- From: Giles Hogben <giles.hogben@jrc.it>
- Date: Wed, 18 Feb 2004 11:18:25 +0100
- To: "'public-p3p-spec'" <public-p3p-spec@w3.org>
OK agreed - How about this then: Jurisdiction Disclosure: We suggest that an Jurisdiction extension be added to the recipient element: jurisdiction= "<JURISDICTION" " service=" quoted-URI [" short-description=" quotedstring] ">" [longdescription] "</JURISDICTION>" longdescription=<LONG-DESCRIPTION>PCDATA</LONG-DESCRIPTION> Example: <RECIPIENT> <EXTENSION><JURISDICTION service="http://europa.eu.int/smartapi/cgi/ sga_doc?smartapi!celexapi!prod!CE LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett" short-description="EU law" >**EU"></JURISDICTION> </EXTENSION> </RECIPIENT> Text for specification: The jurisdiction extension element allows user agents to make judgements about the trustworthiness of a data recipient based on the regulatory environment they are placed in. Jurisdictions of recipients can be rendered machine readable by inserting a known URI into the service field (e.g. the URI of a body of legislation which applies). For example organizations within the European Union can be assumed to comply to European data protection law and could therefore insert the URI of the 95/46 directive as in the example above. Some jurisdictions prohibit transfer of data to certain other jurisdictions without the explicit consent of the data subject. It should be noted therefore declaring the data transfer activity of a recipient using the P3P jurisdiction extension is not sufficient to guarantee its legality. >**-----Original Message----- >**From: Lorrie Cranor [mailto:lorrie@cs.cmu.edu] >**Sent: 06 February 2004 18:21 >**To: Giles Hogben >**Cc: 'public-p3p-spec' >**Subject: Re: Art 10 Issue 2: Jurisdiction >** >** >**We should make it clear that the jurisdiction is the >**jurisdiction of >**the recipient (not the entity). >** >**For consistency, LONG-DESCRIPTION should be a sub-element >**rather than >**an attribute. >** >**Lorrie >** >** >** >**On Thursday, February 5, 2004, at 03:04 AM, Giles Hogben wrote: >** >**> >**> Here is the latest suggested text and Jurisdiction Extension spec: >**> please >**> review the text as I don't think we discussed it in the call. >**> >**> Jurisdiction Disclosure: >**> >**> We suggest that an Jurisdiction extension be added to the recipient >**> element: >**> >**> [??] Extension >**> = >**> Jurisdiction >**> `</Extension> >**> >**> Jurisdiction >**> = >**> `<JURISDICTION >**> " service=" quoted-URI >**> [" short-description=" quotedstring] >**> [" long-description=" quotedstring] >**> ">" >**> >**> "</JURISDICTION>" >**> >**> Example: >**> >**> <RECIPIENT> >**> <EXTENSION><JURISDICTION >**> service="http://europa.eu.int/smartapi/cgi/ >**> sga_doc?smartapi!celexapi!prod!CE >**> LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett" >**> short-description="EU law" >**> long-description="This service operates within the >**EU"></JURISDICTION> >**> </EXTENSION> >**> </RECIPIENT> >**> >**> Text for specification: >**> >**> >**> The jurisdiction extension element allows user agents to make >**> judgements >**> about the trustworthiness of a data recipient based on the >**regulatory >**> environment they are placed in. For example organizations >**within the >**> European Union can be assumed to comply to European data >**protection >**> law. >**> Some jurisdictions prohibit transfer of data to certain other >**> jurisdictions >**> without the explicit consent of the data subject. >**Therefore declaring >**> a data >**> transfer activity using the P3P jurisdiction extension is not >**> sufficient to >**> guarantee its legality. >**> >**> >**> >** >**
Received on Wednesday, 18 February 2004 05:17:56 UTC