The legal track at XML Europe 2001, chaired by Cecilia Magnusson Sjöberg, raised worrying issues about the legal implications of distributed services relative to privacy protection, information duties, and liability issues.

Reading a presentation written by Nicklas Lundblad, Cecilia Magnusson Sjöberg explained the contradiction between XML's enabling of modular and distributed services and the concept of trust that usually requires predefined contexts.

Referring to European directives, she mentioned three areas where problems of potentially significant issues for distributed services such as those involved in Web Services architectures:

• Privacy protection (EC/95/46): how can we guarantee that private information will be handled in conformance with our requirements not only by a portal site but also by all the other providers involved in a transaction?
• Information duties (EC/2000/31): consumers need to be clearly informed of suppliers' identities and status; how can this detailed information be conveyed for multiple suppliers involved in a distributed transaction?
• Liability: who will be liable for a failure in one of the branches of a distributed transaction?

During the panel session that followed this presentation, Joseph Reagle suggested that P3P could be used for Web Services as an answer to privacy protection, adding that although the European Commission had issued criticisms against P3P, he was personally confident that P3P could be used under both the US and European legal systems.

Another area where technical and legal perspectives are not fully in accord is XML Signature, a technical specification that keeps the meaning of the signature out of its scope while this meaning is critical for the users of applications using the specification.

Other stories:

• P3P deployment guide
• XML-Signature reaches Candidate Recommendation
• New W3C drafts - DOM Level 2, P3P, XML-Signature