Several of the new properties or parameters defined by this specification allow reference to "external" URIs. Access to those URIs could be tracked, leading to loss of privacy. Clients SHOULD ensure that suitable permission is granted by calendar users before such URIs are dereferenced. In particular, calendar publishers wishing to help protect the privacy of their subscribers MUST use HTTP with Transport Layer Security [RFC7230] ("https:" URIs instead of "http:" URIs) for access to calendar data or ancillary data such as images.
In general, for their own privacy protection, users have to rely on the privacy policies of any conferencing system being accessed via the "CONFERENCE" property. It is entirely possible for such systems to uniquely identify and log the activity and participation (or lack thereof) of calendar users in the conference. Calendar user agents SHOULD track which conferencing systems are used and warn users the first time a new one is about to be used. This is particularly important if the client automatically "dials in" to the conference when the event start time occurs.
By giving different calendar users different values for the "REFRESH- INTERVAL" property, it is possible for a publisher of calendar data to uniquely identify each refresh from each calendar users' clients and thereby track user activity and IP address over time. To address this, clients SHOULD add or subtract some random amount of time from the published "REFRESH-INTERVAL" value when doing actual refreshes.
This specification changes the recommendations on how "UID" property values are constructed to minimize leaking any information that might be privacy sensitive.
Privacy considerations in [RFC5545] and [RFC5546] MUST also be adhered to.