- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 9 Feb 2004 18:20:36 +0100
- To: Lorrie Cranor <lorrie@cs.cmu.edu>
- Cc: Giles Hogben <giles.hogben@jrc.it>, "'public-p3p-spec'" <public-p3p-spec@w3.org>
On Fri, Feb 06, 2004 at 12:20:32PM -0500, Lorrie Cranor wrote: > > We should make it clear that the jurisdiction is the jurisdiction of > the recipient (not the entity). I had the same question. But if one declares <ours /> in the recipient field, this means entity and some more agents. > > <RECIPIENT> > > <EXTENSION><JURISDICTION > >service="http://europa.eu.int/smartapi/cgi/ > >sga_doc?smartapi!celexapi!prod!CE > >LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett" > >short-description="EU law" > >long-description="This service operates within the EU"></JURISDICTION> > > </EXTENSION> > > </RECIPIENT> Giles, please invite them to provide a stable legal URI. The URI you just inserted contains illegal characters (&) that have to be escaped in your example (.s/&/\&\;/g) > > > >Text for specification: > > > > > >The jurisdiction extension element allows user agents to make > >judgements about the trustworthiness of a data recipient based on the > >regulatory environment they are placed in. For example organizations > >within the European Union can be assumed to comply to European data > >protection law. Some jurisdictions prohibit transfer of data to > >certain other jurisdictions without the explicit consent of the data > >subject. Therefore declaring a data transfer activity using the P3P > >jurisdiction extension is not sufficient to guarantee its legality. > > I would not say trustworthiness, as one could always lie in a declaration. It is more that an entity or recipient can declare that they adhere to some jurisdiction and that they don't transfer stuff to unsecure jurisdictions without notice. Best, Rigo
Received on Tuesday, 10 February 2004 08:00:58 UTC