W3C home > Mailing lists > Public > public-dap-commits@w3.org > June 2010

2009/dap/privacy-reqs Overview.html,1.15,1.16

From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
Date: Wed, 16 Jun 2010 19:33:38 +0000
To: public-dap-commits@w3.org
Message-Id: <E1OOyMk-00041W-Oi@lionel-hutz.w3.org>
Update of /sources/public/2009/dap/privacy-reqs
In directory hutz:/tmp/cvs-serv15447

Modified Files:
	Overview.html 
Log Message:
fix validation and spelling errors


Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/privacy-reqs/Overview.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- Overview.html	1 May 2010 17:35:53 -0000	1.15
+++ Overview.html	16 Jun 2010 19:33:36 -0000	1.16
@@ -226,8 +226,12 @@
 
 <ul>
 	<li><p>
-APIs MUST make it possible for user agents to notify users that their data is being collected via the API. This notification MUST identify the application (for example, by displaying its document origin [[HTML5]]) and the precise data being collected.</p></li>
-<li><p>APIs SHOULD provide support for visual indicator(s) that data is being collected via the APIs.</li></p>
+APIs MUST make it possible for user agents to notify users that their
+    data is being collected via the API. This notification MUST
+    identify the application (for example, by displaying its document
+    origin [[HTML5]]) and the precise data being collected.</p></li> 
+    <li><p>APIs SHOULD provide support for visual indicator(s) that data 
+    is being collected via the APIs.</p> </li>
 </ul>
 
 <p class="issue">Should the APIs have a hook for applications to
@@ -248,7 +252,15 @@
           is an API that produces a message template, but requires the
           user to press &quot;send&quot; to actually send the message.
         </p><p>
-          Such user actions constitute <dfn>implicit consent</dfn> to collection of data via the API, since the user has a choice to perform these actions and doing so implies consent for the application to access the associated Device Capabilities. In such situations where it is obvious that performing the action involves sharing data with the application and the application’s intended use of the data is also obvious, additional dialogs that prompt users for consent may not be necessary.
+          Such user actions constitute <dfn>implicit consent</dfn> to
+          collection of data via the API, since the user has a choice
+          to perform these actions and doing so implies consent for
+          the application to access the associated Device
+          Capabilities. In such situations where it is obvious that
+          performing the action involves sharing data with the
+          application and the application’s intended use of the data
+          is also obvious, additional dialogs that prompt users for
+          consent may not be necessary. 
         </p><p>
           Device APIs may also be defined such that consent must be explicit, not implicit. Examples are a camera API that takes a photograph without user involvement, or a messaging API that sends a message without the user pressing &quot;send.&quot; In these cases dialogs may be required. 
         </p>
@@ -256,7 +268,8 @@
 		<p>To ensure that data is not collected without users knowing or realizing, APIs should be designed with the presumption that the explicit consent model will be used, and should explain the specific circumstances under which implicit consent may be acceptable. This gives rise to the following requirements:</p>
 
 <ul>
-<li><p>APIs MUST make it possible for user agents to obtain user consent before sharing any data via the APIs. </li></p>
+<li><p>APIs MUST make it possible for user agents to obtain user
+consent before sharing any data via the APIs.</p></li>
 
 <li><p>APIs MUST be defined in such a way that explicit consent is assumed, and they SHOULD articulate the circumstances under which implicit consent is acceptable. </p></li>
 </ul>
@@ -311,7 +324,8 @@
 
 <ul>
 	<li><p>
-APIs MUST make it possible for user agents to support the revokation of user consent to sharing of data via the APIs.</p></li>
+APIs MUST make it possible for user agents to support the revocation
+    of user consent to sharing of data via the APIs.</p></li> 
 <li><p>
 APIs SHOULD support the ability for user agents to allow users to whitelist trusted applications and blacklist untrusted applications.</p></li>
 </ul>
@@ -339,7 +353,7 @@
   sharing.
 How applications specify how they plan to meet these expectations
   (application policy), how users express their desires (user policy)
-  and contrstraints on data use may all be related to managing these
+  and constraints on data use may all be related to managing these
   expectations. A license approach similar to Creative Commons may
   offer a simple manner to address these requirements.
 </p>
Received on Wednesday, 16 June 2010 19:33:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 16 June 2010 19:33:40 GMT