Hi Scott, I agree with the other comments made and echo folks' thanks for putting this out to review and for being willing to iterate on it. In addition: - Was the concept of a warrant canary [1] or transparency report [2] considered? Those are good things (tm) and it'd be good for the IETF to be part of the leading edge on such things I think. So I'd recommend that we do some such thing in addition to this. [1] https://en.wikipedia.org/wiki/Warrant_canary [2] https://en.wikipedia.org/wiki/Transparency_report - "disclosure of your Personal Data to third parties" I want to strongly re-iterate that selling (or so-called "monetizing") IETF participant data is something that should be anathema to us (and the partners we choose) and I'd hope that the strongest possible wording is used to say we won't be doing that. If any current or future partner would have an issue with that, then I think that needs to be disclosed to all IETF participants, so it'd be good if this policy said that a public announcement is required if any partner or service provider is (ab)using our data in any such manner. I'd also suggest that whoever is working on the next iteration of this in response to comments would be wise to pass the text by some of the folks who've commented in this thread. I think there are likely some wording nits that might be better fixed in that way before the next revision is sent to ietf-announce. Cheers, S.
<<attachment: smime.p7s>>