Re: ACTION 105: Privacy Rulesets

Alissa

Thanks for putting this together. I have a few initial questions and  
comments:

1.  Is the problem with naming because this cannot be legally binding,  
so license is an inappropriate term? Aren't these really "conditions  
of use"?

2. For secondary use, 3.2, I do not understand why delivering ads is  
considered contextual or desired by the user.  If I want a reminder of  
an event, ads are not part an inherent part of that interaction (or is  
the suggestion that they are in order to pay for it?) Isn't this the  
marketing-or-profiling category?

3. Retention - is the baseline of 35 days an industry best practice, a  
regulation or law, or an arbitrary time for this document? Likewise  
for 90 days for short.

4. Rulesets - the text for the various attributes suggests that they  
can be arbitrarily combined (e.g. for the sharing element), yet the  
section on rulesets suggests there will be a smaller set of pre- 
defined combinations. What is the intent here?

5. Glossary - is there an existing glossary we should reference?

6. References - will these need to be made complete references as we  
do in the other documents, title, date, author, uri etc

I think the document should be stored in DAP CVS under a new  
directory, policy-rulesets.

regards, Frederick

Frederick Hirsch
Nokia



On Apr 13, 2010, at 3:12 PM, ext Alissa Cooper wrote:

> The long-awaited strawman proposal for privacy licenses (which we are
> calling "rulesets" in this draft since "licensing" your data doesn't
> quite have the right semantic) is available at http://www.cdt.org/temp/privacy-rulesets.html
> . It is very much a draft meant and it's not fully complete (the
> glossary needs to be filled in, for example), but hopefully it will
> spur some discussion.
>
> I think this takes care of ACTION-105: Make a proposal for a license-
> based privacy approach.
>
> Alissa
>
>
>
>
>
>
>
>
>
>
>
>
>

Received on Wednesday, 14 April 2010 13:45:28 UTC