W3C home > Mailing lists > Public > public-device-apis@w3.org > April 2010

Re: ACTION-153 and ACTION-112: Updates to privacy requirements

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Wed, 7 Apr 2010 08:37:27 -0400
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, W3C Device APIs and Policy WG <public-device-apis@w3.org>
Message-Id: <35B790E6-B489-428E-A392-701D535F2BA3@nokia.com>
To: ext Alissa Cooper <acooper@cdt.org>
Alissa

Thanks for this revision, to summarize to see if I understand:

1. Removed categorization of requirements since you suggest this  
document should be focused on what impacts API directly, as opposed to  
the content of policy itself or user defined policy. Thus this is now  
roughly limited to UA-Functionality. This gives the document and work  
more focus, which I think is good.

2. removed use cases due to the change in focus. However, I wonder if  
this is always appropriate, since for example the minimization use  
case demonstrates a case where the API should be able to return  
minimal data, etc.

3. Changed the table from "information with data" to "user  
expectations", which does not imply a solution, appropriate to  
requirements.
Changed "sharing" to "disclosure" (same intent?) What next steps are  
needed for APIs for notice, consent, control and access? Will notice  
be handled by the commons privacy license idea?

Maybe we should capture what is removed in a new User Policy  
Preferences document now, so it isn't forgotten?

I updated the editors draft with this revision, see http://dev.w3.org/2009/dap/privacy-reqs/

Previous versions are visible in the CS history

http://dev.w3.org/cvsweb/2009/dap/privacy-reqs/Overview.html

(previous version at http://dev.w3.org/cvsweb/~checkout~/2009/dap/ 
privacy-reqs/Overview.html?rev=1.8&content-type=text/html; 
%20charset=iso-8859-1 )


Frederick Hirsch
Nokia



On Apr 6, 2010, at 5:43 PM, ext Alissa Cooper wrote:

> I've tried to streamline the privacy requirements document per
> ACTION-153 (I think this also closes out ACTION-112 that I took at the
> F2F). The text attached below reflects a number of changes:
>
> -- I removed the use cases, since they were about user and  
> application  
> policies, not about API requirements. I think we will be able to use
> them later when we get to defining how the user expectations/
> preferences/policies will work. I also removed the discussions under
> the individual privacy elements that were about policies rather than
> API requirements.
>
> -- I re-ordered the remainder of the text so that it's more clear  
> which pieces of the privacy work are going where.
>
> -- I changed the table that shows the breakdown of how we're dealing  
> with the various elements of privacy, and I added in the ones that
> were missing from the table.
>
> I tried not to alter much of the text otherwise. John and I definitely
> have some more substantive issues with some of the language in this
> doc, but for the purposes of streamlining I mostly left the text as it
> was. He and I will send comments to the list about our outstanding
> issues (before or after FPWD, as appropriate).
>
> I know this is a little late for the Wednesday call, but if it's
> possible for one of the editors to post the text below, it will be a
> lot easier to read (I don't have editorial access).
>
> Cheers
> Alissa
>
>
> <privacy-reqs-01.html><ATT00001..txt>
Received on Wednesday, 7 April 2010 12:38:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:07 GMT