Posted September 22nd, 2012 - 9:13 am by 
from Paris, France (Permalink)
from Paris, France (Permalink)My questions to Meredith Hutcheson/CouchSurfing:
"Thanks for communicating on these important issues, Meredith. As they say, better late than never.
What you have written above leaves several questions, among others because it seems to conflict with the written terms of use.
1. Is what you have a) written above, b) replied to comments, the official, binding CS position, or just your personal opinion?
2. In case of conflict between what you are writing here and the official terms of use and privacy policy, which prevails?
3. I would have thought that the extra week from September 14th to 21st
which CS gave itself to put the terms of use into effect would be used
to get things right, but it looks like another rushed job. Could you
please actually link to the current privacy policy from the terms of use
since at 10 a.m. Paris time September 22nd, 2012, that link returns the
following message: "Hmm... Nope! That page ain't here! I bet you're all
"Whatever!" I am too." No, I am not "whatever". I am just shaking my
head at how unprofessional CouchSurfing International, Inc. is when it
comes to such important and controversial issues. The same reason why it
is so difficult for many to trust that company, with their data and
otherwise.
4. I understand "We have now also finished the process required to
participate in the EU-US Safe Harbor Privacy Principles." to mean that
as of 9/21/2012 CouchSurfing adheres to these principles. Is this
correct and has this been achieved through a self-assessment to verify
that it complies with these principles, or through a third-party which
has performed the assessment?
5. Are you certain that the entire terms of use and privacy policy
comply with the Safe Harbor Privacy Principles, and if they didn't,
would Safe Harbor prevail, and the terms of use and CS policies be made
compliant?
6. The Safe Harbor Principles stipulate that "Data must be relevant and
reliable for the purpose it was collected for.". CouchSurfing collects
extensive data which does not all seem relevant and reliable for the
purpose of providing the services. One such example is the tracking of
the last login location of users, about which CouchSurfing states:
"While this works for the vast majority of members, some Internet
Service Providers will provide inaccurate data that show an inaccurate
login location. This could be the nearest large city, or someplace
completely unrelated to the person's actual location. Unfortunately this
is due to the ISP's settings and we can't prevent it from happening
from time to time." Will you cease such data collection and publication
in order to fully comply with the Safe Harbor Principles?
7. How can I access the complete information held about me, and correct
or delete it if it is inaccurate, as required by the Safe Harbor
Principles?
8. Certification requires ensuring that appropriate employee training
and an effective dispute mechanism are in place. What employee training
and dispute mechanism are in place at CouchSurfing International, Inc.?
9. You said "For uses like that, which may be considered promotional, we
will give you the tools to control that.". Where can I find these
tools?
10. On September 13th, in his press release at
http://www.bfdi.bund.de/DE/Oeffentlichkeitsarbeit/Pressemitteilungen/2012/18_CouchSurfing.html?nn=408920,
Germany's Commissionner for Data Protection harshly criticized the CS
terms of use and privacy policy and filed a complaint with the U.S.
Federal Trade Commission, saying "The changes are unacceptable. They
would not be permissible under German and European data protection law.
Users are forced by the new terms of use to waive all control over their
data if they want to continue to use the services.". Why did CS decide
to put these terms and policies into effect anyway?
11. Will CS agree to adapt its written notification policy and to notify
users of all future changes, clearly identifying what the changes are
rather than force users to read the entire terms of use and policies to
detect any changes hidden in them, knowing that the vast majority of
users won't be able to do so?
12. Will you provide foreign language versions of the terms of use and
privacy policy, at least in German, French and Spanish, for the hundreds
of thousands of users who lack the (legal) English language skills
required to understand what they are agreeing with?
One final question: Do you have to force CS members to open an account
on another website in order to communicate with you or would it be
possible to communicate with you on this and other topics logged in as a
member of CouchSurfing?"
"Thanks for communicating on these important issues, Meredith. As they say, better late than never.
What you have written above leaves several questions, among others because it seems to conflict with the written terms of use.
1. Is what you have a) written above, b) replied to comments, the official, binding CS position, or just your personal opinion?
2. In case of conflict between what you are writing here and the official terms of use and privacy policy, which prevails?
