Oh and I believe in some jurisdictions IP addresses have been determined as personal information. This is determined by authorities other than the IETF and may have geo variation.
So again whether they are PII " depends" on who and how the question is asked. Bryan Sent from my iPhone On 9 Sep 2012, at 13:13, "Bryan McLaughlin (brmclaug)" <[email protected]> wrote: > > > The intention is to discuss about whether Internet Identifiers and Session > Identifiers can be information about an individual and whether consent is > necessary > > > Bmc> > > I believe the answer to whether consent is necessary will be "it depends" > > Privacy is contextual and so the purpose for which the identifiers are > processed will determine the requirement for consent. > > Is the identifier needed to provide the service or is it processed for > "additional" purposes? > > Will any processing impact sensitive information? If so additional > requirements for consent may be required. > > BTW this may not be as clear cut as it first seems. Location information may > indicate - with temporal correlation- religious or medical information. We > had a draft and ppt that included this a while back. > > Given that privacy is not an objective binary item I would offer that all > identifiers be used with a minimalist approach. So used when needed. Used for > a specific purpose. Additional uses are not assumed but must be defined and > explicitly consented to. > > Bryan > > > > > _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
