Hi Roman,
At 04:52 PM 07-10-2019, Roman Danyliw wrote:
Is there a specific compliance issue you have in mind?
I don't follow the reference to the 2017 version of the privacy
statement. The IETF privacy statement isn't a static and is updated
as new practices or compliance requirements arise. For example, it
was updated in 2018 for GDPR,
<https://mailarchive.ietf.org/arch/msg/ietf-announce/8xclBpLxdn5y8oAZOB6l4QWLpCE>https://mailarchive.ietf.org/arch/msg/ietf-announce/8xclBpLxdn5y8oAZOB6l4QWLpCE
The currently published statement covers all existing practices in
their current form.
Thank you for providing a URL to the announcement. I did not catch
the change which was made in 2018.
The processing may end up identifying a person and track the behavior
of that person. That might probably happen in a limited number of
cases. However, it defeats the purpose mentioned in the statement,
which is to protect the privacy of the parties' participants. It
could be argued that the implementation does not comply with the
statement. It could also be argued that it cannot be described as
"consent" if the participant is not able to disagree with the
processing of his/her information.
Regards,
S. Moonesamy
