Hi Gordon, I guess the interpretation of the law is unclear, but facts count. In Spain several sites had been closed/modified because they publish data, and they needed to pay very high penalizations (many million of Euros) because that. Also I see more and more conferences not presenting this data, not just in the web site, but just printed in the documentation facilitated for the attendees. I guess the policy in the web site is a must, I think is also a legal requirement if you are gathering the data (our lawyers asked us to put it in any registration page, because the single fact of now having that means also many million of Euros !). Regards, Jordi ----- Original Message ----- From: <Gordon.Lennox@xxxxxxxxxx> To: <jordi.palet@xxxxxxxxxxxxxx>; <ietf-admin@xxxxxxxx> Sent: Friday, May 21, 2004 6:59 PM Subject: RE: respect privacy please ! > This is not an official view... > > European privacy laws basically say that personal data ought to be gathered > with the explicit consent of the person, the amount of data should be > appropriate for the declared purpose (not excessive) and not used for other > purposes. They do not say you cannot gather personal data. They do not say > you cannot publish personal data. There is probably a gray area of course if > you publish information in a way that clearly facilitates further abuse. > > Given the style and purpose of the iETF a public record of registration > (attendance?) may be appropriate, especially if the information published is > very limited. i would expect most people to understand why it is done. But > a statement to make it clear could be useful. > > There could of course be a problem if the IETF made *all* the information it > gathered available to a third party, especially if nobody was asked for > their permission. Somehow I never thought of this happening in this context. > > Personally I can also see an indication of the intended participation by > some people as part of some justification for attending. > > On the other hand publishing the blue-sheets might be considered excessve! > (RFID's in the badges anyone?<g>) > > Do we need a simple, very simple, statement of policy on the IETF web-site? > > Gordon > > > -----Original Message----- > From: ietf-admin@xxxxxxxx > To: ietf@xxxxxxxx > Sent: 5/21/04 5:08 PM > Subject: Re: respect privacy please ! > > Hi Harald, > > I'm not expert in legal stuff, but I think the European regulations (at > least in Spain because I needed to learn this in order to host web sites > with any kind of registration or list of people and comply with the > law), there is no difference in publishing it before, during or after. > Just can't be published w/o the consent of the participant. > > From a practical point of view, probably is good to do what John > suggested, but alternatively also publishing only after the meetings > will be a good protection for example to avoid a thief go to your home > when you're in the IETF, as I recall somebody suggested was already > happening in UK. > > I don't think a legal requirement for our process can jump over the > laws. Is like if we decide that we need to sacrifice one of us in every > meeting to sign the minutes with human blood, while we know that killing > some one is forbidden. Yes I know ... is a quite exaggerated example, > but some times is the best way to show what is wrong ;-) > > May be the 1st thing to do is to be really open in all the aspects, and > that means clarifying our legal "situation", the terms under we take all > the decisions, and so on. > > Regards, > Jordi > > ----- Original Message ----- > From: "Harald Tveit Alvestrand" <harald@xxxxxxxxxxxxx> > To: "JORDI PALET MARTINEZ" <jordi.palet@xxxxxxxxxxxxxx>; <ietf@xxxxxxxx> > Sent: Friday, May 21, 2004 3:58 PM > Subject: Re: respect privacy please ! > > > > > > > > --On 21. mai 2004 13:24 +0200 JORDI PALET MARTINEZ > > <jordi.palet@xxxxxxxxxxxxxx> wrote: > > > > > Hi, > > > > > > I've already raised this some time ago, same as other people did, > but I > > > still see my name being published, w/o my consent, in the list of > > > attendees. > > > > > > This is not acceptable, we should have the option to choose if we > want to > > > have our name published or not when we do the registration. > > > > Jordi, > > > > are you objecting to having your name published *at all*, or having > your > > name published *before the meeting*? > > > > The list of attendees (but not their contact info) is (according to > the > > lawyers) a legal requirement for our way of doing business; it is part > of > > the transparency requirement that it's possible to find out who was > there. > > > > Harald > > > > > > > > > > _______________________________________________ > > Ietf mailing list > > Ietf@xxxxxxxx > > https://www1.ietf.org/mailman/listinfo/ietf > > > > > ********************************** > Madrid 2003 Global IPv6 Summit > Presentations and videos on line at: > http://www.ipv6-es.com > > This electronic message contains information which may be privileged or > confidential. The information is intended to be for the use of the > individual(s) named above. If you are not the intended recipient be > aware that any disclosure, copying, distribution or use of the contents > of this information, including attached files, is prohibited. > > > > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf > ********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf