I think we all agree that having a privacy policy would be desirable,
in the sense that we are in favor of good, and opposed to evil. But I
don't know what it means to implement a privacy policy, and I don't
think anyone else does either.
A privacy policy is basically a set of assertions about what the IETF
will do with your personal information. To invent a strawman, let's
say that the privacy policy says that registration information will be
kept in confidence, and some newly hired clerk who's a little unclear
on the concept gives a list of registrants' e-mail addresses to a
conference sponsor so they can e-mail everyone an offer for a free
IETF tee shirt.
Then what happens? Is a privacy policy a contract, and if it is, what
remedies do IETF participants have for non-performance? And if it's
not, and there aren't remedies, what's the point?
R's,
John
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf