ietf
[Top] [All Lists]

Re: Comments on <draft-cooper-privacy-policy-01.txt>

2010-07-12 16:39:23
todd glassey wrote:

Martin Rex wrote:

As I previously mentioned, "acceptable" means different things to
different people.

Some people seem to hope that creation of a "privacy policy" is going
to improve things.  Personally, I don't think so.  

You mean that you think change that will protect the disclosure of
identities and proper notice as to who people represent is a bad thing?

If there is no written privacy policy, then one has to make assumption
about the consent on the use of PII.  And if the assumption is
conservative (as I think it has been in the IETF), then it is going
to be in the interest of the data subject, and if unclear, one
should resort to ask the data subject (= opt-in).

Likely it will get
worse, and it may get *much* worse.  While a privacy policy may look
nice, it adds A LOT of wiggle room for lawyers. 

Once you have a written privacy policy, a conservative assumption about
consent is no longer necessary and will likely no longer be used,
instead an interpretation of that written policy is going to be used.
And if that written policy is interpreted based on the underlying
(lack of) data protection laws, then it could get awful
for the data subject (=opt-out).

-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf