Hi Jay,
At 12:25 PM 31-03-2025, Jay Daley wrote:
If you could point me to that discussion, it would help me trying to
understand your following points.
The thread are on this mailing list. As far as I recall, it should
be around October 2024.
The database match that we do, we are legally required to do, and we
document in this policy:
https://www.ietf.org/media/documents/IETF_LLC_OFAC_Compliance_Policy_2022-09-26.pdf
Thank you for sharing that.
I don't properly understand the points being made
- are you suggesting that the privacy statement needs to reference
the OFAC policy above?
- are you suggesting the privacy statement is not legally compliant?
I am not suggesting that the privacy statement is not legally compliant.
There is a section in the compliance policy with the "Meeting
Registrations". I suggest considering whether that information can
be add somewhere in the meeting registration flow.
As it is a legal requirement that we perform this match, no consent
is needed and nobody can refuse or withdraw consent.
Thank you for clarifying that.
As far as I can tell, you appear to be saying that consent is needed
for someone's name to appear in this list and there are consequences
if they do not give that consent - if I have misunderstood please
correct me. Consent is not required for meeting participant names
to be published. The entire manner in which the standards are
developed is designed around the requirement for a transparent and
accurate archive of the standards development process.
Here's how I see it. The terms and conditions and the policy
included in it mentions transparency and consent. I would expect the
information to be easily accessible as part of the meeting registry
flow. I usually ask questions when I am asked for personal
information as I like to know what I am consenting to. If the IETF
Administration LLC tells me that some information is required to
comply with a legal requirement, I may ask a question or two.
Regards,
S. Moonesamy
