RE: [gnso-whois-study] WHOIS study group call Tuesday 8 April 2008 at 15:00 UTC]
- To: "gnso-whois-study@xxxxxxxxx" <gnso-whois-study@xxxxxxxxx>
- Subject: RE: [gnso-whois-study] WHOIS study group call Tuesday 8 April 2008 at 15:00 UTC]
- From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 08 Apr 2008 18:37:24 -0700
I was too ill to attend to the call this morning, so I've listened to it
via mpeg delay.
There is a data collection policy element in EPP (rfc3730). It allows
for the following to be stated by the data collecting entity (nominally
a registry, or a registrar, or both, and possibly third-parties such as
ICANN or an escrow provider) to the data providing entity (nominally a
the access type, the purpose type, the recipient type, the retention
period, and the expiry type
The W3C's P3P Spec activity, which Lori Cranor chaired and to which I
http cookies), attempted to create a mechanism that would meet the needs
of data collection within "data protection" jurisdictions (The EU, with
all the nuances each member state's implementation of the data
protection directives that attend), the OECD jurisdictions (Canada,
Japan, etc) and the fabulously weak American jurisdiction, where privacy
arises from contract (barely).
That's about all I have energy for today. I tried to put the mechanism
into the provisioning protocol anticipating the problem of multiple
jurisdictions and their associated policies.