Some comments:
- "Parties" is a horribly legalistic term (esp. given that
the IETF isn't a legal thing really), I'd much prefer less
legalistic terms be used
- "home address" huh? How do you know where people live?
I think you mean any address supplied, but then in fact we
don't make that public that I recall - what's up there?
- "mailing list managed by the Parties" some WG lists are
not thusly managed still, are all bets off for those?
I've also managed some lists (e.g. TPC lists for IAB
workshops) that'd not clearly fit under here but maybe
should.
- "We do not make such information available to the
public." huh? Shouldn't we be saying something to the
effect that we'll not share that with anyone unless
we're forced to? (Including CF in "forced" as far as
that applies.) Ah, you do say that later, maybe try
a forward reference or align these better.
- "flash cookies, local storage" should be examples as
they'll be (or already are) outmoded (e.g indexeddb is
the new local storage or was last I looked;-)
- "not intended for use by children under 13" - we don't
care, why not say that instead of trying to avoid some
non-existent liability (which is how it looks) - maybe
s/intended for/aimed at/ would be better? (The rest of
the para is fine)
- compliance - can we have a warrant canary? If not, why
not? I think I asked about this before (not 100% sure
if that was public or just chatting with someone)
- I'm also quite surprised there's nothing that has to
be said about CF here - does that mean that they do not
engage in anything that'd violate this practice with
data/traffic related to IETFers? (I may also have asked
about that too:-)
Thanks,
S.
On 23/02/17 23:27, IETF Administrative Director wrote:
The IAOC would like community input on a proposed IETF Statement
Concerning Personal Data.
The policy discusses the following:
1. General – Most Personal Data Submitted to the Parties Will Become Public
2. You Consent to International Transmission of Your Data
3. Exceptions – Information That We Do Not Release to the Public
4. Security
5. Children
6. Inquiries
7. Compliance
8. Other Organizations
9. Links to other sites.
10. Consent
The proposed Privacy Policy is located here:
https://iaoc.ietf.org/documents/Privacy-Statement-23Feb17.htm
The previous policy was posted for community review on 24 February
2016. This new version reflects input received during that community
review and a diff file reflecting the changes since that version is
located here:
https://iaoc.ietf.org/documents/Diff-Privacy-2016-02-24-02-Privacy-23Feb17.pdf
The IAOC will consider all comments received by 9 March 2017.
Ray Pelletier
IETF Administrative Director
signature.asc
Description: OpenPGP digital signature