3. I would have thought that the extra week from September 14th to 21st
which CS gave itself to put the terms of use into effect would be used
to get things right, but it looks like another rushed job. Could you
please actually link to the current privacy policy from the terms of use
since at 10 a.m. Paris time September 22nd, 2012, that link returns the
following message: "Hmm... Nope! That page ain't here! I bet you're all
"Whatever!" I am too." No, I am not "whatever". I am just shaking my
head at how unprofessional CouchSurfing International, Inc. is when it
comes to such important and controversial issues. The same reason why it
is so difficult for many to trust that company, with their data and
otherwise.
4. I understand "We have now also finished the process required to
participate in the EU-US Safe Harbor Privacy Principles." to mean that
as of 9/21/2012 CouchSurfing adheres to these principles. Is this
correct and has this been achieved through a self-assessment to verify
that it complies with these principles, or through a third-party which
has performed the assessment?
5. Are you certain that the entire terms of use and privacy policy
comply with the Safe Harbor Privacy Principles, and if they didn't,
would Safe Harbor prevail, and the terms of use and CS policies be made
compliant?
6. The Safe Harbor Principles stipulate that "Data must be relevant and
reliable for the purpose it was collected for.". CouchSurfing collects
extensive data which does not all seem relevant and reliable for the
purpose of providing the services. One such example is the tracking of
the last login location of users, about which CouchSurfing states:
"While this works for the vast majority of members, some Internet
Service Providers will provide inaccurate data that show an inaccurate
login location. This could be the nearest large city, or someplace
completely unrelated to the person's actual location. Unfortunately this
is due to the ISP's settings and we can't prevent it from happening
from time to time." Will you cease such data collection and publication
in order to fully comply with the Safe Harbor Principles?
7. How can I access the complete information held about me, and correct
or delete it if it is inaccurate, as required by the Safe Harbor
Principles?
8. Certification requires ensuring that appropriate employee training
and an effective dispute mechanism are in place. What employee training
and dispute mechanism are in place at CouchSurfing International, Inc.?
9. You said "For uses like that, which may be considered promotional, we
will give you the tools to control that.". Where can I find these
tools?
10. On September 13th, in his press release at
http://www.bfdi.bund.de/DE/Oeffentlichkeitsarbeit/Pressemitteilungen/2012/18_CouchSurfing.html?nn=408920,
Germany's Commissionner for Data Protection harshly criticized the CS
terms of use and privacy policy and filed a complaint with the U.S.
Federal Trade Commission, saying "The changes are unacceptable. They
would not be permissible under German and European data protection law.
Users are forced by the new terms of use to waive all control over their
data if they want to continue to use the services.". Why did CS decide
to put these terms and policies into effect anyway?
11. Will CS agree to adapt its written notification policy and to notify
users of all future changes, clearly identifying what the changes are
rather than force users to read the entire terms of use and policies to
detect any changes hidden in them, knowing that the vast majority of
users won't be able to do so?
12. Will you provide foreign language versions of the terms of use and
privacy policy, at least in German, French and Spanish, for the hundreds
of thousands of users who lack the (legal) English language skills
required to understand what they are agreeing with?
One final question: Do you have to force CS members to open an account
on another website in order to communicate with you or would it be
possible to communicate with you on this and other topics logged in as a
member of CouchSurfing?"
Posted September 22nd, 2012 - 11:49 am by from Paris, France (Permalink)
from Paris, France (Permalink)My above questions (and 13 other comments) were removed from the blog by CouchSurfing.
Could someone please repost them?
Could someone please repost them?
This post has been removed by an administrator.
This member has chosen to allow only Couchsurfing members to see their group posts. To see this full converstion, sign up or log in.
Posted September 22nd, 2012 - 5:30 pm by from Paris, France (Permalink)
from Paris, France (Permalink)"What question were remove? Can you provide a link to them?
For the future, it might be a good idea to post such crucial information
also on some other web page and provide a link to it on several
discussion groups in C$ portal. This way you will make censorship more
difficult."
Which part of "My above questions" is hard to understand?
If I posted them here, that was also to make censorship more difficult as hundreds of group members will have received an email copy.
