- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Thu, 19 Feb 2004 15:04:03 -0500
- To: Giles Hogben <giles.hogben@jrc.it>
- Cc: 'public-p3p-spec' <public-p3p-spec@w3.org>
Looks good. Lorrie On Feb 18, 2004, at 5:18 AM, Giles Hogben wrote: > > OK agreed - How about this then: > Jurisdiction Disclosure: > > We suggest that an Jurisdiction extension be added to the recipient > element: > > > jurisdiction= "<JURISDICTION" > " service=" quoted-URI > [" short-description=" quotedstring] > ">" > [longdescription] > "</JURISDICTION>" > > > > longdescription=<LONG-DESCRIPTION>PCDATA</LONG-DESCRIPTION> > > > > > Example: > > <RECIPIENT> > <EXTENSION><JURISDICTION > service="http://europa.eu.int/smartapi/cgi/ > sga_doc?smartapi!celexapi!prod!CE > LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett" > short-description="EU law" >> **EU"></JURISDICTION> > </EXTENSION> > </RECIPIENT> > > Text for specification: > The jurisdiction extension element allows user agents to make > judgements > about the trustworthiness of a data recipient based on the regulatory > environment they are placed in. Jurisdictions of recipients can be > rendered > machine readable by inserting a known URI into the service field (e.g. > the > URI of a body of legislation which applies). For example organizations > within the European Union can be assumed to comply to European data > protection law and could therefore insert the URI of the 95/46 > directive as > in the example above. Some jurisdictions prohibit transfer of data to > certain other jurisdictions without the explicit consent of the data > subject. It should be noted therefore declaring the data transfer > activity > of a recipient using the P3P jurisdiction extension is not sufficient > to > guarantee its legality. > > >> **-----Original Message----- >> **From: Lorrie Cranor [mailto:lorrie@cs.cmu.edu] >> **Sent: 06 February 2004 18:21 >> **To: Giles Hogben >> **Cc: 'public-p3p-spec' >> **Subject: Re: Art 10 Issue 2: Jurisdiction >> ** >> ** >> **We should make it clear that the jurisdiction is the >> **jurisdiction of >> **the recipient (not the entity). >> ** >> **For consistency, LONG-DESCRIPTION should be a sub-element >> **rather than >> **an attribute. >> ** >> **Lorrie >> ** >> ** >> ** >> **On Thursday, February 5, 2004, at 03:04 AM, Giles Hogben wrote: >> ** >> **> >> **> Here is the latest suggested text and Jurisdiction Extension spec: >> **> please >> **> review the text as I don't think we discussed it in the call. >> **> >> **> Jurisdiction Disclosure: >> **> >> **> We suggest that an Jurisdiction extension be added to the >> recipient >> **> element: >> **> >> **> [??] Extension >> **> = >> **> Jurisdiction >> **> `</Extension> >> **> >> **> Jurisdiction >> **> = >> **> `<JURISDICTION >> **> " service=" quoted-URI >> **> [" short-description=" quotedstring] >> **> [" long-description=" quotedstring] >> **> ">" >> **> >> **> "</JURISDICTION>" >> **> >> **> Example: >> **> >> **> <RECIPIENT> >> **> <EXTENSION><JURISDICTION >> **> service="http://europa.eu.int/smartapi/cgi/ >> **> sga_doc?smartapi!celexapi!prod!CE >> **> LEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett" >> **> short-description="EU law" >> **> long-description="This service operates within the >> **EU"></JURISDICTION> >> **> </EXTENSION> >> **> </RECIPIENT> >> **> >> **> Text for specification: >> **> >> **> >> **> The jurisdiction extension element allows user agents to make >> **> judgements >> **> about the trustworthiness of a data recipient based on the >> **regulatory >> **> environment they are placed in. For example organizations >> **within the >> **> European Union can be assumed to comply to European data >> **protection >> **> law. >> **> Some jurisdictions prohibit transfer of data to certain other >> **> jurisdictions >> **> without the explicit consent of the data subject. >> **Therefore declaring >> **> a data >> **> transfer activity using the P3P jurisdiction extension is not >> **> sufficient to >> **> guarantee its legality. >> **> > >> **> >> **> >> ** >> ** >
Received on Thursday, 19 February 2004 15:03:58 UTC