IETF Logo Mail Archive

Re: What does a privacy policy mean ?

Alissa Cooper <acooper@cdt.org> Wed, 07 July 2010 14:33 UTC

Return-Path: <acooper@cdt.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DEEB93A686C for <ietf@core3.amsl.com>; Wed, 7 Jul 2010 07:33:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.718
X-Spam-Level:
X-Spam-Status: No, score=-1.718 tagged_above=-999 required=5 tests=[AWL=-1.718, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJtKKw+DkQf9 for <ietf@core3.amsl.com>; Wed, 7 Jul 2010 07:33:34 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by core3.amsl.com (Postfix) with ESMTP id A2D7E3A6842 for <ietf@ietf.org>; Wed, 7 Jul 2010 07:33:33 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Wed, 7 Jul 2010 10:33:34 -0400
Message-Id: <C3085251-CB55-401D-8CAB-2AF9178D3FD7@cdt.org>
From: Alissa Cooper <acooper@cdt.org>
To: John Levine <johnl@iecc.com>
In-Reply-To: <20100707035108.2236.qmail@joyce.lan>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Subject: Re: What does a privacy policy mean ?
Date: Wed, 07 Jul 2010 15:33:32 +0100
References: <20100707035108.2236.qmail@joyce.lan>
X-Mailer: Apple Mail (2.936)
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2010 14:33:36 -0000

I think privacy policies originally emerged as a means to inform  
people about how their data is collected, used, shared, and stored.  
The perception that the collection of information about people in  
secret is a privacy threat has motivated increased disclosure about  
what happens to data about people.

Over time, I think many privacy policies have strayed away from this  
original goal and have come to instead to act as disclaimers of legal  
liability or internal compliance guidelines, or both. I think the  
average corporate privacy policy these days probably does a good job  
of giving corporations legal cover and a decent job of instructing  
their employees about what they may or may not do with data, but is  
not easy for laypeople to understand ([1] provides some more  
information from the US context).

I think the IETF can do better.

AFAIK, right now the IETF has neither a public-facing statement that  
informs people about what happens to their data nor a disclaimer of  
legal liability nor an internal compliance document. There is the  
Trust records management policy, which in theory serves all three  
purposes (although I would argue that it isn't really accessible  
enough to laypeople to serve the first function). But limiting data  
retention is only one aspect of privacy protection, as the strawman  
policy demonstrates.

I think the IETF could (and should) have a public-facing policy that  
is understandable and a (likely separate) internal compliance document  
that explains to those who handle data collected in conjunction with  
IETF activities about what they may or may not do with it. The  
strawman policy attempts to achieve the former. I don't have a strong  
opinion about whether the IETF needs a disclaimer of legal liability.  
Notably, the IETF has survived this long without one.

Beyond legal remedies for non-performance, however, having a clear  
privacy policy would allow a strong community remedy for non- 
performance. If the IETF states its privacy policy clearly, and then  
violates that policy, there could well be strong discussion and  
disapproval on this mailing list and at plenary sessions during IETF  
meetings. The community has a pretty good ability to force the powers- 
that-be to explain their actions and develop new policies to correct  
mistakes, should they arise. So wholly apart from legal remedies, I  
think there is strong value in having a clearly stated privacy policy.

Alissa

[1] http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf

On Jul 7, 2010, at 4:51 AM, John Levine wrote:

> I think we all agree that having a privacy policy would be desirable,
> in the sense that we are in favor of good, and opposed to evil.  But I
> don't know what it means to implement a privacy policy, and I don't
> think anyone else does either.
>
> A privacy policy is basically a set of assertions about what the IETF
> will do with your personal information.  To invent a strawman, let's
> say that the privacy policy says that registration information will be
> kept in confidence, and some newly hired clerk who's a little unclear
> on the concept gives a list of registrants' e-mail addresses to a
> conference sponsor so they can e-mail everyone an offer for a free
> IETF tee shirt.
>
> Then what happens?  Is a privacy policy a contract, and if it is, what
> remedies do IETF participants have for non-performance?  And if it's
> not, and there aren't remedies, what's the point?
>
> R's,
> John
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>

--
----------------------------------------------------
Alissa Cooper
Chief Computer Scientist
Center for Democracy and Technology
+44 (0)785 916 0031
Skype: alissacooper

v2.23.0 | Report a Bug | By Email