Since nobody else reposted to the blog, I ended up creating a Yahoo account and reposting the questions myself an hour ago, and now we will have to see how long they remain there and if they will eventually receive an answer.
The link to the blog is http://www.couchsurfing.org/news/cs-organization/more-information-on-our-new-privacy-policy-and-terms-of-use. It is at the bottom right of every group page at the moment.
For the future, it might be a good idea to post such crucial information
also on some other web page and provide a link to it on several
discussion groups in C$ portal. This way you will make censorship more
difficult."
Which part of "My above questions" is hard to understand?
If I posted them here, that was also to make censorship more difficult as hundreds of group members will have received an email copy.
Since nobody else reposted to the blog, I ended up creating a Yahoo account and reposting the questions myself an hour ago, and now we will have to see how long they remain there and if they will eventually receive an answer.
The link to the blog is http://www.couchsurfing.org/news/cs-organization/more-information-on-our-new-privacy-policy-and-terms-of-use. It is at the bottom right of every group page at the moment.
This post has been removed by an administrator.
Posted September 23rd, 2012 - 10:46 am by from Paris, France (Permalink)
from Paris, France (Permalink)To my knowledge the terms delayed to September 21st are identical to those planned for September 14th. The only difference is that before they linked to the privacy policy, and now they link to an error message, which probably makes the whole new terms of use even more non-binding...
Posted September 23rd, 2012 - 4:39 pm by 
from Florence, Italy (Permalink)
from Florence, Italy (Permalink)there is just a small difference ion the privacy policy, that is sait _will_be_ certified safe harbour.
but that one is not the one that is under scrutiny.
the complaint mostly are on 5.3 of ToU ....
but that one is not the one that is under scrutiny.
the complaint mostly are on 5.3 of ToU ....
Posted September 23rd, 2012 - 8:44 pm by from Paris, France (Permalink)
from Paris, France (Permalink)Here's Merediths reply to my questions:
"I will try to answer in brief. First: no comments have been deleted.
I've emailed the team to ask if there could be a bug of some kind,
because we strictly do not censor comments (unless they are spam).
1. The above post has been checked by our lawyers. My comments have not
been, but they are as official as it gets outside of legally binding
statements.
2. Obviously a spokesperson's remarks do not override legal documents, at any company, ever.
3. Not sure what's going on there. I can report it as a bug. There are
many reasons we're switching our website's code base, and one of them is
that no one on the outreach team can directly edit text or links on the
website.
4. We submitted our paperwork to the US Department of Commerce on Thursday. You can learn more here: http://export.gov/safeharbor/index.asp It is a s elf-assessment but it is legally binding.
5. Our lawyers have spent several months on this process, and in their
estimation, we are compliant. Having formally opted in, we're now
legally responsible to uphold those principles.
6, 7, 8. You're welcome to contact the legal team via the contact form on the site for specific questions.
9. Under your privacy settings, you can use "Disable informational
updates?" to opt out of non-system messages from CS. You can use "Only
seen by members" to do just that. At the moment we don't have any other
use cases; if we did, then privacy settings would be developed to go
along with them.
10. I think the post above addresses this question.
11. We are required by law to notify members of 'material changes'.
Although that definition can vary, we've committed to notifying members
if any change impacts how data is used.
12. Unfortunately, no. Translating a legal document is not just a matter
of translating the language, it's a matter of translating the law. Most
websites that are based in only one country provide their TOU in only
their native language for this reason. However, we are getting
translations of the post above in French, German, and Spanish; those
will hopefully be available early next week.
Last - This blog is brand new and my coworker is still working on it.
One of the things that I've been very clear with him about is the need
for a better commenting system. He's working on it, but in the meantime
some commenting is better than no commenting.
