ietf
[Top] [All Lists]

Re: Comments on <draft-cooper-privacy-policy-01.txt>

2010-07-12 15:37:56
Dave CROCKER wrote:

On 7/9/2010 4:32 AM, Hannes Tschofenig wrote:
The Fair Information Practices are a set of principles most of us are quite
likely to believe in, such as (copied from the Alissa's draft):

Likely, yes.  But do any of us know how to translate those principles into
particular behaviors?  Is it likely that any two of us will make the same
translation?  What about enough of us to constitute rough consensus?

Exactly.

As I previously mentioned, "acceptable" means different things to
different people.

Some people seem to hope that creation of a "privacy policy" is going
to improve things.  Personally, I don't think so.  Likely it will get
worse, and it may get *much* worse.  While a privacy policy may look
nice, it adds A LOT of wiggle room for lawyers.  Most companies
privacy policies are created for the "cover your ass" (CYA) purpose
by lawyers.


Going back to the Google example (because they made news several times here):

Excerpts from what they've posted:

http://www.google.com/intl/en/privacy.html

  We have 5 privacy principles that describe how we approach privacy
  and user information across all of our products:

   1. Use information to provide our users with valuable products and services.
   2. Develop products that reflect strong privacy standards and practices.
   3. Make the collection of personal information transparent.
   4. Give users meaningful choices to protect their privacy.
   5. Be a responsible steward of the information we hold. 

http://www.google.com/intl/en/privacypolicy.html

  At Google we recognize that privacy is important. This Privacy Policy
  applies to all of the products, services and websites offered by
  Google Inc. or its subsidiaries or affiliated companies except
  DoubleClick (DoubleClick Privacy Policy) and Postini (Postini Privacy
  Policy); collectively, Googles services.


But the reality actually looks like this:

  http://www.spiegel.de/international/zeitgeist/0,1518,626075,00.html
  http://www.spiegel.de/international/germany/0,1518,631149,00.html
  http://www.spiegel.de/international/business/0,1518,695718,00.html
  http://www.spiegel.de/international/germany/0,1518,645581,00.html

i.e. the government must step in to stop them from committing
large scale illegal privacy violations, because their own focus is
much more on their business model than on respect for the privacy of
the people about which they collect data.


I would be OK with consenting to very specific and explicit
PII usage scenarios within the IETF.  But many "privacy policies"
I've come across are simple inacceptable to _me_.  Probably every
"social networking site" out there, or businesses with ridiculous
policies, such as e.g. PayPal.


-Martin

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf