ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Call for Comment: 'Privacy Considerations for Internet Protocols'

2013-01-30 18:32:02
from [SM] [Permanent Link] 
At 14:30 16-01-2013, IAB Chair wrote:
This is an announcement of an IETF-wide Call for Comment on 'Privacy Considerations for Internet Protocols'.
The document is being considered for publication as an Informational RFC within the IAB stream, and is available for inspection here: 
http://tools.ietf.org/html/draft-iab-privacy-considerations


In Section 1:

  'With regard to data, often it is a concept applied to
   "personal data," information relating to an identified or
   identifiable individual.'

I suggest rewriting the above sentence.

  "Many sets of privacy principles and privacy design frameworks have been
   developed in different forums over the years."
There is also some work in the APEC region (see http://publications.apec.org/publication-detail.php?pub_id=390 (payware)). 

As a nit, the draft-ietf-geopriv-policy-27 reference should be RFC 6772.
I read some of the previous versions of this draft. The Abstract Section describes the document as providing guidance for developing privacy considerations for inclusion in protocol specifications. I found the draft difficult to digest. I suggest simplifying the draft to make the guidance accessible to the target audience.
One of the issues nowadays is what to do about intermediaries. If I am not mistaken RFC 3238 was one of the first documents to tackle that question from a privacy perspective. There have been a few proposals to introduce intermediaries as part of the architecture (I am using the word is used loosely). It is easy to argue for intermediaries based on use cases. There was a case recently where the users only became aware that they have signed up for using an intermediary through the EULA.
The draft introduces the concept of secondary use (Section 4.2.3). Strictly speaking, it is a disclosure (Section 4.2.4).
The draft mentions consent in several places. The authors are likely aware that consent was a hot topic for DNT. It's easier to start with something that is easy for the average person to understand and build from there. Section 7.2 could more about consent instead of user participation or control. 

Regards,
-sm
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Call for Comment: 'Privacy Considerations for Internet Protocols', SM <=
Previous by Date:  Re: When is a 3933 experiment necessary? [Was: Last Call: <draft-farrell-ft-03.txt> (A Fast-Track way to RFC with Running Code) to Experimental RFC], Dave Crocker
Next by Date:  Re: When is a 3933 experiment necessary? [Was: Last Call: <draft-farrell-ft-03.txt> (A Fast-Track way to RFC with Running Code) to Experimental RFC], Abdussalam Baryun
Previous by Thread:  When is a 3933 experiment necessary? [Was: Last Call: <draft-farrell-ft-03.txt> (A Fast-Track way to RFC with Running Code) to Experimental RFC], Adrian Farrel
Next by Thread:  Re: When is a 3933 experiment necessary? [Was: Last Call: <draft-farrell-ft-03.txt> (A Fast-Track way to RFC with Running Code) to Experimental RFC], Abdussalam Baryun
Indexes:  [Date] [Thread] [Top] [All Lists]