Re: [IAB] Call for Comment: 'Privacy Considerations for Internet Protocols'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Alissa,
At 09:10 23-02-2013, Alissa Cooper wrote:
The authors have re-written that sentence several times and in different ways already. Do you have a specific suggestion about how to improve it?

Short answer, if nobody else said anything about the sentence I suggest leaving it as it is. I'll send suggested text if I can think of something.

As far as I know the APEC framework is one of many frameworks (none of which we cite since there are so many) based on the OECD-style FIPs. Is that incorrect?

No, it isn't.

I'm not quite sure what you are recommending here, but we have had conversations in the IAB privacy program about moving the guidance part up, or otherwise trying to make the focus on the guidance piece more prominent. The difficulty is that there is a broad range in the extent to which potential readers are familiar with privacy concepts, so jumping straight into the guidance would not be appropriate for some portion of the audience. If you have concrete suggestions for how to simplify, those would be helpful.

I agree with what you said above about difficulty.

How about taking a RFC 3552 approach? If I understood that document correctly, it takes a tutorial approach to define common terms instead of using a terminology section. Thinking aloud, maybe the problem is trying to keep privacy concepts and guidance together. I would say, remove Section 2, see how that "breaks" the document and then take it from there.

Or maybe the problem is trying to reconcile data and communication model. I'll comment (I am not sure when) on the privacy mailing list.

Not all secondary uses involve disclosure (such as the example given in 4.2.3). I have added a sentence to clarify this, however:

That would be the NEA stuff.

"Secondary use encompasses any use of data, including disclosure."

Ok.

I gather that you know that there will be debates about whether it is disclosure or secondary use. :-)

We tried to think of a case where a consent mechanism was actually developed in the IETF, but as a general matter consent mechanisms tend to be out of scope, which is why we focus more on user controls (which still show up rarely but do show up).

I would avoid trying to develop a consent mechanism. I was think of this more in terms of consent (of the user).

RFC 3552 starts by discussing the goals. The question I would ask is what are the goals of privacy.

Regards,
-sm



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]