[IRP] edits in the privacy section

Katitza Rodriguez katitza
Thu Jan 14 17:52:35 EET 2010 

Clarification:

  I "try" not to use Google products (when I am "able" to do so). I am  
familiar with Google docs. However, I was lost with the several links.  
I look back to the text and the changes are, in fact, there.  So  
thanks for the clarification of the links!

I look forward to hearing back from everyone regarding the proposal I  
made." "Due to the fact that the Council of Europe is a member of the  
Steering Committee, I proposed to focus on Convention 108 (and its  
protocol 2001)".

All the best,

Katitza



On Jan 14, 2010, at 9:52 AM, Katitza Rodriguez wrote:

> Dear Lisa,
>
> Thank you very much for your explanation. The process is now clear.  
> The language I added is on the link you provide here. Thanks. I  
> tried not to use Google products (when I am "able" to do so), so I  
> am not familiar with Googles docs (nor I will open an account and  
> sign on).
>
> Due to the fact that the Council of Europe is a member of the  
> Steering Committee, I proposed to focus on Convention 108 (and its  
> protocol 2001). We can then discuss further documents/ 
> recommendations, etc.
>
> All the best,
>
> Katitza
>
>
>
>
> On Jan 14, 2010, at 6:33 AM, Lisa Horner wrote:
>
>> Hi
>>
>> Thanks for your comments Katitza.  As making sure that the Charter  
>> aligns with international standards is one of the tasks of the  
>> expert group, they?ll take all of this on board.  If people have  
>> thoughts about which standards/directives we should be working to,  
>> please do send them through to the list or make notes on the wiki.   
>> I?m not a privacy expert and so can?t comment in this instance.
>>
>> Please note that the Charter is here:
>> http://docs.google.com/Doc?id=ajcs86p9dx2s_488rpfcbcc
>>
>> There?s been some confusion over the different versions, so please  
>> make sure you?re editing the right one.  I?ve changed the link on  
>> the homepage at www.internetrigtsandprinciples.com so that it links  
>> right through to the correct version.
>>
>> Thanks,
>>
>> Lisa
>>
>> From: irp-bounces at lists.internetrightsandprinciples.org [mailto:irp-bounces at lists.internetrightsandprinciples.org 
>> ] On Behalf Of Katitza Rodriguez
>> Sent: 13 January 2010 23:04
>> To: irp
>> Cc: Cedric Laurant
>> Subject: Re: [IRP] edits in the privacy section
>>
>> Dear Lisa, Dear Meryem:
>>
>> Happy New Year. I want to submit some comments to the Privacy  
>> Section. Cedric Laurant and I submit some comments the other day.  
>> While editing the text, I start asking myself  that the overall  
>> Privacy Section needs some thoughts.
>>
>> Please, noted that in comparison to other rights of the charter, in  
>> this section we have International Legal Frameworks. ie. The 1995  
>> Data Protection Directive, 1980 OECD Privacy Guidelines, the  
>> Convention 108 of the Council of Europe. Those instruments places  
>> obligations on those public and private organizations who collect  
>> and process personal information and gives RIGHTS to those  
>> individual whose personal information is collected.
>>
>> The old text, wrote by APC, is based in the EU Directive. The APC  
>> text (not the IRP text) use a common language based on that  
>> framework. Is that the objective? If its yes, we need an editor. It  
>> is ok to add more concrete actions that we want to see in the text  
>> but as minimum, we should mirror the language of the Directive/ 
>> Convention 108?
>>
>> Meryem: As you will be working in the charter, can you take on  
>> board my comments? I would appreciate. Maybe Cedric is willing to  
>> do so?
>>
>> all the best,
>>
>> Katitza
>> P.D I am happy to reviewed/revised the clean version after those  
>> editions.
>>
>> On Jan 13, 2010, at 3:12 PM, Katitza Rodriguez wrote:
>>
>>
>> Dear Max:
>>
>> I am confuse reading the Privacy section of the charter. I would  
>> like to suggest that you use the language from the Madrid Privacy  
>> Declaration. Some of this language does not make sense. On the  
>> anonymity front, please, include the need for genuine Privacy  
>> Enhancing Techniques that minimize or eliminate the collection of  
>> personally identifiable information. We need to be sure whether  
>> those methods safeguard privacy and anonymity. Pls. read EPIC: Re- 
>> Identification: Concerning the Re-Identification of Consumer  
>> Information  http://epic.org/privacy/reidentification/
>>
>> Also, I do not see any mentioned to the international legal  
