Formal opinions would be helpful for people who feel the need for air cover :-)
--Kurt On Sat, Mar 17, 2018 at 11:11 AM, Ian Levy <[email protected]> wrote: > > - re privacy - the fact that someone with authority (over the domain) > has requested said reports suffices for GDPR legal/consent coverage > > IANAL, but that’s my understanding as well. If it would be helpful, I can > get a formal legal opinion and a statement from the UK Information > Commissioner’s Office. > > > > Ta. > > > > I. > > > > -- > > Dr Ian Levy > > Technical Director > > National Cyber Security Centre > > > > Staff Officer : Kate Atkins, [email protected] > > > > *From:* dmarc <[email protected]> *On Behalf Of *Kurt Andersen (b) > *Sent:* 17 March 2018 09:41 > *To:* Steven M Jones <[email protected]> > *Cc:* [email protected] > *Subject:* Re: [dmarc-ietf] Agenda for IETF 101 DMARC session > > > > On Fri, Mar 16, 2018 at 10:47 AM, Steven M Jones <[email protected]> wrote: > > On 3/15/18 10:19 AM, Kurt Andersen (b) wrote: > > > > - Creating a diagnostic report that would have some additional > information (such as sending address) and URLs without going quite as far > as a forensic report - so something between the aggregate and forensic > levels > > > I'm probably missing something, but -- aren't email addresses usually > classed as PII in the EU, whether they're sending or receiving at the > moment? Seems to me it would run afoul of the privacy regs that tend to > rule out forensic reports in certain jurisdictions... > > Maybe there's a batch/aggregate angle vs. per-message that helps avoid > that concern? Would time and URLs alone be useful enough to warrant the > effort and expense? > > > > There are two aspects to this - > > 1. batching (lightens the load for reporting receivers), and > 2. re privacy - the fact that someone with authority (over the domain) > has requested said reports suffices for GDPR legal/consent coverage > > --Kurt >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
