Dear IETF Administration LLC Board,
The terms and conditions for registering for a meeting states that:
"The IETF and related organizations are committed to transparency and so
some of your registration data will be made public. For information about
the personal data that is collected, and how it is managed, please see
the Privacy Statement."
The privacy statement, dated July 2024, states that:
"By providing us with your Personal Data, you are consenting to
our disclosure
and use of it for the purposes as described in this Statement."
During a discussion in October 2024 about the "Legally required
disclosure" section of the statement, it was revealed that there was
a database match being performed by the IETF Administration LLC.
1. It's also good to state one's commitment to transparency. There isn't
adequate information about the processing of the personal data for the
database. It would be quite onerous for a person from a
technology limited
country who is not employed by a high revenue organization to seek expert
advice on the "legally required" section. It also does not
seem transparent.
2. A person who registers for the meeting will be consenting to the database
match even though there is any information about that in the
privacy policy.
I don't think that it is fair to say that "you are consenting" when the
other party did not disclose information about the database match.
3. The list of attendees for the last IETF meeting which was held in Ireland
is at https://datatracker.ietf.org/meeting/121/proceedings/attendees/ It
would likely take less than one minute for a person to verify whether I
gave my consent. The lack of attendance has a negative impact
on fulfilling
the qualifications for a nomination committee (RFC 8713, Section 4.14) or
signing a recall petition (RFC 8713, Section 7.1.1).
Regards,
S. Moonesamy
