- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Mon, 5 Apr 2004 20:14:17 -0400
- To: public-p3p-spec <public-p3p-spec@w3.org>
Following up on our discussion form Feb 19, we seem to have a consensus
on
adding an optional jurisdiction extension to the recipient element
http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0050.html
jurisdiction= "<JURISDICTION"
" service=" quoted-URI
[" short-description=" quotedstring]
">"
[longdescription]
"</JURISDICTION>"
longdescription=<LONG-DESCRIPTION>PCDATA</LONG-DESCRIPTION>
Example:
<RECIPIENT>
<EXTENSION><JURISDICTION
service="http://europa.eu.int/smartapi/cgi/
sga_doc?smartapi!celexapi!prod!CE
LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett"
short-description="EU law"
**EU"></JURISDICTION>
</EXTENSION>
</RECIPIENT>
Text for specification:
The jurisdiction extension element allows user agents to make
judgments
about the trustworthiness of a data recipient based on the regulatory
environment they are placed in. Jurisdictions of recipients can be
rendered
machine readable by inserting a known URI into the service field (e.g.
the
URI of a body of legislation which applies). For example organizations
within the European Union can be assumed to comply to European data
protection law and could therefore insert the URI of the 95/46
directive as
in the example above. Some jurisdictions prohibit transfer of data to
certain other jurisdictions without the explicit consent of the data
subject. It should be noted therefore declaring the data transfer
activity
of a recipient using the P3P jurisdiction extension is not sufficient
to guarantee its legality.
Received on Monday, 5 April 2004 20:15:05 UTC