Re: Registrant Access (Data Protection/Privacy)

[Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>]

Scott,

That's a good question, which is why I snuck "non persistent" into the text,
just to get a bite ;-)

I've mentioned off-list that one way to view access is cache validation, as
the data (t && s) is persistent at its ultimate sink(s) (thin && thick), but
is transient at intermediate points (if any) in the provisioning chain.

To address this we need to either, as P3P does, to impute temporal properties
with a PURPOSE element, or as P3P also does, associate vague temporal
properties to RETENTION element, which we need anyway, or as P3P also does,
create an element which contains specific (ISO 8601) temporal properties,
which we also need anyway ;-)

I'm a fan of good temporal identifiers, so I propose the later.

In my opening and motivating para I managed to miss Paul Kane's cite:

> For registries based in Europe, EU directive 95/46/EC, says "data subjects
> (registrants) must have the ability to inspect and modify information
> (including its deletion) directly with the Data User" (registry)....

I also managed to miss the chance to reply to co-Chair Jaap and Bart Boswinkel's
reading of both Directive 95/46 [1], and agree that 95/46 does not require the
right of access be read as extending the scope of the protocol to registrants,
(see (42) and (43) of the preamble, and Art 10., which establishes a right of
access and a right to rectify, not a specific mechanism to accomplish either).

References:

[1] Directive 95/46/EC of the European Parliament and of the Council of 24
    October 1995 on the protection of individuals with regard to the processing
    of personal data and on the free movement of such data
    http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0046.html

Eric