IETF Logo Mail Archive

Re: [IAOC] [IAB] Proposed IETF Privacy Policy for Review

Scott Bradner <sob@sobco.com> Thu, 17 March 2016 12:30 UTC

Return-Path: <sob@sobco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC7C912DAAC; Thu, 17 Mar 2016 05:30:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.108
X-Spam-Level:
X-Spam-Status: No, score=-1.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iYQFqrFRIp-r; Thu, 17 Mar 2016 05:30:04 -0700 (PDT)
Received: from sobco.sobco.com (unknown [136.248.127.164]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E91812DBCE; Thu, 17 Mar 2016 05:30:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by sobco.sobco.com (Postfix) with ESMTP id 95CFD18EF267; Thu, 17 Mar 2016 08:30:00 -0400 (EDT)
X-Virus-Scanned: amavisd-new at sobco.com
Received: from sobco.sobco.com ([127.0.0.1]) by localhost (sobco.sobco.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S7G91wxwaY3R; Thu, 17 Mar 2016 08:29:59 -0400 (EDT)
Received: from dhcp3.sobco.com (vpn2.sobco.com [136.248.127.173]) by sobco.sobco.com (Postfix) with ESMTPSA id 8550718EF249; Thu, 17 Mar 2016 08:29:59 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_3A82BF1D-3FF8-4F23-892A-0C9756869E57"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Subject: Re: [IAOC] [IAB] Proposed IETF Privacy Policy for Review
From: Scott Bradner <sob@sobco.com>
In-Reply-To: <626999D6-D25C-4B51-8FAB-3B0312320A74@sobco.com>
Date: Thu, 17 Mar 2016 08:29:59 -0400
Message-Id: <AD6C8573-A90A-4593-BADB-1007B3E2260A@sobco.com>
References: <20160316170239.30920.41218.idtracker@ietfa.amsl.com> <E95E8599-6741-4F81-A7FB-06669EC3EA37@netapp.com> <214DF639-87DC-46D7-9731-F51027EBA97E@nohats.ca> <84BDDACE-C9E3-445A-91E6-8E80D7C6BFDE@sobco.com> <3A2CD852-64D8-40E9-821E-5247B22C2879@nohats.ca> <626999D6-D25C-4B51-8FAB-3B0312320A74@sobco.com>
To: Paul Wouters <paul@nohats.ca>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/8GHQrrUqJN7cbhfTd5Sk6V1lvw0>
Cc: IAOC IAOC <iaoc@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2016 12:30:09 -0000

> On Mar 17, 2016, at 8:27 AM, Scott Bradner <sob@sobco.com> wrote:
> 
> the lawyers we consulted said that it was important to say what was said
> 
> setting up a web site designed for people under 13 is a major effort (verifying ages of users etc)

this from the Wikipedia article (and we all know that means it is perfectly correct :-) )

In December 2012, the Federal Trade Commission <https://en.wikipedia.org/wiki/Federal_Trade_Commission> issued revisions effective July 1, 2013, which create additional parental notice and consent requirements, amended definitions and added other obligations, for organizations that (1) operate a website or online service that is “directed to children” under 13 and that collects “personal information” from users or (2) knowingly collects personal information from persons under 13 through a website or online service.[16] <https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act#cite_note-auto-16> After July 1, 2013, operators must:[17] <https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act#cite_note-auto1-17>
Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from persons under age 13;
Make reasonable efforts (taking into account available technology) to provide direct notice to parents of the operator’s practices with regard to the collection, use, or disclosure of personal information from persons under 13, including notice of any material change to such practices to which the parents has previously consented;
Obtain verifiable parental consent, with limited exceptions, prior to any collection, use, and/or disclosure of personal information from persons under age 13;
Provide a reasonable means for a parent to review the personal information collected from their child and to refuse to permit its further use or maintenance;
Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected from children under age 13, including by taking reasonable steps to disclose/release such personal information only to parties capable of maintaining its confidentiality and security; and
Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
Operators are prohibited from conditioning a child’s participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity.[18] <https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act#cite_note-18>

v2.23.0 | Report a Bug | By Email