Meredith"
and the response which I posted (but again cannot see):
"Thanks for your response, Meredith. I was only able to view it 21 hours
later, and the same goes for everyone I asked and who had not posted to
the blog. The only way to view my original comment, and your replies to
any comment, is by being logged in via Facebook. Even logged into
Yahoo, which I used to repost the post gone missing, I cannot see the
very post I made via Yahoo, nor obviously the responses. And this is the
same in Firefox, Chrome and IE. Perhaps this helps your tech people
figure out a solution to the problem beyond the one that people cannot
see their posts nor the replies even when they went through the trouble
of creating accounts on third party websites. Now to the main points:
I realize that much of this discussion doesn’t have any real value,
because as you say none of it is legally binding and therefore only the
interpretation of the terms and policies by a competent court would
provide useful answers to most. But at least people may become aware of
some of the various questions and concerns.
1. and 2. I take that response to mean that they would need to check
with a lawyer if they wanted to have a more reliable answer. Fair
enough. I believe, though, that if the terms of use need to be
explained, that explanation should be part of the terms of use
themselves.
3. I find it worrying that nobody proof reads such an important document
and that 48 hours later, and more than 24 hours after the problem has
been pointed out, the link to the privacy policy is still missing. My
interpretation is that at the moment the changes to the terms of use and
privacy policy are invalid, as if they had not been made. Your response
does not reassure me that CS can be trusted to get important things
right.
9. CouchSurfing uses members for the several purposes which could be
considered promotional. Two of these are the regular “Some couchsurfers
looking for a host in …” email messages and the publication of activity
attendee list on the internet. What are the tools for posting an Open
Couch Request and for officially participating in a CS activity without
being used by CS for these additional purposes?
10. You seem to believe that opting into the Safe Harbor Principles
addresses all concerns. However, the Safe Harbor Principles are mainly
designed to prevent accidental information disclosure or loss. They do
not address the unrestricted waivers and licenses requested in the terms
of use, way beyond what is required to provide the services, which has
been criticized by many, including Germany’s commissioner for data
protection.
11. What law precisely requires you to notify members of 'material
changes’? U.S. Federal law? California law? Can you provide a reference,
please, so that we can see how this notification needs to occur? By
changing the date on the document, as written in the privacy policy
which was linked from the terms of use until September 21st, or by
having users agree to the changes on login?
12. Can you see how translating your non-binding interpretation of the
terms of use but not the terms of use themselves, which are all that
counts, can be problematic? If you are not translating the terms of use
and privacy policy into the same languages, I would recommend not
translating your non-binding interpretation, which in case of conflict
would be superseded by the written terms, either.
Thanks for your time. I’ll try to get answers to questions 5, 6 7 and 8 from the Legal department.
As a final comment: I don’t understand why CouchSurfing, which is based
on what mostly volunteers have created while it was a non-profit
organization before it was taken away from the community under very
obscure circumstances and which still today lives on trust, would write
terms of use which in terms of unrestricted content licenses and waivers
go way beyond what even companies like Google and Facebook ask for, for
the sole purpose of providing their services. If the reason is that CS
really has no clue where it is heading and it is desperate to have all
imaginable situations covered, just in case, this still doesn’t seem
like a good way to deal with the issue. A better approach would seem to
be to ask what is needed to provide the intended services, and ask for
more only if it is actually needed. This just makes look CouchSurfing
very bad, worse than any other website out there, including the
greediest ones."
"I will try to answer in brief. First: no comments have been deleted.
I've emailed the team to ask if there could be a bug of some kind,
because we strictly do not censor comments (unless they are spam).
1. The above post has been checked by our lawyers. My comments have not
been, but they are as official as it gets outside of legally binding
statements.
2. Obviously a spokesperson's remarks do not override legal documents, at any company, ever.
3. Not sure what's going on there. I can report it as a bug. There are
many reasons we're switching our website's code base, and one of them is
that no one on the outreach team can directly edit text or links on the
website.
4. We submitted our paperwork to the US Department of Commerce on Thursday. You can learn more here: http://export.gov/safeharbor/index.asp It is a s elf-assessment but it is legally binding.
5. Our lawyers have spent several months on this process, and in their
estimation, we are compliant. Having formally opted in, we're now
legally responsible to uphold those principles.
6, 7, 8. You're welcome to contact the legal team via the contact form on the site for specific questions.
9. Under your privacy settings, you can use "Disable informational
updates?" to opt out of non-system messages from CS. You can use "Only
seen by members" to do just that. At the moment we don't have any other
use cases; if we did, then privacy settings would be developed to go
along with them.
