P3P and the privacy legislation in Germany: from Joseph M. Reagle Jr. on 2000-07-06 (www-p3p-public-comments@w3.org from July 2000)

From: Joseph M. Reagle Jr. <reagle@MIT.EDU>
Date: Thu, 06 Jul 2000 10:06:14 -0400
To: grimm@darmstadt.gmd.de, rosnagel@uni-kassel.de
Cc: www-p3p-public-comments@w3.org
Message-Id: <3.0.5.32.20000706100614.02c49f98@rpcp.mit.edu>

Dr. Grimm and Professor Rossnagel,

Could you please explain the points of:

o P3P doesn't not provide the authentication of the policy or the electronic
consent.
The appropriate English translated text of TDDSG states, "(7) Consent can
also be declared electronically if the provider ensures that such consent
can be given only through an unambiguous and deliberate act by the user,
consent cannot be modified without detection, the creator can be identified"
[1]. As the definition of personal data continues to be problematic (or
inconsistent across domains), would not some data that is
personal-though-not-identifiable then be required to be associated with an
identity? (What is the definition of personal data used?) Also, is there an
English text of the MDStV [2] as I assume that includes the authentication
requirements?
  - this bullet could use better pointers to the (present) TDDSG and
(absent) MDStv references.

o How is the "description material for an automatic interpretation ...
insufficient"?

o Can you cite text that requires the category to be associated with
purpose? Would this not make the matrix of possible categories/purposes when
enumerated overwhelming? The purpose of the P3P vocabulary design is to be
as expressive as possible while limiting the variables and their range [3].

o Your email addresses and the URL of the paper would be a useful thing to
include in the PDF file.

o The URL in the [IuK_97] reference is incorrect as their is a trailing
slash after the *.html .

[1] http://www.iid.de/rahmen/iukdgebt.html#a2
[2] http://www.iid.de/contents.html
[3] http://www.w3.org/People/Reagle/papers/tprc97/tprc-f2m3.html

At 12:12 2000-06-30 -0400, Y wrote:
 >An interesting new paper that explores P3P in the context
 >of European privacy legislation...
 >
 >P3P and the privacy legislation in Germany: can P3P help to protect privacy
 >worldwide?
 >by Rüdiger Grimm and Alexander Rossnagel
 >http://sit.gmd.de/~grimm/texte/P3P-Germany-e.pdf

_______________________     
Regards,          http://www.mit.edu/~reagle/
Joseph Reagle     E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E
MIT LCS Research Engineer at the World Wide Web Consortium.

* This email is from an independent academic account and is 
not necessarily representative of my affiliations.

Received on Thursday, 6 July 2000 10:08:16 UTC