[IRP] edits in the privacy section
Wed Jan 13 22:12:12 EET 2010
I am confuse reading the Privacy section of the charter. I would like
to suggest that you use the language from the Madrid Privacy
Declaration. Some of this language does not make sense. On the
anonymity front, please, include the need for genuine Privacy
Enhancing Techniques that minimize or eliminate the collection of
personally identifiable information. We need to be sure whether those
methods safeguard privacy and anonymity. Pls. read EPIC: Re-
Identification: Concerning the Re-Identification of Consumer
Also, I do not see any mentioned to the international legal framework.
The 1995 Data Protection Directive, 1980 OECD Privacy Guidelines, the
Convention 108 of the Council of Europe. Those instruments places
obligations on those public and private organizations who collect and
process personal information and gives rights to those individual
whose personal information is collected.
Are you re-writing those rights?
My 2 cents,
All the best and Happy New Year,
On Jan 13, 2010, at 12:57 PM, Max Senges wrote:
> hi everybody
> i have made a number of edits in the privacy section and would like
> to ask a fundamental question
> 1) I thought it would be good to raise ease of access,
> comprehensiveness and usability of privacy settings:
> and the management of privacy settings should be comprehensive and
> optimized for usability."
> 2) The following sentence seems rather ambiguous to me (esp. what is
> meant by "hidden mechanism") and I suggest to remove or amend it:
> "Social media networks must disclose when hidden mechanisms are
> being employed to harvest email personal data bases."
> 3) "Service providers have a responsibility to make clear in which
> legal jurisdiction(s) the user's personal data is being hosted, so
> that the user can make informed decisions."
> I have raised this before and even though I see how this is an
> important point, I think it needs to be formulated differently/
> thought through a bit more. If I create a file/data-point in the
> cloud say while I am in Germany, then I go on a trip and the file
> "moves with me" to servers in Asia... etc. etc. how can there be a
> final decision which jurisdiction is concerned? I mean wouldn't it
> make more sense to be determined in a case by case logic?
> 4) "Unless otherwise explicitly agreed, data should be deleted when
> it is no longer necessary for the purposes for which it was
> collected, or for legal reasons." I would think that it's important
> to limit this paragraph to personal data and ask for anonymization:
> "Unless otherwise explicitly agreed, personal data should be
> deleted or anonymized when it is no longer necessary for the
> purposes for which it was collected, or for legal reasons"
> 5) "People must be free to communicate without arbitrary
> surveillance or interception, or the threat of surveillance or
> interception. This includes the use of technologies such as deep
> packet inspection and the exercise of control over individuals such
> as in instances of domestic violence and cyberstalking."
> This paragraph seems to be mixing several points. The main
> points have been raised in other paragraphs and while I totally
> agree to the first sentence i think the second is controversial.
> E.g. deep packet inspection is a particular technology and we said
> we dont want to mention particular technologies.
> 6) "Service providers should communicate clearly with users the
> circumstances under which personal data will be shared with
> governments and/or with other private entities. Simultaneously
> provide options for unscribing from such networks. " I don't get the
> latter sentence. Unsubscribe from the Internet? i'd suggest we delete.
> Looking forward to your input
> "The future is here. It?s just not widely distributed yet."
> ?William Gibson
> Max Senges
> Mobile: 01622122755
> IRP mailing list
> IRP at lists.internetrightsandprinciples.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IRP