To:
"'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
Date:
Mon, 10 Sep 2001 08:46:32 -0400
Sender:
owner-ietf-provreg@cafax.se
Subject:
Data Collection Policy and Privacy Preferences
My "to-do" list from last week hasn't produced a whole lot of discussion thus far, so let me start a thread on one topic that I'd like to explore a bit further before doing a lot of writing: privacy preferences and how they may relate to data collection policies. We've discussed data collection policy issues fairly deeply. The next version of the EPP drafts will include an updated base protocol schema that supports publication of a server's data collection policy. We've also talked about a perceived need to include protocol features to allow for exchange of a data originator's privacy preferences. A common comment has been that the issue is more complex than could be addressed by tagging elements with a binary opt-in or opt-out flag, largely because such a flag may not really convey enough information to be useful. A thought: if we are now going to include publication of a server's data collection policy, could a flag be used to note specific elements for which a data originator wishes to specify selection of a policy option? The policy elements will specify server options (if any), and element attributes can identify desired treatment of data in accordance with (or deviating from) the published policy. Addressing how a server might deal with selections that deviate from the data collection policy is likely a matter to be decided by server operators. A more pointed question: do we have enough information to deal with this now, or is the issue still too ambiguous to be addressed adequately? <Scott/>