(_at_)alvestrand(_dot_)no>
To: "JORDI PALET MARTINEZ" <jordi(_dot_)palet(_at_)consulintel(_dot_)es>;
<ietf(_at_)ietf(_dot_)org>
Sent: Friday, May 21, 2004 3:58 PM
Subject: Re: respect privacy please !
--On 21. mai 2004 13:24 +0200 JORDI PALET MARTINEZ
<jordi(_dot_)palet(_at_)consulintel(_dot_)es> wrote:
Hi,
I've already raised this some time ago, same as other people did,
but I
still see my name being published, w/o my consent, in the list of
attendees.
This is not acceptable, we should have the option to choose if we
want to
have our name published or not when we do the registration.
Jordi,
are you objecting to having your name published *at all*, or having
your
name published *before the meeting*?
The list of attendees (but not their contact info) is (according to
the
lawyers) a legal requirement for our way of doing business; it is part
of
the transparency requirement that it's possible to find out who was
there.
Harald
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
**********************************
Madrid 2003 Global IPv6 Summit
Presentations and videos on line at:
http://www.ipv6-es.com
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the use of the
individual(s) named above. If you are not the intended recipient be
aware that any disclosure, copying, distribution or use of the contents
of this information, including attached files, is prohibited.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
**********************************
Madrid 2003 Global IPv6 Summit
Presentations and videos on line at:
http://www.ipv6-es.com
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the use of the
individual(s) named above. If you are not the intended recipient be aware that
any disclosure, copying, distribution or use of the contents of this
information, including attached files, is prohibited.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf