Feedback loops sent to third parties tend to have PII stripped. Based on a definition of PII that does not regard IP addresses as personal data.
On Thu 26/Jul/2012 18:37:55 +0200 Tobias Knecht wrote:
>> In the words of RFC 6650:
>
> Don't get me wrong, this rfc is a good one an clarifies some things,
> but it is written by Americans under their understanding of US law.
IMHO, it is not so much being Americans or whatever, as being versed
on legal points of view.
> Some things that are mentioned are not possible under European
> Jurisdiction. For example providing Feedbackloops is especially in
> Germany a very critical task.
Is it? I guess in Italy we have more or less the same European
directives. So long as the user is clearly informed about what data
is being sent to who, and grants her/his consent to that, it should be
legal to do FBLs. Yet, IANAL.
The best thing, IMHO, would be do gather users' consent on the first
time they hit a "This is Spam" button. At the same time, give them
the option to redact their email address in the header. (See
http://tools.ietf.org/html/rfc6590 ).
> So rfc 6650 is good but unfortunately does not fit all use and legal
> cases.
We need to clear up this issue. Googling for that I find that ETIS,
which is based in Europe, has an "Anti SPAM Co-operation Group" that
"is also working on an anti-spam feedback loop project." (Quotes from
http://etis.org/groups/anti-spam-task-force ). I'd guess you know
them; they have a meeting on next Oktoberfest... Would they cover
those legal concerns?
A recurring objection in the acm-tf was that RIPE handles just a
region, and therefore we'd need anti-abuse practices to be specified
by some global body such as the IETF. Now we have it. We should use
it as we use SMTP. And the fact that our law is better than theirs
should be an aid, not a hindrance!
> In addition to that, I do not have any problem in single persons
> reporting abuse incidents as long as they are useful. And even people
> in the registration business sometimes do not know how to report
> correctly, which is not bad it's just that they haven never done it
> before and need somebody/something that guides them through, which
> should be one of the next tasks for this community to define.
Very much agreed. We need to exchange scripts and ideas.