- From: Tom Lowenthal <tom@mozilla.com>
- Date: Wed, 25 Jan 2012 19:11:28 +0100
- To: David Singer <singer@apple.com>, public-tracking@w3.org
Received on Wednesday, 25 January 2012 18:12:12 UTC
I don't think we need anything apart from Jonathan's text. I'd argue that for process applied to data collected in a third party capacity, notification is a must; for first party data, a should; and for any breach where you must notify some users, you must notify all users. On Wed 25 Jan 2012 06:43:06 PM CET, David Singer wrote: > > On Jan 25, 2012, at 16:12 , Jonathan Mayer wrote: > >> Proposed text: >> >> A party MAY take action contrary to the requirements of this standard if compelled by mandatory legal process. To the extent allowed by law, the party MUST (SHOULD? MAY? non-normative?) notify affected users. > > which means we need a 'legal exception'? > > > > David Singer > Multimedia and Software Standards, Apple Inc. > >
Received on Wednesday, 25 January 2012 18:12:12 UTC