W3C home > Mailing lists > Public > public-p3p-spec@w3.org > February 2004

FW: Art 10 Issue 2: Jurisdiction

From: Giles Hogben <giles.hogben@jrc.it>
Date: Wed, 18 Feb 2004 11:18:25 +0100
To: "'public-p3p-spec'" <public-p3p-spec@w3.org>
Message-ID: <000101c3f608$8b824ed0$362abf8b@cs.jrc.it>

OK agreed - How about this then:
Jurisdiction Disclosure:

 We suggest that an Jurisdiction extension be added to the recipient
 element:


 jurisdiction= "<JURISDICTION"
  " service=" quoted-URI
  [" short-description=" quotedstring]
 ">"
[longdescription]
 "</JURISDICTION>"



longdescription=<LONG-DESCRIPTION>PCDATA</LONG-DESCRIPTION>




 Example:

 				<RECIPIENT>
 					<EXTENSION><JURISDICTION 
 service="http://europa.eu.int/smartapi/cgi/
 sga_doc?smartapi!celexapi!prod!CE 
 LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett"
 short-description="EU law"
>**EU"></JURISDICTION>
 					</EXTENSION>
 				</RECIPIENT>
 			
 Text for specification:
The jurisdiction extension element allows user agents to make judgements
about the trustworthiness of a data recipient based on the regulatory
environment they are placed in. Jurisdictions of recipients can be rendered
machine readable by inserting a known URI into the service field (e.g. the
URI of a body of legislation which applies). For example organizations
within the European Union can be assumed to comply to European data
protection law and could therefore insert the URI of the 95/46 directive as
in the example above. Some jurisdictions prohibit transfer of data to
certain other jurisdictions without the explicit consent of the data
subject. It should be noted therefore declaring the data transfer activity
of a recipient using the P3P jurisdiction extension is not sufficient to
guarantee its legality.


>**-----Original Message-----
>**From: Lorrie Cranor [mailto:lorrie@cs.cmu.edu]
>**Sent: 06 February 2004 18:21
>**To: Giles Hogben
>**Cc: 'public-p3p-spec'
>**Subject: Re: Art 10 Issue 2: Jurisdiction
>**
>**
>**We should make it clear that the jurisdiction is the 
>**jurisdiction of  
>**the recipient (not the entity).
>**
>**For consistency, LONG-DESCRIPTION should be a sub-element 
>**rather than  
>**an attribute.
>**
>**Lorrie
>**
>**
>**
>**On Thursday, February 5, 2004, at 03:04 AM, Giles Hogben wrote:
>**
>**>
>**> Here is the latest suggested text and Jurisdiction Extension spec:
>**> please
>**> review the text as I don't think we discussed it in the call.
>**>
>**> Jurisdiction Disclosure:
>**>
>**> We suggest that an Jurisdiction extension be added to the recipient
>**> element:
>**>
>**> [??] Extension
>**>  =
>**>  Jurisdiction
>**> 					`</Extension>
>**>
>**> Jurisdiction
>**>  =
>**>  `<JURISDICTION
>**>  " service=" quoted-URI
>**>  [" short-description=" quotedstring]
>**> [" long-description=" quotedstring]
>**> ">"
>**>
>**> "</JURISDICTION>"
>**>
>**> Example:
>**>
>**> 				<RECIPIENT>
>**> 					<EXTENSION><JURISDICTION 
>**> service="http://europa.eu.int/smartapi/cgi/
>**> sga_doc?smartapi!celexapi!prod!CE 
>**> LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett"
>**> short-description="EU law"
>**> long-description="This service operates within the 
>**EU"></JURISDICTION>
>**> 					</EXTENSION>
>**> 				</RECIPIENT>
>**> 			
>**> Text for specification:
>**>
>**>
>**> The jurisdiction extension element allows user agents to make
>**> judgements
>**> about the trustworthiness of a data recipient based on the 
>**regulatory
>**> environment they are placed in. For example organizations 
>**within the
>**> European Union can be assumed to comply to European data 
>**protection  
>**> law.
>**> Some jurisdictions prohibit transfer of data to certain other  
>**> jurisdictions
>**> without the explicit consent of the data subject. 
>**Therefore declaring  
>**> a data
>**> transfer activity using the P3P jurisdiction extension is not  
>**> sufficient to
>**> guarantee its legality.
>**>

>**>
>**>
>**
>**
Received on Wednesday, 18 February 2004 05:17:56 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:30 EST