> On 5 Feb 2020, at 21:11, Deborah Brungard via Datatracker <[email protected]> > wrote: > > Deborah Brungard has entered the following ballot position for > draft-ietf-dprive-bcp-op-08: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > In general, I support this document. It is good to help educate folks on what > should be included in a privacy statement, but as Alissa notes, there is no > "one > size fits all". Especially if one implies a cookie cutter type of form with > check > marks will be adequate to compare offerings. I don't think this is what was > intended - considering the detailed assessment on the DROP form - but > there's a couple of sentence stragglers that infer the DROP form is the form > *for all*. > > Support Alissa's and Ben's Discuss. > > A couple of my concerns: > > 5.3.3 Both Alissa (and Stephen previously) noted there is no meaningful way > to obtain > explicit "consent". Considering this document is a "best practice", suggest > simply > removing, and recommending as Alissa says "not share". > > 6.1.2 #5 agree with Alissa - this should be removed. >
Please see the responses to Alissa on these two points. > > 6.2 "We note that the existing set of policies vary widely in style, > content and detail and it is not uncommon for the full text for a > given operator to equate to more than 10 pages of moderate font sized > A4 text. It is a non-trivial task today for a user to extract a > meaningful overview of the different services on offer." > > I'm not sure what this is trying to say? The purpose of this document is > to advocate for comprehensive privacy statements. As Alissa notes (2), this > document > alone is not sufficient to give adequate description for a service. > This sentence implies > a 10-page document is bad because it is 10 pages (yet this document's DROP > example > has 5 pages requiring detailed information and lists to complete). And the > last sentence > negatively prejudges a user's reading capability or specific interest. > Suggest drop the last > sentence and it will remove the negativity as I don't think the DROP example > is any easier > on a user to read. One of the other key goals is to provide _consistent_ document structure that can be easily compared or used to find specific bits of information. I personally read all the privacy policies as part of creating this matrix https://dnsprivacy.org/wiki/display/DP/Comparison+of+policy+and+privacy+statements+2019 <https://dnsprivacy.org/wiki/display/DP/Comparison+of+policy+and+privacy+statements+2019> and it was a non-trivial and very time consuming task for me! Every policy uses a different layout, language, and can be spread over multiple separate webpages. If section 5 of 6.1.2 is removed then I think the example DROP would be ~3 pages in comparable text...I really do like to think that DROP statements would make this process easier and it was a genuine motivation behind this work…. Best regards Sara.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
