> On 28 Jun 2020, at 19:44, Alissa Cooper via Datatracker <[email protected]> > wrote: > > Alissa Cooper has entered the following ballot position for > draft-ietf-dprive-bcp-op-10: Discuss > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Trimmed to the one outstanding point from my original DISCUSS: > > I do not think item #5 in Section 6.1.2 belongs in this document. I don't see > how it is within scope for the IETF to be specifying these sorts of best > practices, which are not technical or operational in nature but focus on legal > matters and likely require the involvement of lots of lawyers in order to get > the provisions written. This section implies that the DROP documents would > become legal/compliance documents by nature, which may or may not be a good > choice but is not within the remit of the IETF to specify. Also, I think what > this section asks for is not the norm today and therefore it seems odd for the > IETF to specify a best practice that operators may not have any chance of > being > able to comply with (e.g., listing specific law enforcement agencies, privacy > laws, or countries where data centers will reside and the data will never move > from them).
After discussion amongst the authors, we are very keen to at least retain a placeholder within the DROP statement so that readers can easily access any complimentary documents that do deal with such matters. We would like to propose replacing item 5 with the following text: “5. Data Processing. This section can optionally communicate links to and the high level contents of any separate statements the operator has published which cover applicable data processing legislation or agreements with regard to the location(s) of service provision. " Best regards Sara. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
