W3C home > Mailing lists > Public > public-p3p-spec@w3.org > February 2004

Re: Art 10 Issue 1: Purpose Specification

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Fri, 6 Feb 2004 12:16:20 -0500
Cc: 'public-p3p-spec' <public-p3p-spec@w3.org>
To: Giles Hogben <giles.hogben@jrc.it>
Message-Id: <2E473B4F-58C8-11D8-813C-000A95DA3F5A@cs.cmu.edu>

I suggest this be added as a subsection of section with the title 
"Timing of Notices to Users"

While the directive is asking for notice about purpose, I could imagine 
other jurisdictions asking for notice about say, data recipients or 
data retention as well. So i don't think we should limit our discussion 
to notice about purpose.

I also think we need to spell things out a bit more so that people 
understand what data might be transmitted before a page is displayed. 
It is also not entirely clear to me how clickstream information comes 
into play here. Here is a proposal:


Timing of Notices to Users

As a best practice, users should receive notice about a site's privacy 
practices prior to their user agent transmitting any personal data. In 
order to do this, a user agent would need to fetch a P3P policy prior 
to loading a page following the guidelines specified in section 2.4.3 
The "Safe Zone." However, implementers will need to consider the 
performance, usability, and privacy tradeoffs associated with 
displaying privacy information prior to loading a page. One way that 
privacy and usability might be simultaneously maximized is to treat all 
requests made prior to display of policy information as "safe zone" 
requests.

At sites that include form fields, user agents SHOULD provide notice 
about the corresponding privacy practices prior to form submittal. 
Besides being best practice, this may be needed in order to comply with 
regulations in some jurisdictions (such as the European Union) that 
require a notice about the purpose of data collection to be presented 
to the user before any personal information is captured. User interface 
designs should recognize that the privacy policy for the form's action 
URI may be different than the privacy policy for the HTML page in which 
the form is embedded. In order to allow users to view privacy policy 
information associated with action URIs prior to form submittal, user 
agents might include a privacy tab that loads policy information for 
action URIs as a page loads, a button or menu item that causes policy 
information for action URIs to be displayed, or a pop-up that appears 
when a user begins entering information into a form field.


On Thursday, February 5, 2004, at 03:00 AM, Giles Hogben wrote:

>
> Apart from the issue on primary purpose, the following is the latest
> suggested text for the UA Guidelines
>
> Some jurisdictions (E.g. the European Union) require human readable
> information on purpose of collection to be presented to the user 
> before any
> information is captured. One way to comply with this is to present 
> human
> readable translations of policies for action uri's of forms 
> simultaneously
> with the forms. As a best practice, information on purposes should be 
> made
> available before any personal information is transmitted. This might be
> achieved be achieved for example by a privacy tab which is 
> synchronised to
> display information before pages load, or by including information 
> which is
> displayed on clicking a link.
>
>
> -------------------------------------
> Giles Hogben
> European Commission Joint Research Centre
> Institute for the Protection and Security of the Citizen Cybersecurity
> New technologies for Combatting Fraud Unit
> TP 267
> Via Enrico Fermi 1
> Ispra
> 21020 VA
> Italy
>
> giles.hogben@jrc.it
> tel:+390332789187
> fax:+390332789576
>
>
Received on Friday, 6 February 2004 12:15:55 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:29 EST