Hi Alissa,
At 09:10 23-02-2013, Alissa Cooper wrote:
The authors have re-written that sentence several times and in
different ways already. Do you have a specific suggestion about how
to improve it?
Short answer, if nobody else said anything about the sentence I
suggest leaving it as it is. I'll send suggested text if I can think
of something.
As far as I know the APEC framework is one of many frameworks (none
of which we cite since there are so many) based on the OECD-style
FIPs. Is that incorrect?
No, it isn't.
I'm not quite sure what you are recommending here, but we have had
conversations in the IAB privacy program about moving the guidance
part up, or otherwise trying to make the focus on the guidance piece
more prominent. The difficulty is that there is a broad range in the
extent to which potential readers are familiar with privacy
concepts, so jumping straight into the guidance would not be
appropriate for some portion of the audience. If you have concrete
suggestions for how to simplify, those would be helpful.
I agree with what you said above about difficulty.
How about taking a RFC 3552 approach? If I understood that document
correctly, it takes a tutorial approach to define common terms
instead of using a terminology section. Thinking aloud, maybe the
problem is trying to keep privacy concepts and guidance together. I
would say, remove Section 2, see how that "breaks" the document and
then take it from there.
Or maybe the problem is trying to reconcile data and communication
model. I'll comment (I am not sure when) on the privacy mailing list.
Not all secondary uses involve disclosure (such as the example given
in 4.2.3). I have added a sentence to clarify this, however:
That would be the NEA stuff.
"Secondary use encompasses any use of data, including disclosure."
Ok.
I gather that you know that there will be debates about whether it is
disclosure or secondary use. :-)
We tried to think of a case where a consent mechanism was actually
developed in the IETF, but as a general matter consent mechanisms
tend to be out of scope, which is why we focus more on user controls
(which still show up rarely but do show up).
I would avoid trying to develop a consent mechanism. I was think of
this more in terms of consent (of the user).
RFC 3552 starts by discussing the goals. The question I would ask is
what are the goals of privacy.
Regards,
-sm