10. I think the post above addresses this question.
11. We are required by law to notify members of 'material changes'.
Although that definition can vary, we've committed to notifying members
if any change impacts how data is used.
12. Unfortunately, no. Translating a legal document is not just a matter
of translating the language, it's a matter of translating the law. Most
websites that are based in only one country provide their TOU in only
their native language for this reason. However, we are getting
translations of the post above in French, German, and Spanish; those
will hopefully be available early next week.
Last - This blog is brand new and my coworker is still working on it.
One of the things that I've been very clear with him about is the need
for a better commenting system. He's working on it, but in the meantime
some commenting is better than no commenting.
Meredith"
and the response which I posted (but again cannot see):
"Thanks for your response, Meredith. I was only able to view it 21 hours
later, and the same goes for everyone I asked and who had not posted to
the blog. The only way to view my original comment, and your replies to
any comment, is by being logged in via Facebook. Even logged into
Yahoo, which I used to repost the post gone missing, I cannot see the
very post I made via Yahoo, nor obviously the responses. And this is the
same in Firefox, Chrome and IE. Perhaps this helps your tech people
figure out a solution to the problem beyond the one that people cannot
see their posts nor the replies even when they went through the trouble
of creating accounts on third party websites. Now to the main points:
I realize that much of this discussion doesn’t have any real value,
because as you say none of it is legally binding and therefore only the
interpretation of the terms and policies by a competent court would
provide useful answers to most. But at least people may become aware of
some of the various questions and concerns.
1. and 2. I take that response to mean that they would need to check
with a lawyer if they wanted to have a more reliable answer. Fair
enough. I believe, though, that if the terms of use need to be
explained, that explanation should be part of the terms of use
themselves.
3. I find it worrying that nobody proof reads such an important document
and that 48 hours later, and more than 24 hours after the problem has
been pointed out, the link to the privacy policy is still missing. My
interpretation is that at the moment the changes to the terms of use and
privacy policy are invalid, as if they had not been made. Your response
does not reassure me that CS can be trusted to get important things
right.
9. CouchSurfing uses members for the several purposes which could be
considered promotional. Two of these are the regular “Some couchsurfers
looking for a host in …” email messages and the publication of activity
attendee list on the internet. What are the tools for posting an Open
Couch Request and for officially participating in a CS activity without
being used by CS for these additional purposes?
10. You seem to believe that opting into the Safe Harbor Principles
addresses all concerns. However, the Safe Harbor Principles are mainly
designed to prevent accidental information disclosure or loss. They do
not address the unrestricted waivers and licenses requested in the terms
of use, way beyond what is required to provide the services, which has
been criticized by many, including Germany’s commissioner for data
protection.
11. What law precisely requires you to notify members of 'material
changes’? U.S. Federal law? California law? Can you provide a reference,
please, so that we can see how this notification needs to occur? By
changing the date on the document, as written in the privacy policy
which was linked from the terms of use until September 21st, or by
having users agree to the changes on login?
12. Can you see how translating your non-binding interpretation of the
terms of use but not the terms of use themselves, which are all that
counts, can be problematic? If you are not translating the terms of use
and privacy policy into the same languages, I would recommend not
translating your non-binding interpretation, which in case of conflict
would be superseded by the written terms, either.
Thanks for your time. I’ll try to get answers to questions 5, 6 7 and 8 from the Legal department.
As a final comment: I don’t understand why CouchSurfing, which is based
on what mostly volunteers have created while it was a non-profit
organization before it was taken away from the community under very
obscure circumstances and which still today lives on trust, would write
terms of use which in terms of unrestricted content licenses and waivers
go way beyond what even companies like Google and Facebook ask for, for
the sole purpose of providing their services. If the reason is that CS
really has no clue where it is heading and it is desperate to have all
imaginable situations covered, just in case, this still doesn’t seem
like a good way to deal with the issue. A better approach would seem to
be to ask what is needed to provide the intended services, and ask for
more only if it is actually needed. This just makes look CouchSurfing
very bad, worse than any other website out there, including the
greediest ones."
