Re: Art 10 Issue 2: Jurisdiction

Following up on our discussion form Feb 19, we seem to have a consensus 
on
adding an optional jurisdiction extension to the recipient element
http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0050.html


  jurisdiction= "<JURISDICTION"
   " service=" quoted-URI
   [" short-description=" quotedstring]
  ">"
[longdescription]
  "</JURISDICTION>"



longdescription=<LONG-DESCRIPTION>PCDATA</LONG-DESCRIPTION>


Example:

                                <RECIPIENT>
                                        <EXTENSION><JURISDICTION
   service="http://europa.eu.int/smartapi/cgi/
   sga_doc?smartapi!celexapi!prod!CE
   LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett"
   short-description="EU law"
  **EU"></JURISDICTION>
                                        </EXTENSION>
                                </RECIPIENT>

   Text for specification:
The jurisdiction extension element allows user agents to make
judgments
about the trustworthiness of a data recipient based on the regulatory
environment they are placed in. Jurisdictions of recipients can be 
rendered
machine readable by inserting a known URI into the service field (e.g. 
the
URI of a body of legislation which applies). For example organizations
within the European Union can be assumed to comply to European data
protection law and could therefore insert the URI of the 95/46
directive as
in the example above. Some jurisdictions prohibit transfer of data to
certain other jurisdictions without the explicit consent of the data
subject. It should be noted therefore declaring the data transfer 
activity
of a recipient using the P3P jurisdiction extension is not sufficient
to guarantee its legality.

Received on Monday, 5 April 2004 20:15:05 UTC