[IRP] edits in the privacy section
Thu Jan 14 13:33:01 EET 2010
Thanks for your comments Katitza. As making sure that the Charter
aligns with international standards is one of the tasks of the expert
group, they'll take all of this on board. If people have thoughts about
which standards/directives we should be working to, please do send them
through to the list or make notes on the wiki. I'm not a privacy expert
and so can't comment in this instance.
Please note that the Charter is here:
There's been some confusion over the different versions, so please make
sure you're editing the right one. I've changed the link on the
homepage at www.internetrigtsandprinciples.com so that it links right
through to the correct version.
From: irp-bounces at lists.internetrightsandprinciples.org
[mailto:irp-bounces at lists.internetrightsandprinciples.org] On Behalf Of
Sent: 13 January 2010 23:04
Cc: Cedric Laurant
Subject: Re: [IRP] edits in the privacy section
Dear Lisa, Dear Meryem:
Happy New Year. I want to submit some comments to the Privacy Section.
Cedric Laurant and I submit some comments the other day. While editing
the text, I start asking myself that the overall Privacy Section needs
Please, noted that in comparison to other rights of the charter, in this
section we have International Legal Frameworks. ie. The 1995 Data
Protection Directive, 1980 OECD Privacy Guidelines, the Convention 108
of the Council of Europe. Those instruments places obligations on those
public and private organizations who collect and process personal
information and gives RIGHTS to those individual whose personal
information is collected.
The old text, wrote by APC, is based in the EU Directive. The APC text
(not the IRP text) use a common language based on that framework. Is
that the objective? If its yes, we need an editor. It is ok to add more
concrete actions that we want to see in the text but as minimum, we
should mirror the language of the Directive/Convention 108?
Meryem: As you will be working in the charter, can you take on board my
comments? I would appreciate. Maybe Cedric is willing to do so?
all the best,
P.D I am happy to reviewed/revised the clean version after those
On Jan 13, 2010, at 3:12 PM, Katitza Rodriguez wrote:
I am confuse reading the Privacy section of the charter. I would like to
suggest that you use the language from the Madrid Privacy Declaration.
Some of this language does not make sense. On the anonymity front,
please, include the need for genuine Privacy Enhancing Techniques that
minimize or eliminate the collection of personally identifiable
information. We need to be sure whether those methods safeguard privacy
and anonymity. Pls. read EPIC: Re-Identification: Concerning the
Re-Identification of Consumer Information
Also, I do not see any mentioned to the international legal framework.
The 1995 Data Protection Directive, 1980 OECD Privacy Guidelines, the
Convention 108 of the Council of Europe. Those instruments places
obligations on those public and private organizations who collect and
process personal information and gives rights to those individual whose
personal information is collected.
Are you re-writing those rights?
My 2 cents,
All the best and Happy New Year,
On Jan 13, 2010, at 12:57 PM, Max Senges wrote:
i have made a number of edits in the privacy section and would like to
ask a fundamental question
1) I thought it would be good to raise ease of access, comprehensiveness
and usability of privacy settings:
the management of privacy settings should be comprehensive and optimized
2) The following sentence seems rather ambiguous to me (esp. what is
meant by "hidden mechanism") and I suggest to remove or amend it:
"Social media networks must disclose when hidden mechanisms are being
employed to harvest email personal data bases."
3) "Service providers have a responsibility to make clear in which legal
jurisdiction(s) the user's personal data is being hosted, so that the
user can make informed decisions."
I have raised this before and even though I see how this is an important
point, I think it needs to be formulated differently/ thought through a
bit more. If I create a file/data-point in the cloud say while I am in
Germany, then I go on a trip and the file "moves with me" to servers in
Asia... etc. etc. how can there be a final decision which jurisdiction
is concerned? I mean wouldn't it make more sense to be determined in a
case by case logic?
4) "Unless otherwise explicitly agreed, data should be deleted when it
is no longer necessary for the purposes for which it was collected, or
for legal reasons." I would think that it's important to limit this
paragraph to personal data and ask for anonymization: "Unless otherwise
explicitly agreed, personal data should be deleted or anonymized when
it is no longer necessary for the purposes for which it was collected,
or for legal reasons"
5) "People must be free to communicate without arbitrary surveillance or
interception, or the threat of surveillance or interception. This
includes the use of technologies such as deep packet inspection and the
exercise of control over individuals such as in instances of domestic
violence and cyberstalking."
This paragraph seems to be mixing several points. The main points
have been raised in other paragraphs and while I totally agree to the
first sentence i think the second is controversial. E.g. deep packet
inspection is a particular technology and we said we dont want to
mention particular technologies.
6) "Service providers should communicate clearly with users the
circumstances under which personal data will be shared with governments
and/or with other private entities. Simultaneously provide options for
unscribing from such networks. " I don't get the latter sentence.
Unsubscribe from the Internet? i'd suggest we delete.
Looking forward to your input
"The future is here. Its just not widely distributed yet."
IRP mailing list
IRP at lists.internetrightsandprinciples.org
IRP mailing list
IRP at lists.internetrightsandprinciples.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IRP