W3C home > Mailing lists > Public > public-p3p-spec@w3.org > February 2004

RE: Art 10 Issue 1: Purpose Specification

From: Giles Hogben <giles.hogben@jrc.it>
Date: Wed, 18 Feb 2004 10:46:23 +0100
To: "'Lorrie Cranor'" <lorrie@cs.cmu.edu>
Cc: "'public-p3p-spec'" <public-p3p-spec@w3.org>
Message-ID: <000401c3f604$11ebbd30$362abf8b@cs.jrc.it>

I think the clickstream issue still does not come across. Here are a couple
of suggested ammendments to help with this. Otherwise I think the text is
nice:


Timing of Notices to Users

As a best practice, users should receive notice about a site's privacy
practices prior to their user agent transmitting any 
personal data. Personal data means anything which might reasonably be linked
to the user (see section ****) and as such can even include IP addresses and
locale data transmitted in http headers before a page has even loaded. In
order to present such notice, a user agent would need to fetch a P3P policy
prior to loading a page following the guidelines specified in section 2.4.3
**"The Safe Zone." However, implementers will need to consider the 
performance, usability, and privacy tradeoffs associated with 
displaying privacy information prior to loading a page. One way that 
privacy and usability might be simultaneously maximized is 
to treat all 
requests made prior to display of policy information as "safe zone" 
requests.

At sites that include form fields, user agents SHOULD provide notice 
about the corresponding privacy practices prior to form submittal. 
Besides being best practice, this may be needed in order to 
comply with 
regulations in some jurisdictions (such as the European Union) that 
require a notice about the purpose of data collection to be 
presented 
to the user before any personal information is captured. 
User interface 
designs should recognize that the privacy policy for the 
form's action 
URI may be different than the privacy policy for the HTML 
page in which 
the form is embedded. In order to allow users to view privacy policy 
information associated with action URIs prior to form 
submittal, user 
agents might include a privacy tab that loads policy information for 
action URIs as a page loads, a button or menu item that 
causes policy 
information for action URIs to be displayed, or a pop-up 
that appears 
when a user begins entering information into a form field.



>**I suggest this be added as a subsection of section with the title 
>**"Timing of Notices to Users"
>**
>**While the directive is asking for notice about purpose, I 
>**could imagine 
>**other jurisdictions asking for notice about say, data recipients or 
>**data retention as well. So i don't think we should limit our 
>**discussion 
>**to notice about purpose.
>**
>**I also think we need to spell things out a bit more so that people 
>**understand what data might be transmitted before a page is 
>**displayed. 
>**It is also not entirely clear to me how clickstream 
>**information comes 
>**into play here. Here is a proposal:
>**
>**


>**Timing of Notices to Users
>**
>**As a best practice, users should receive notice about a 
>**site's privacy 
>**practices prior to their user agent transmitting any 
>**personal data. In 
>**order to do this, a user agent would need to fetch a P3P 
>**policy prior 
>**to loading a page following the guidelines specified in 
>**section 2.4.3 
>**The "Safe Zone." However, implementers will need to consider the 
>**performance, usability, and privacy tradeoffs associated with 
>**displaying privacy information prior to loading a page. One way that 
>**privacy and usability might be simultaneously maximized is 
>**to treat all 
>**requests made prior to display of policy information as "safe zone" 
>**requests.
>**
>**At sites that include form fields, user agents SHOULD provide notice 
>**about the corresponding privacy practices prior to form submittal. 
>**Besides being best practice, this may be needed in order to 
>**comply with 
>**regulations in some jurisdictions (such as the European Union) that 
>**require a notice about the purpose of data collection to be 
>**presented 
>**to the user before any personal information is captured. 
>**User interface 
>**designs should recognize that the privacy policy for the 
>**form's action 
>**URI may be different than the privacy policy for the HTML 
>**page in which 
>**the form is embedded. In order to allow users to view privacy policy 
>**information associated with action URIs prior to form 
>**submittal, user 
>**agents might include a privacy tab that loads policy information for 
>**action URIs as a page loads, a button or menu item that 
>**causes policy 
>**information for action URIs to be displayed, or a pop-up 
>**that appears 
>**when a user begins entering information into a form field.
>**
>**
>**On Thursday, February 5, 2004, at 03:00 AM, Giles Hogben wrote:
>**
>**>
>**> Apart from the issue on primary purpose, the following is 
>**the latest 
>**> suggested text for the UA Guidelines
>**>
>**> Some jurisdictions (E.g. the European Union) require human 
>**readable 
>**> information on purpose of collection to be presented to the user 
>**> before any information is captured. One way to comply with 
>**this is to 
>**> present human
>**> readable translations of policies for action uri's of forms 
>**> simultaneously
>**> with the forms. As a best practice, information on 
>**purposes should be 
>**> made
>**> available before any personal information is transmitted. 
>**This might be
>**> achieved be achieved for example by a privacy tab which is 
>**> synchronised to
>**> display information before pages load, or by including information 
>**> which is
>**> displayed on clicking a link.
>**>
>**>
>**> -------------------------------------
>**> Giles Hogben
>**> European Commission Joint Research Centre
>**> Institute for the Protection and Security of the Citizen 
>**Cybersecurity 
>**> New technologies for Combatting Fraud Unit TP 267
>**> Via Enrico Fermi 1
>**> Ispra
>**> 21020 VA
>**> Italy
>**>
>**> giles.hogben@jrc.it
>**> tel:+390332789187
>**> fax:+390332789576
>**>
>**>
>**
>**
Received on Wednesday, 18 February 2004 04:45:59 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:30 EST