Posted September 25th, 2012 - 1:23 pm by from Paris, France (Permalink)
from Paris, France (Permalink)Still no privacy policy linked from the terms of use. At this point I must assume intent. Not very compliant with anything.
An interesting comment on the blog 4 hours ago:
"Hi Meredith,
I've looked up CS's Safe Harbor certification: http://
safeharbor.export.gov/companyinfo.aspx?id=16408.
I found a couple points of it interesting, and was wondering how CS responds to these points?
1. Do You Agree to Cooperate and Comply with the EU and/or Swiss Data Protection Authorities? No
If you are not agreeing to cooperate and comply with EU or Swiss DPAs,
then who is to enforce your participation and liability for Safe Harbor
principles?
2. Regulated By: Federal Trade Commission.
I decided to partially answer #1 above. The FTC is not truly going to
hold you accountable for EU regulations. You've essentially created a
Safe Harbor "certification" with no teeth. If you don't comply, no one
will hold you to it -- that is to say, I don't trust the FTC to hold you
to it and the EU/Swiss DPAs cannot since
you don't agree to comply/cooperate.
3. Please read this question as I am not discussing (AFAIK) a previous
issue with German authorities :) How does CS respond to the point raised
by the German DPAs regarding Safe Harbor Self-Certification: "The
Düsseldorfer Kreis has maintained that, as a result, corporations can no
longer take a US organization’s Safe Harbor self-certification as
conclusive proof of adequate protection of personal data."
http://www.martindale.com/internet-e-commerce/article_Duane-Morris_1044558.htm.
I've chosen to post this as a comment rather than send it privately to
CS legal as I believe that the questions above about the legitimacy and
enforceability of the Safe Harbor certification are relevant to the
community, and I think the questions need to be answered publicly, since
CS is touting that Safe Harbor Self-Certification is a legally-binding
way to assure data protection and privacy.
I look forward to your answers."
An interesting comment on the blog 4 hours ago:
"Hi Meredith,
I've looked up CS's Safe Harbor certification: http://
safeharbor.export.gov/companyinfo.aspx?id=16408.
I found a couple points of it interesting, and was wondering how CS responds to these points?
1. Do You Agree to Cooperate and Comply with the EU and/or Swiss Data Protection Authorities? No
If you are not agreeing to cooperate and comply with EU or Swiss DPAs,
then who is to enforce your participation and liability for Safe Harbor
principles?
2. Regulated By: Federal Trade Commission.
I decided to partially answer #1 above. The FTC is not truly going to
hold you accountable for EU regulations. You've essentially created a
Safe Harbor "certification" with no teeth. If you don't comply, no one
will hold you to it -- that is to say, I don't trust the FTC to hold you
to it and the EU/Swiss DPAs cannot since
you don't agree to comply/cooperate.
3. Please read this question as I am not discussing (AFAIK) a previous
issue with German authorities :) How does CS respond to the point raised
by the German DPAs regarding Safe Harbor Self-Certification: "The
Düsseldorfer Kreis has maintained that, as a result, corporations can no
longer take a US organization’s Safe Harbor self-certification as
conclusive proof of adequate protection of personal data."
http://www.martindale.com/internet-e-commerce/article_Duane-Morris_1044558.htm.
I've chosen to post this as a comment rather than send it privately to
CS legal as I believe that the questions above about the legitimacy and
enforceability of the Safe Harbor certification are relevant to the
community, and I think the questions need to be answered publicly, since
CS is touting that Safe Harbor Self-Certification is a legally-binding
way to assure data protection and privacy.
I look forward to your answers."
This member profile has been deactivated
This post has been removed by an administrator.
Posted September 29th, 2012 - 11:48 am by 
from Issy-les-Moulineaux, France (Permalink)
from Issy-les-Moulineaux, France (Permalink)The arrival of serious new players may be a bit of an explanation of all this mess; although greediness is always around...
https://www.tripping.com/about/ourteam
http://www.crunchbase.com/person/jen-oneal
https://www.tripping.com/about/ourteam
http://www.crunchbase.com/person/jen-oneal
Posted September 29th, 2012 - 9:50 pm by from Florence, Italy (Permalink)
from Florence, Italy (Permalink)we should also note that the "certification" apply to privacy policy, while most concerns were on ToU .....
