W3C home > Mailing lists > Public > public-p3p-spec@w3.org > April 2004

Re: Art 10: Issue 3 - cookies

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Mon, 5 Apr 2004 20:22:54 -0400
Message-Id: <8C461B40-8760-11D8-ADFB-000A95DA3F5A@cs.cmu.edu>
To: 'public-p3p-spec' <public-p3p-spec@w3.org>

I think the consensus in
http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0044.html
was to add the following to 2.3.2.7:

User agents that evaluate cookie policies SHOULD perform this evaluation
*and its resultant behavior* before setting a cookie so that the cookie 
can
be discarded without being set if that is what is dictated by the user's
preferences.


And then we wanted to add the following to the guidelines
(I think in the section Timing of Notices to Users... but I guess we 
really want to call it "Timing of Policy Evaluation and Notices to 
Users"):

Certain jurisdictions view the storage of cookies on a user's
hard drive as an act of data processing. In such jurisdictions (e.g. 
the EU),
policies should always be evaluated before a cookie is set and
cookies should not be stored unless the cookie's policy is found to 
comply with the user's
preferences.


[we may need to do some further reshuffling after we see all the 
changes to the guidelines section... but I would like to go ahead and 
adopt this and have Rigo make the edits and then we can go from there]
Received on Monday, 5 April 2004 20:23:20 EDT

This archive was generated by hypermail pre-2.1.9 : Monday, 5 April 2004 20:23:21 EDT