[KI-LC] Initial Comments on Privacy Policy for Consent Receipt Implementation

Mark Lizar mark at smartspecies.com
Mon Jul 13 12:51:23 CDT 2015


Hi LC,

I have updated the comments a little with a couple of policy notes and some edits. Robin do you have any thoughts about these comments? ( There are many ways to address notice and consent issues. )

Kind Regards,

Mark

***

Upon a quick Review of the Privacy Policy there are a  couple of comments:
http://kantarainitiative.org/confluence/display/GI/Privacy+Policy <http://kantarainitiative.org/confluence/display/GI/Privacy+Policy>
Unable to find a Privacy policy  link of the main website, was only able to find it on the join the WG form. (lack of usable transparency over privacy practices)
“We may use your information to: To provide you with personalized content.”
- Is there personalised content or ads?  if not this should be removed. If this is true, this should arguably be a listed purpose and possibly reflected in a consent receipt.
Consent for cross-border transfer of information:
"Kantara Initiative is a business alliance of individuals, organizations, and companies operating globally. Please note that while the Website is located in the United States, data collected on the Website may be transferred to, and stored or processed in, other countries, including countries where Kantara Initiative members are located. Laws of these other countries may not be the same as the laws regulating the use and transfer of personal data in your country. By entering your personal information on this Web site, you are consenting to the transfer of that information to the United States or to other countries for the purposes described in this privacy policy."

Comments
its not clear why personal information would be transferred to another country other than the US
why this would be done without explicit consent - seem to ambiguous and I suggest a review
If this is necessary, then this will require something like Safe Harbour or BCRS to make compliant, (or) adding more purposes and consent options.
Possible Solutions
Storing information in the US  could be added to the consent receipt as a purpose and be explicitly agreed to in the join form.
Remove/change ,” may be transferred to other countries … “  unless Kantara is unaware, or does this without consent.  If this is the case, then, Safe Harbour needs to be used.

We are starting to work on best practices for an implementation of a consent receipt, these can be found here <https://kantarainitiative.org/confluence/display/infosharing/Draft:+Consent+Receipt+Documentation+Outlne?src=contextnavchildmode>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20150713/36922e45/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20150713/36922e45/attachment.sig>


More information about the LC mailing list