[Standards] XEP-0363 (HTTP Upload): Privacy Considerations & Deletion
kevin.smith at isode.com
Tue May 1 08:35:21 UTC 2018
On 1 May 2018, at 09:28, Philipp Hörist <philipp at hoerist.com> wrote:
> But even that is not very useful, Laws change all the time.
> At the same time you can write "Follow the local Laws"
> And why would this only concern HTTPUpload, Laws also concern all kind
> of data that run over the server.
> Its really not the place of a standard document to remember people to
> follow the law.
Which is not what that text is doing. It’s informing an *implementor* that a *deployment* might have this additional requirement that isn’t protocol based, and so while implementing they might want to consider it.
> 2018-05-01 10:24 GMT+02:00 Kevin Smith <kevin.smith at isode.com>:
>> On 1 May 2018, at 09:03, Evgeny Khramtsov <xramtsov at gmail.com> wrote:
>>> Mon, 30 Apr 2018 13:20:38 +0200
>>> Jonas Wielicki <jonas at wielicki.name> wrote:
>>>> I agree with your stance about deletion. Which is why I made it a
>>>> separate PR.
>>>> What do you think about the independent extension to the text I
>>>> proposed in https://github.com/xsf/xeps/pull/625 ?
>>> While I'm fine with having a separate extension, I'm against the PR
>>> itself. I think the behaviour is up to a local policy. We shouldn't make
>>> default recommendations based on some local laws (GDPR). Because if we
>>> do that, we can easily add "NOT" to all "SHOULD"s, and in this case we
>>> will describe the local law of Russia (where it is required to keep all
>>> users data for at least 6 months). I would really advise XSF to avoid
>>> making political statements. Not to mention that the text brings
>>> nothing to the document and only increases its size: it doesn't
>>> describe any protocol, it doesn't describe security considerations, it
>>> doesn't describe UX, so what does it do? Can we replace the text with
>>> "People SHOULD live in peace?" Because the meaning of the statement
>>> doesn't change a lot and a reader can easily ignore it.
>> I largely agree with Evgeny on this. I’m fine with having a single line drawing attention to potential requirements (like the "The availability of deletion might be a requirement in jurisdictions where users have a right to have their data deleted on request.” in the PR), but I don’t think this normative language is the right thing to do.
>> Standards mailing list
>> Info: https://mail.jabber.org/mailman/listinfo/standards
>> Unsubscribe: Standards-unsubscribe at xmpp.org
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
More information about the Standards