>> framework. The 1995 Data Protection Directive, 1980 OECD Privacy  
>> Guidelines, the Convention 108 of the Council of Europe. Those  
>> instruments places obligations on those public and private  
>> organizations who collect and process personal information and  
>> gives rights to those individual whose personal information is  
>> collected.
>>
>> Are you re-writing those rights?
>>
>> My 2 cents,
>>
>> All the best and Happy New Year,
>>
>> Katitza
>>
>>
>> On Jan 13, 2010, at 12:57 PM, Max Senges wrote:
>>
>>
>> hi everybody
>>
>> i have made a number of edits in the privacy section and would like  
>> to ask a fundamental question
>>
>> 1) I thought it would be good to raise ease of access,  
>> comprehensiveness and usability of privacy settings:
>> "Privacy policy and settings of all services should be easy to find  
>> and the management of privacy settings should be comprehensive and  
>> optimized for usability."
>>
>> 2) The following sentence seems rather ambiguous to me (esp. what  
>> is meant by "hidden mechanism") and I suggest to remove or amend it:
>> "Social media networks must disclose when hidden mechanisms are  
>> being employed to harvest email personal data bases."
>>
>> 3) "Service providers have a responsibility to make clear in which  
>> legal jurisdiction(s) the user's personal data is being hosted, so  
>> that the user can make informed decisions."
>> I have raised this before and even though I see how this is an  
>> important point, I think it needs to be formulated differently/  
>> thought through a bit more. If I create a file/data-point in the  
>> cloud say while I am in Germany, then I go on a trip and the file  
>> "moves with me" to servers in Asia... etc. etc. how can there be a  
>> final decision which jurisdiction is concerned? I mean wouldn't it  
>> make more sense to be determined in a case by case logic?
>>
>> 4) "Unless otherwise explicitly agreed, data should be deleted when  
>> it is no longer necessary for the purposes for which it was  
>> collected, or for legal reasons." I would think that it's important  
>> to limit this paragraph to personal data and ask for anonymization:  
>> "Unless otherwise explicitly agreed,  personal data should be  
>> deleted or anonymized when it is no longer necessary for the  
>> purposes for which it was collected, or for legal reasons"
>>
>> 5) "People must be free to communicate without arbitrary  
>> surveillance or interception, or the threat of surveillance or  
>> interception. This includes the use of technologies such as deep  
>> packet inspection and the exercise of control over individuals such  
>> as in instances of domestic violence and cyberstalking."
>>      This paragraph seems to be mixing several points. The main  
>> points have been raised in other paragraphs and while I totally  
>> agree to the first sentence i think the second is controversial.  
>> E.g. deep packet inspection is a particular technology and we said  
>> we dont want to mention particular technologies.
>>
>> 6) "Service providers should communicate clearly with users the  
>> circumstances under which personal data will be shared with  
>> governments and/or with other private entities. Simultaneously  
>> provide options for unscribing from such networks. " I don't get  
>> the latter sentence. Unsubscribe from the Internet? i'd suggest we  
>> delete.
>>
>>
>>
>> Looking forward to your input
>> Max
>>
>>
>>
>>
>> --
>>
>>
>> "The future is here. Its just not widely distributed yet."
>> William Gibson
>>
>> ...........................................................................
>>
>> Max Senges
>> Berlin
>>
>> www.maxsenges.com
>>
>> Mobile: 01622122755
>> _______________________________________________
>> IRP mailing list
>> IRP at lists.internetrightsandprinciples.org
>> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-internetrightsandprinciples.org
>>
>> _______________________________________________
>> IRP mailing list
>> IRP at lists.internetrightsandprinciples.org
>> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-internetrightsandprinciples.org
>>
>> _______________________________________________
>> IRP mailing list
>> IRP at lists.internetrightsandprinciples.org
>> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-internetrightsandprinciples.org
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.internetrightsandprinciples.org/pipermail/irp-internetrightsandprinciples.org/attachments/20100114/d80d0b3a/attachment-0001.htm>

More information about the IRP mailing list