[Standards] XEP-0363 (HTTP Upload): Privacy Considerations & Deletion

Dave Cridland dave at cridland.net
Tue May 1 08:33:54 UTC 2018


On 1 May 2018 at 09:28, Philipp Hörist <philipp at hoerist.com> wrote:

> But even that is not very useful, Laws change all the time.
>
> At the same time you can write "Follow the local Laws"
>
> And why would this only concern HTTPUpload, Laws also concern all kind
> of data that run over the server.
>
> Its really not the place of a standard document to remember people to
> follow the law.
>


I appreciate the sentiment, but as an implementer I'd want to know about
potential legal requirements of software I'm writing, so I can then gain
some more confidence about offering that software to various jurisdictions,
and can take these requirements into consideration when designing the
software.

Dave.


>
> regards
>
> 2018-05-01 10:24 GMT+02:00 Kevin Smith <kevin.smith at isode.com>:
> > On 1 May 2018, at 09:03, Evgeny Khramtsov <xramtsov at gmail.com> wrote:
> >>
> >> Mon, 30 Apr 2018 13:20:38 +0200
> >> Jonas Wielicki <jonas at wielicki.name> wrote:
> >>
> >>> I agree with your stance about deletion. Which is why I made it a
> >>> separate PR.
> >>>
> >>> What do you think about the independent extension to the text I
> >>> proposed in https://github.com/xsf/xeps/pull/625 ?
> >>
> >> While I'm fine with having a separate extension, I'm against the PR
> >> itself. I think the behaviour is up to a local policy. We shouldn't make
> >> default recommendations based on some local laws (GDPR). Because if we
> >> do that, we can easily add "NOT" to all "SHOULD"s, and in this case we
> >> will describe the local law of Russia (where it is required to keep all
> >> users data for at least 6 months). I would really advise XSF to avoid
> >> making political statements. Not to mention that the text brings
> >> nothing to the document and only increases its size: it doesn't
> >> describe any protocol, it doesn't describe security considerations, it
> >> doesn't describe UX, so what does it do? Can we replace the text with
> >> "People SHOULD live in peace?" Because the meaning of the statement
> >> doesn't change a lot and a reader can easily ignore it.
> >
> > I largely agree with Evgeny on this. I’m fine with having a single line
> drawing attention to potential requirements (like the "The availability of
> deletion might be a requirement in jurisdictions where users have a right
> to have their data deleted on request.” in the PR), but I don’t think this
> normative language is the right thing to do.
> >
> > /K
> >
> > _______________________________________________
> > Standards mailing list
> > Info: https://mail.jabber.org/mailman/listinfo/standards
> > Unsubscribe: Standards-unsubscribe at xmpp.org
> > _______________________________________________
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20180501/c0477f36/attachment.html>


More information about the Standards mailing list