W3C home > Mailing lists > Public > public-p3p-spec@w3.org > February 2004

Re: Art 10 Issue 2: Jurisdiction

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Thu, 19 Feb 2004 15:04:03 -0500
Message-Id: <C4005ACA-6316-11D8-AB64-000A95DA3F5A@cs.cmu.edu>
Cc: 'public-p3p-spec' <public-p3p-spec@w3.org>
To: Giles Hogben <giles.hogben@jrc.it>

Looks good.

Lorrie

On Feb 18, 2004, at 5:18 AM, Giles Hogben wrote:

>
> OK agreed - How about this then:
> Jurisdiction Disclosure:
>
>  We suggest that an Jurisdiction extension be added to the recipient
>  element:
>
>
>  jurisdiction= "<JURISDICTION"
>   " service=" quoted-URI
>   [" short-description=" quotedstring]
>  ">"
> [longdescription]
>  "</JURISDICTION>"
>
>
>
> longdescription=<LONG-DESCRIPTION>PCDATA</LONG-DESCRIPTION>
>
>
>
>
>  Example:
>
>  				<RECIPIENT>
>  					<EXTENSION><JURISDICTION
>  service="http://europa.eu.int/smartapi/cgi/
>  sga_doc?smartapi!celexapi!prod!CE
>  LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett"
>  short-description="EU law"
>> **EU"></JURISDICTION>
>  					</EXTENSION>
>  				</RECIPIENT>
>  			
>  Text for specification:
> The jurisdiction extension element allows user agents to make 
> judgements
> about the trustworthiness of a data recipient based on the regulatory
> environment they are placed in. Jurisdictions of recipients can be 
> rendered
> machine readable by inserting a known URI into the service field (e.g. 
> the
> URI of a body of legislation which applies). For example organizations
> within the European Union can be assumed to comply to European data
> protection law and could therefore insert the URI of the 95/46 
> directive as
> in the example above. Some jurisdictions prohibit transfer of data to
> certain other jurisdictions without the explicit consent of the data
> subject. It should be noted therefore declaring the data transfer 
> activity
> of a recipient using the P3P jurisdiction extension is not sufficient 
> to
> guarantee its legality.
>
>
>> **-----Original Message-----
>> **From: Lorrie Cranor [mailto:lorrie@cs.cmu.edu]
>> **Sent: 06 February 2004 18:21
>> **To: Giles Hogben
>> **Cc: 'public-p3p-spec'
>> **Subject: Re: Art 10 Issue 2: Jurisdiction
>> **
>> **
>> **We should make it clear that the jurisdiction is the
>> **jurisdiction of
>> **the recipient (not the entity).
>> **
>> **For consistency, LONG-DESCRIPTION should be a sub-element
>> **rather than
>> **an attribute.
>> **
>> **Lorrie
>> **
>> **
>> **
>> **On Thursday, February 5, 2004, at 03:04 AM, Giles Hogben wrote:
>> **
>> **>
>> **> Here is the latest suggested text and Jurisdiction Extension spec:
>> **> please
>> **> review the text as I don't think we discussed it in the call.
>> **>
>> **> Jurisdiction Disclosure:
>> **>
>> **> We suggest that an Jurisdiction extension be added to the 
>> recipient
>> **> element:
>> **>
>> **> [??] Extension
>> **>  =
>> **>  Jurisdiction
>> **> 					`</Extension>
>> **>
>> **> Jurisdiction
>> **>  =
>> **>  `<JURISDICTION
>> **>  " service=" quoted-URI
>> **>  [" short-description=" quotedstring]
>> **> [" long-description=" quotedstring]
>> **> ">"
>> **>
>> **> "</JURISDICTION>"
>> **>
>> **> Example:
>> **>
>> **> 				<RECIPIENT>
>> **> 					<EXTENSION><JURISDICTION
>> **> service="http://europa.eu.int/smartapi/cgi/
>> **> sga_doc?smartapi!celexapi!prod!CE
>> **> LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett"
>> **> short-description="EU law"
>> **> long-description="This service operates within the
>> **EU"></JURISDICTION>
>> **> 					</EXTENSION>
>> **> 				</RECIPIENT>
>> **> 			
>> **> Text for specification:
>> **>
>> **>
>> **> The jurisdiction extension element allows user agents to make
>> **> judgements
>> **> about the trustworthiness of a data recipient based on the
>> **regulatory
>> **> environment they are placed in. For example organizations
>> **within the
>> **> European Union can be assumed to comply to European data
>> **protection
>> **> law.
>> **> Some jurisdictions prohibit transfer of data to certain other
>> **> jurisdictions
>> **> without the explicit consent of the data subject.
>> **Therefore declaring
>> **> a data
>> **> transfer activity using the P3P jurisdiction extension is not
>> **> sufficient to
>> **> guarantee its legality.
>> **>
>
>> **>
>> **>
>> **
>> **
>
Received on Thursday, 19 February 2004 15:03:58 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:30 EST