Am 09.04.2011, 16:10 Uhr, schrieb Giovanni Bajo <ra...@develer.com>:
I disagree. The form linked above clearly explains what it is going to
be published and what it is not. Moreover, if you submit the form once,
you are brought to the exact page that *will* become public, but still
in a private form; you can review everything and amend at any time.
The pop-up requrires javascript to work. As it stands they are two
slightly contradictory statements. I would suggest you clarify in the
obligatory opt-in field exactly what data will be published on the
website. To be honest, as the form is not secure neither statement is of
any great relevance from a data protection perspective: all public data is
being transferred in the clear. Would it be possible to have the forms
secured?
but then the site
is also using Google Analytics which also breaches this
Again, I disagree. We don't send Google Analytics any private data that
we are aware of. If you mind to elaborate on where our privacy policy
seems to disallow Google Analytics usage, we can amend the text to allow
it (and/or explicitly mention that it is being used). Plus, it's
possible to globally opt out from GA as you might know.
IP addresses are considered as personal information. In general, in
Europe, only opting-in to the collection of personal data is permissible
and, as such, the US preference for opting-out is not sufficient.
and it's also not
sure which data is handed over to Janrain for the single sign-on: their
website doesn't really inspire trust that personal data will be treated
as
such.
We don't hand anything to Janrain; it's exactly the other way round,
because Janrain gives us the personal information extracted from the
website used for login. You can read more about Janrain privacy policy
on their website. Plus, you are not required to use it, you can go
through a standard form if you prefer.
As with Google Analytics the details of the service should be in the
privacy statement.
I'm more than a little intrigued to see cookies for the site for a
conference in 2011 set to expire in 2021.
This can be something that we overlooked. I'll get back to you.
BTW, I didn't appreciate your tone. We are volunteers working in our
spare time to service the community. We surely do mistakes like anybody
else, especially on complex legal matters, but you will not help the
event or its partecipants just by citing EU directive numbers or naming
violations without providing details nor proposing solutions.
Sorry if you don't like my tone. I'm only trying to raise awareness of the
current legal situation. As you are aware neither your status as a
volunteer nor ignorance of the law is not likely to be much of the defence
in the, admittedly very unlikely event, of a legal challenge.
<legal-stuff>
The EU directive was not particularly well-drafted and explicitly forbids
the use of cookies on a website without the explicit consent of the user
in advance. Cookies that "are essential for the technical provision of a
service" may be exempted from this. Although the law is supposed to enter
into force by 25th May 2011 it must be implemented in each individual
nation state and the EU Commission normally gives countries at least three
years before initiating procedures. However, the jurisdiction on this is
not clear for such a patently international process: what happens when the
law is in force in country X and not in country Y. Because the law is so
poorly drafted it is likely to open the door at least to test cases and at
worst to serial injunctions leaving it up to the courts to decide exactly
how to interpret it.
</legal-stuff>
I hope this helps clarify my comments.
Charlie
--
Charlie Clark
Managing Director
Clark Consulting & Research
German Office
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-600-3657
Mobile: +49-178-782-6226
_______________________________________________
EuroPython 2011 - Florence June 20-26
http://ep2011.europython.eu/
EuroPython mailing list
EuroPython@python.org
http://mail.python.org/mailman/listinfo/europython