Posted October 1st, 2012 - 7:34 am by from Paris, France (Permalink)
from Paris, France (Permalink)It has been a week since I sent these questions to the CS legal department:
"Regarding the changes to the terms of use and the privacy policy, as well as the blog post intended to explain them, I have the following questions:
1. The Safe Harbor Principles stipulate that "Data must be relevant and reliable for the purpose it was collected for.". CouchSurfing collects extensive data which does not all seem relevant and reliable for the purpose of providing the services. One such example is the tracking of the last login location of users, about which CouchSurfing states:
"While this works for the vast majority of members, some Internet Service Providers will provide inaccurate data that show an inaccurate login location. This could be the nearest large city, or someplace completely unrelated to the person's actual location. Unfortunately this is due to the ISP's settings and we can't prevent it from happening
from time to time." Will you cease such data collection and publication in order to fully comply with the Safe Harbor Principles?
2. How can I access the complete information held about me, and correct or delete it if it is inaccurate, as required by the Safe Harbor Principles?
3. Certification requires ensuring that appropriate employee training and an effective dispute mechanism are in place. What employee training and dispute mechanism are in place at CouchSurfing International, Inc.?
4. CouchSurfing uses members for the several purposes which could be considered promotional. Two of these are the regular “Some couchsurfers looking for a host in …” email messages and the publication of activity attendee list on the internet. What are the tools for posting an Open Couch Request and for officially participating in a CS activity without being used by CS for these additional purposes?
5. The seems to be a contradiction between the privacy policy and statements made by Meredith: What law precisely requires you to notify members of 'material changes’? U.S. Federal law? California law? Can you provide a reference, please, so that we can see how this notification needs to occur? By changing the date on the document, as written in the privacy policy which was linked from the terms of use until September 21st, or by having users agree to the changes on login?
I look forward to your reply. Thank you for your time, ..."
And it has been 10 days since the missing link to the Privacy Policies has been pointed out. They don't seem to have good answers or believe the Privacy Policy is not important. The court will know to appreciate that when these terms and policies are challenged.
"Regarding the changes to the terms of use and the privacy policy, as well as the blog post intended to explain them, I have the following questions:
1. The Safe Harbor Principles stipulate that "Data must be relevant and reliable for the purpose it was collected for.". CouchSurfing collects extensive data which does not all seem relevant and reliable for the purpose of providing the services. One such example is the tracking of the last login location of users, about which CouchSurfing states:
"While this works for the vast majority of members, some Internet Service Providers will provide inaccurate data that show an inaccurate login location. This could be the nearest large city, or someplace completely unrelated to the person's actual location. Unfortunately this is due to the ISP's settings and we can't prevent it from happening
from time to time." Will you cease such data collection and publication in order to fully comply with the Safe Harbor Principles?
2. How can I access the complete information held about me, and correct or delete it if it is inaccurate, as required by the Safe Harbor Principles?
3. Certification requires ensuring that appropriate employee training and an effective dispute mechanism are in place. What employee training and dispute mechanism are in place at CouchSurfing International, Inc.?
4. CouchSurfing uses members for the several purposes which could be considered promotional. Two of these are the regular “Some couchsurfers looking for a host in …” email messages and the publication of activity attendee list on the internet. What are the tools for posting an Open Couch Request and for officially participating in a CS activity without being used by CS for these additional purposes?
5. The seems to be a contradiction between the privacy policy and statements made by Meredith: What law precisely requires you to notify members of 'material changes’? U.S. Federal law? California law? Can you provide a reference, please, so that we can see how this notification needs to occur? By changing the date on the document, as written in the privacy policy which was linked from the terms of use until September 21st, or by having users agree to the changes on login?
I look forward to your reply. Thank you for your time, ..."
And it has been 10 days since the missing link to the Privacy Policies has been pointed out. They don't seem to have good answers or believe the Privacy Policy is not important. The court will know to appreciate that when these terms and policies are challenged.
Post removed.
Posted October 1st, 2012 - 7:54 am by from Paris, France (Permalink)
from Paris, France (Permalink)This post has been removed by the user.
