[KI-LC] Initial Comments on Privacy Policy for Consent Receipt Implementation

Ken Dagg kendaggtbs at gmail.com
Tue Jul 14 07:42:21 CDT 2015


As I am no longer with the Canadian Government I don't want to
interpret their privacy legislation. I have included a colleague in the
government for his interpretation.


On Tuesday, July 14, 2015, Robin Wilton <wilton at isoc.org> wrote:

> Ken, a quick question (the answer to which I will factor into my over-all
> comments on the privacy policy statement later…)…
> Is the Canadian position that an IP address is PII, plain and simple? Or
> is it that an IP address is PII because, if combined with other data
> reasonably expected to be in the possession of the data controller, it
> could be related to an identifiable individual?
> The latter is, I believe, the EU position as articulated by the Art.29
> Working Group (at least, as I last understood it).
> In Kantara’s case, I think what the privacy policy statement intends to
> say is: “we use IP addresses as part of our site management statistics, but
> we deliberately don’t correlate them with the other,
> personally-identifiable data that you may provide in the course of
> interacting with us”.
> a) would that interpretation be acceptable under Canadian DP law?
> b) do you think the current wording allows that interpretation? (If not,
> we can invite Joni to consider a revision…)
> R
> Robin Wilton
> Technical Outreach Director - Identity and Privacy
> Internet Society
> email: wilton at isoc.org <javascript:_e(%7B%7D,'cvml','wilton at isoc.org');>
> Phone: +44 705 005 2931
> Twitter: @futureidentity
> On 14 Jul 2015, at 12:38, Ken Dagg <kendaggtbs at gmail.com
> <javascript:_e(%7B%7D,'cvml','kendaggtbs at gmail.com');>> wrote:
> Hi all,
> Some specific comments:
> - Some jurisdictions (i.e., Canada) consider an IP address to be PII. As
> such, the statement "... we keep track of the domains and IP numbers from
> which people visit us. We also collect site usage statistics such as web
> browser types and page requests and track users' movements. This data is
> not personally identifiable ..." regardless of the follow on statement.
> - I would suggest that a "How we will not use your information" section be
> added. Entries there could include: "We will not provide your information
> to anyone or any company for the purposes of advertising. We will not sell
> your information."
> - I would suggest that "... not disclose your personally identifiable
> information to any company not a member of Kantara Initiative ..." become
> "... not disclose your personally identifiable information to anyone or any
> company not a member of Kantara Initiative ...". However, this statement
> seems to imply that KI will disclose an individual's PII to other members
> of KI with no restriction. Is that true?
> - as IP address is PII, the section "How you can view or update your
> personal information" will need to be updated to accommodate viewing IP
> addresses or state that IP addresses cannot be viewed or modified.
> See comments on Mark's and Colin's comments inline below.
> Ken
> On Monday, July 13, 2015, Colin Wallis <colin_wallis at hotmail.com
> <javascript:_e(%7B%7D,'cvml','colin_wallis at hotmail.com');>> wrote:
>> Thanks Mark
>> I've (personally) commented <<inline>> below.
>> Cheers
>> Colin
>> ------------------------------
>> From: mark at smartspecies.com
>> Date: Mon, 13 Jul 2015 13:51:23 -0400
>> To: lc at kantarainitiative.org
>> CC: wilton at isoc.org
>> Subject: [KI-LC] Initial Comments on Privacy Policy for Consent Receipt
>> Implementation
>> Hi LC,
>> I have updated the comments a little with a couple of policy notes and
>> some edits. Robin do you have any thoughts about these comments? ( There
>> are many ways to address notice and consent issues. )
>> Kind Regards,
>> Mark
>> ***
>> Upon a quick Review of the Privacy Policy there are a  couple of
>> comments:
>> http://kantarainitiative.org/confluence/display/GI/Privacy+Policy
>>    1. Unable to find a Privacy policy  link of the main website, was
>>    only able to find it on the join the WG form. (lack of usable transparency
>>    over privacy practices)
>> <<CW: We should link to it from the landing page of the main website as
>> well as the WG GPA form, but..any word changes needed?>>
>> “We may use your information to: To provide you with personalized
>> content.”
>>    1. - Is there personalised content or ads?  if not this should be
>>       removed. If this is true, this should arguably be a listed purpose and
>>       possibly reflected in a consent receipt.
>> <<CW: I don't believe there is, or has ever been, but was probably
>> considered as 'future proofing' Kantara's website activity.  I support
>> removing this statement>>..
> <<KD: I would suggest leaving the statement in the policy in order to
> future proof the policy. However, I would suggest changing it to "To
> personalize your visit to our website" to alleviate the issue with respect
> to "advertising" that Mark raised. >>
>> Consent for cross-border transfer of information:
>> "Kantara Initiative is a business alliance of individuals, organizations,
>> and companies operating globally. Please note that while the Website is
>> located in the United States, data collected on the Website may be
>> transferred to, and stored or processed in, other countries, including
>> countries where Kantara Initiative members are located. Laws of these other
>> countries may not be the same as the laws regulating the use and transfer
>> of personal data in your country. By entering your personal information on
>> this Web site, you are consenting to the transfer of that information to
>> the United States or to other countries for the purposes described in this
>> privacy policy."
>> Comments
>>    - its not clear why personal information would be transferred to
>>    another country other than the US
>>       - why this would be done without explicit consent - seem to
>>       ambiguous and I suggest a review
>>       - If this is necessary, then this will require something like Safe
>>       Harbour or BCRS to make compliant, (or) adding more purposes and consent
>>       options.
>> <<CW: I don't know the background either, but I could imagine 2 possible
>> intentions: 1) geographically distributed data centers for cloud based SaaS
>> offerings like Confluence, 2) the opening of another (European?) office for
>> Kantara which might require some transfer>>
>> Possible Solutions
>>    - Storing information in the US  could be added to the consent
>>    receipt as a purpose and be explicitly agreed to in the join form.
>>    - Remove/change ,” may be transferred to other countries … “  unless
>>    Kantara is unaware, or does this without consent.  If this is the case,
>>    then, Safe Harbour needs to be used.
>> <<CW: So working on my assumptions above, and the notion of another
>> office has not gone away, I think we need to do both of these
>> suggestions above>>.
> <<KD: I agree with Mark's first suggestion. However, for Colin's reasons,
> I would suggest that the second suggestion not be followed. I would suggest
> amending the statement to say something along the line of the following: KI
> operates and transfers data to data centres in the following <list of
> countries>.
>> We are starting to work on best practices for an implementation of a
>> consent receipt, these can be found here
>> <https://kantarainitiative.org/confluence/display/infosharing/Draft:+Consent+Receipt+Documentation+Outlne?src=contextnavchildmode>
>> _______________________________________________ LC mailing list
>> LC at kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/lc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20150714/dd0d7b6c/attachment-0001.html>

More information about the LC mailing list