Adam is absolutely correct on the best starting point -- the fair
information practices he identified. That does strongly suggest an
overall opt-in approach, although we may end up trying to accommodate
a scenario where a user wants to be able to opt in to an entire class
of services (such as, hypothetically, special offers from nearby
local merchants) without having to opt in with each individual
service provider.
John Morris
At 6:29 PM +0300 8/30/01, john.loughney@nokia.com wrote:
>Hi Adam,
>
> > I think that opt-in vs. opt-out is an oversimplified model of the
> > privacy issues that we face. I would strongly prefer that we try to
> > ensure that the requirements encompass or address some instance of the
> > fair information practices (notice, consent, limits on collection and
> > use, quality requirements, security, openness, accountability.) Some
> > of these (accountability) are hard to meaningfully encode, although
> > p3p may offer ways to encode the idea of "go here to ask questions or
> > raise complaints."
> >
> > The notice and consent practices mean that we're looking at something
> > like opt-in, but even opt-in means "ok, here's my data, have fun."
> > We can do better.
>
>I agree that opt-in vs. opt-out is a simplification - I just wanted to
>get a feel from the group what we are looking at. I wanted to define a
>a starting point.
>
>My feeling is, the model should be opt-in to start with, then we should
>build on top of this.
>
>Thanks,
>John L.
----------------------------------------
John B. Morris, Jr.
Director, Internet Standards, Technology
& Policy Project
Center for Democracy and Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
(202) 637-9800
(202) 637-0968 fax
jmorris@cdt.org
http://www.cdt.org
----------------------------------------
Received on Fri Aug 31 10:21:19 2001
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST