The IAOC published a new privacy statement last month, which is now available at
https://iaoc.ietf.org/documents/IETFPrivacyStatement2017-07-12.pdf
We got a few questions on the draft version.
Some questions were about criminal subpoenas. In the entire history of
the IETF, we have received only one criminal subpoena, as opposed to the
many civil subpoenas and requests we get for document authentication.
The policy has language saying that we will respond if required, in the
unlikely event that we get another criminal subpoena.
There were also questions about the section about children. We do not
want to be subject to COPPA, a US law which has detailed rules for sites
intended for children. The COPPA record keeping requirements are so
onerous that it would not be practical for us to try to implement them.
COPPA is only about personally identifiable information, hence anyone of
any age can look at anything, but we won't knowingly let children under 13
do things that provide PII, such as sign up to mailing lists or a
datatracker account. Our COPPA language is similar to that on most other
interactive web sites not targeted at children.
Regards,
John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly