*   re privacy - the fact that someone with authority (over the domain) has 
requested said reports suffices for GDPR legal/consent coverage
IANAL, but that’s my understanding as well. If it would be helpful, I can get a 
formal legal opinion and a statement from the UK Information Commissioner’s 
Office.

Ta.

I.

--
Dr Ian Levy
Technical Director
National Cyber Security Centre

Staff Officer : Kate Atkins, [email protected]<mailto:[email protected]>

From: dmarc <[email protected]> On Behalf Of Kurt Andersen (b)
Sent: 17 March 2018 09:41
To: Steven M Jones <[email protected]>
Cc: [email protected]
Subject: Re: [dmarc-ietf] Agenda for IETF 101 DMARC session

On Fri, Mar 16, 2018 at 10:47 AM, Steven M Jones 
<[email protected]<mailto:[email protected]>> wrote:
On 3/15/18 10:19 AM, Kurt Andersen (b) wrote:



  *   Creating a diagnostic report that would have some additional information 
(such as sending address) and URLs without going quite as far as a forensic 
report - so something between the aggregate and forensic levels

I'm probably missing something, but -- aren't email addresses usually classed 
as PII in the EU, whether they're sending or receiving at the moment? Seems to 
me it would run afoul of the privacy regs that tend to rule out forensic 
reports in certain jurisdictions...

Maybe there's a batch/aggregate angle vs.  per-message that helps avoid that 
concern? Would time and URLs alone be useful enough to warrant the effort and 
expense?

There are two aspects to this -

  1.  batching (lightens the load for reporting receivers), and
  2.  re privacy - the fact that someone with authority (over the domain) has 
requested said reports suffices for GDPR legal/consent coverage
--Kurt

This information is exempt under the Freedom of Information Act 2000 (FOIA) and 
may be exempt under other UK information legislation. Refer any FOIA queries to 
[email protected]
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to