[Standards] XEP-0363 (HTTP Upload): Privacy Considerations & Deletion

Kevin Smith kevin.smith at isode.com
Tue May 1 08:24:14 UTC 2018

On 1 May 2018, at 09:03, Evgeny Khramtsov <xramtsov at gmail.com> wrote:
> Mon, 30 Apr 2018 13:20:38 +0200
> Jonas Wielicki <jonas at wielicki.name> wrote:
>> I agree with your stance about deletion. Which is why I made it a
>> separate PR.
>> What do you think about the independent extension to the text I
>> proposed in https://github.com/xsf/xeps/pull/625 ?
> While I'm fine with having a separate extension, I'm against the PR
> itself. I think the behaviour is up to a local policy. We shouldn't make
> default recommendations based on some local laws (GDPR). Because if we
> do that, we can easily add "NOT" to all "SHOULD"s, and in this case we
> will describe the local law of Russia (where it is required to keep all
> users data for at least 6 months). I would really advise XSF to avoid
> making political statements. Not to mention that the text brings
> nothing to the document and only increases its size: it doesn't
> describe any protocol, it doesn't describe security considerations, it
> doesn't describe UX, so what does it do? Can we replace the text with
> "People SHOULD live in peace?" Because the meaning of the statement
> doesn't change a lot and a reader can easily ignore it.

I largely agree with Evgeny on this. I’m fine with having a single line drawing attention to potential requirements (like the "The availability of deletion might be a requirement in jurisdictions where users have a right to have their data deleted on request.” in the PR), but I don’t think this normative language is the right thing to do.


More information about the Standards mailing list