The intention is to discuss about whether Internet Identifiers and Session Identifiers can be information about an individual and whether consent is necessary
Bmc> I believe the answer to whether consent is necessary will be "it depends" Privacy is contextual and so the purpose for which the identifiers are processed will determine the requirement for consent. Is the identifier needed to provide the service or is it processed for "additional" purposes? Will any processing impact sensitive information? If so additional requirements for consent may be required. BTW this may not be as clear cut as it first seems. Location information may indicate - with temporal correlation- religious or medical information. We had a draft and ppt that included this a while back. Given that privacy is not an objective binary item I would offer that all identifiers be used with a minimalist approach. So used when needed. Used for a specific purpose. Additional uses are not assumed but must be defined and explicitly consented to. Bryan _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
