[rtcweb] IP gathering permission

"Drage, Keith (Nokia - GB)" <keith.drage@nokia.com> Tue, 05 April 2016 20:19 UTC

Return-Path: <keith.drage@nokia.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89D5812D7A6 for <rtcweb@ietfa.amsl.com>; Tue, 5 Apr 2016 13:19:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.921
X-Spam-Level:
X-Spam-Status: No, score=-6.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UF2jCTJ_Fzaa for <rtcweb@ietfa.amsl.com>; Tue, 5 Apr 2016 13:19:11 -0700 (PDT)
Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4D7512D12C for <rtcweb@ietf.org>; Tue, 5 Apr 2016 13:19:10 -0700 (PDT)
Received: from fr712umx3.dmz.alcatel-lucent.com (unknown [135.245.210.42]) by Websense Email Security Gateway with ESMTPS id E122FC7E06617 for <rtcweb@ietf.org>; Tue, 5 Apr 2016 20:19:05 +0000 (GMT)
Received: from fr711usmtp1.zeu.alcatel-lucent.com (fr711usmtp1.zeu.alcatel-lucent.com [135.239.2.122]) by fr712umx3.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u35KJ9bY026900 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <rtcweb@ietf.org>; Tue, 5 Apr 2016 20:19:09 GMT
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr711usmtp1.zeu.alcatel-lucent.com (GMO) with ESMTP id u35KJ8QC010998 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <rtcweb@ietf.org>; Tue, 5 Apr 2016 22:19:09 +0200
Received: from FR712WXCHMBA11.zeu.alcatel-lucent.com ([169.254.7.185]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.03.0195.001; Tue, 5 Apr 2016 22:19:08 +0200
From: "Drage, Keith (Nokia - GB)" <keith.drage@nokia.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: IP gathering permission
Thread-Index: AdGPeGd58V/HGoaQSbeQrBprO/9n+Q==
Date: Tue, 05 Apr 2016 20:19:07 +0000
Message-ID: <949EF20990823C4C85C18D59AA11AD8BADEBA3B8@FR712WXCHMBA11.zeu.alcatel-lucent.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.239.27.39]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/oIWWomQJ1aonwFfuuTzaR8D3yjs>
Subject: [rtcweb] IP gathering permission
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2016 20:19:12 -0000

The discussion in the WG (Tuesday p.m. session) that I have just listened to causes me concern.

Any system that gathers personal information needs to meet the local regulatory framework. For example, throughout most of Europe that is the privacy directive and its local implementation in various European countries. While I don't expect people to analyse the protocol in terms of each local regulatory framework, I believe we do need to provide the tools to allow these to be met. 

Ultimately, it is not just a matter of whether the user can comprehend what he has been asked, but whether the regulator is also happy that the needs of the local regulation have been met. Many times that will come down to the view of the local regulator as to whether the situation has been made sufficiently clear to the end user.

Certainly we need to avoid any assumption that might be provided by the draft that because information A has been released, that information B is also OK from a privacy consideration.

Maybe we need a statement that says any selection needs to meet the privacy framework imposed on the system, by regulation, by contract, etc.

Regards

Keith