Re: Comments on <draft-cooper-privacy-policy-01.txt>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



todd glassey wrote:
> 
> Martin Rex wrote:
> >
> > As I previously mentioned, "acceptable" means different things to
> > different people.
> >
> > Some people seem to hope that creation of a "privacy policy" is going
> > to improve things.  Personally, I don't think so.  
> 
> You mean that you think change that will protect the disclosure of
> identities and proper notice as to who people represent is a bad thing?

If there is no written privacy policy, then one has to make assumption
about the consent on the use of PII.  And if the assumption is
conservative (as I think it has been in the IETF), then it is going
to be in the interest of the data subject, and if unclear, one
should resort to ask the data subject (= opt-in).

> > Likely it will get
> > worse, and it may get *much* worse.  While a privacy policy may look
> > nice, it adds A LOT of wiggle room for lawyers. 

Once you have a written privacy policy, a conservative assumption about
consent is no longer necessary and will likely no longer be used,
instead an interpretation of that written policy is going to be used.
And if that written policy is interpreted based on the underlying
(lack of) data protection laws, then it could get awful
for the data subject (=opt-out).

-Martin
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]