I'm not sure this question is answerable on this website (however IMHO it remains a good question and I thank you for this document which highlights the legal impact that using a honeypot may have).
In fact, the document you are linking explains that legal rules surrounding honeypots will deeply vary depending:
- On the exact type of honeypot you setup,
- The kind of monitoring you use,
- The type of advertisement you make regarding the honeypot existence,
- The exact usage you intend for this honeypot.
Due to all these factors, the document acknowledges that such question goes beyond the competences of IT Security engineers and requires the intervention of a specialized lawyer.
Sadly on this site there is mostly IT Security engineers, and very few lawyers...
However, this document has the merit to draw the gray line allowing to distinguish what could be considered safe. Other users may want to contribute to it according to their own experience, but as per my understanding this would be:
Do not expect to use any data collected by the honeypot as evidence in a legal affair. These data might be useful for education or statistic purposes, but they will have nearly no legal value when trying to sue a potential attacker. (Such usage remains possible, but will need legal expertise to setup things correctly in advance.)
Do not store any illegal content on the honeypot. Storing child pornography (example taken from your linked document) in order to trick people downloading them is a bad idea. It will be useless (see the point above) and you could actually be sued for owning these images in the first place, no matter the goal.
Ensure that the honeypot cannot be used as a relay for further attacks. Having a poorly isolated honeypot usable as a source for further attacks against third party systems may also bring you into legal trouble. You are meant to be responsible of the security of your own system. Since the honeypot will most likely deliberately show blatant weaknesses, handling it properly to avoid unexpected side-effects will require a special care.
Do not encourage any illegal activity. Do not advertize the honeypot in a dubious way. Either do not advertize it at all, letting automated scanners discovering it, or advertize it officially as some kind of "hackme" educational system. For instance, spreading pseudo "leak" information on the Internet regarding the server to encourage attacker to exploit it can lead you to trouble.
Present the honeypot system as a private monitored system. Honeypots are heavily monitored systems, and there are laws defining the data you may or may not collect regarding other people's, how long you are allowed to keep them and what processing you may do with them. Present the honeypot as much as possible (since some service do not have any banner...) as a private system whose usage imply user's consent to be monitored. This will limit any potential threat regarding this data collection and analysis activity.