I am attending a conference on Legal Liability in Managing Interent related risks, specifically relating to issues encountered in Web 2.0 services.

A couple of really interesting points that we are addressing.

1. Due to the Article 29 working group of the European Union, how long can you keep your server logs, what information do you need and can you keep, and what informatio od you have to get rid of, and when.

This is an interesting topic, especially considering Google's most recent declaration of limiting the length of time they are retaining logs and information.   The European Union data protection officials have recently disagreed with the Google's response as being adequate in relation to how long they can retain identifiable personal information.  Data protection policies are currently much more advanced adn detailed around the world than they are in the United States.

2. Privacy policies, behavioural advertising, and deep packet inspection by ISPs are under close inspection currently by the FTC.  It has been a few months since hte Facebook Beacon behavioural marketing fiasco erupted.  Although there are still no bright line rules for anonymizing personally identifiable information, or how usre information can be sent to third parties.  Data protection issues are abound and the FTC is essentially stating that until something clear comes out...please use Transparency.  Make it clear to users how information is handled and directed.

 .....more to come.