W3C home > Mailing lists > Public > public-p3p-spec@w3.org > February 2004

Re: Art 10 Issue 1: Purpose Specification

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Thu, 19 Feb 2004 15:03:43 -0500
Message-Id: <B842F84A-6316-11D8-AB64-000A95DA3F5A@cs.cmu.edu>
Cc: 'public-p3p-spec' <public-p3p-spec@w3.org>
To: Giles Hogben <giles.hogben@jrc.it>

Looks good to me.

Lorrie

On Feb 18, 2004, at 4:46 AM, Giles Hogben wrote:

>
> I think the clickstream issue still does not come across. Here are a 
> couple
> of suggested ammendments to help with this. Otherwise I think the text 
> is
> nice:
>
>
> Timing of Notices to Users
>
> As a best practice, users should receive notice about a site's privacy
> practices prior to their user agent transmitting any
> personal data. Personal data means anything which might reasonably be 
> linked
> to the user (see section ****) and as such can even include IP 
> addresses and
> locale data transmitted in http headers before a page has even loaded. 
> In
> order to present such notice, a user agent would need to fetch a P3P 
> policy
> prior to loading a page following the guidelines specified in section 
> 2.4.3
> **"The Safe Zone." However, implementers will need to consider the
> performance, usability, and privacy tradeoffs associated with
> displaying privacy information prior to loading a page. One way that
> privacy and usability might be simultaneously maximized is
> to treat all
> requests made prior to display of policy information as "safe zone"
> requests.
>
> At sites that include form fields, user agents SHOULD provide notice
> about the corresponding privacy practices prior to form submittal.
> Besides being best practice, this may be needed in order to
> comply with
> regulations in some jurisdictions (such as the European Union) that
> require a notice about the purpose of data collection to be
> presented
> to the user before any personal information is captured.
> User interface
> designs should recognize that the privacy policy for the
> form's action
> URI may be different than the privacy policy for the HTML
> page in which
> the form is embedded. In order to allow users to view privacy policy
> information associated with action URIs prior to form
> submittal, user
> agents might include a privacy tab that loads policy information for
> action URIs as a page loads, a button or menu item that
> causes policy
> information for action URIs to be displayed, or a pop-up
> that appears
> when a user begins entering information into a form field.
>
>
>
>> **I suggest this be added as a subsection of section with the title
>> **"Timing of Notices to Users"
>> **
>> **While the directive is asking for notice about purpose, I
>> **could imagine
>> **other jurisdictions asking for notice about say, data recipients or
>> **data retention as well. So i don't think we should limit our
>> **discussion
>> **to notice about purpose.
>> **
>> **I also think we need to spell things out a bit more so that people
>> **understand what data might be transmitted before a page is
>> **displayed.
>> **It is also not entirely clear to me how clickstream
>> **information comes
>> **into play here. Here is a proposal:
>> **
>> **
>
>
>> **Timing of Notices to Users
>> **
>> **As a best practice, users should receive notice about a
>> **site's privacy
>> **practices prior to their user agent transmitting any
>> **personal data. In
>> **order to do this, a user agent would need to fetch a P3P
>> **policy prior
>> **to loading a page following the guidelines specified in
>> **section 2.4.3
>> **The "Safe Zone." However, implementers will need to consider the
>> **performance, usability, and privacy tradeoffs associated with
>> **displaying privacy information prior to loading a page. One way that
>> **privacy and usability might be simultaneously maximized is
>> **to treat all
>> **requests made prior to display of policy information as "safe zone"
>> **requests.
>> **
>> **At sites that include form fields, user agents SHOULD provide notice
>> **about the corresponding privacy practices prior to form submittal.
>> **Besides being best practice, this may be needed in order to
>> **comply with
>> **regulations in some jurisdictions (such as the European Union) that
>> **require a notice about the purpose of data collection to be
>> **presented
>> **to the user before any personal information is captured.
>> **User interface
>> **designs should recognize that the privacy policy for the
>> **form's action
>> **URI may be different than the privacy policy for the HTML
>> **page in which
>> **the form is embedded. In order to allow users to view privacy policy
>> **information associated with action URIs prior to form
>> **submittal, user
>> **agents might include a privacy tab that loads policy information for
>> **action URIs as a page loads, a button or menu item that
>> **causes policy
>> **information for action URIs to be displayed, or a pop-up
>> **that appears
>> **when a user begins entering information into a form field.
>> **
>> **
>> **On Thursday, February 5, 2004, at 03:00 AM, Giles Hogben wrote:
>> **
>> **>
>> **> Apart from the issue on primary purpose, the following is
>> **the latest
>> **> suggested text for the UA Guidelines
>> **>
>> **> Some jurisdictions (E.g. the European Union) require human
>> **readable
>> **> information on purpose of collection to be presented to the user
>> **> before any information is captured. One way to comply with
>> **this is to
>> **> present human
>> **> readable translations of policies for action uri's of forms
>> **> simultaneously
>> **> with the forms. As a best practice, information on
>> **purposes should be
>> **> made
>> **> available before any personal information is transmitted.
>> **This might be
>> **> achieved be achieved for example by a privacy tab which is
>> **> synchronised to
>> **> display information before pages load, or by including information
>> **> which is
>> **> displayed on clicking a link.
>> **>
>> **>
>> **> -------------------------------------
>> **> Giles Hogben
>> **> European Commission Joint Research Centre
>> **> Institute for the Protection and Security of the Citizen
>> **Cybersecurity
>> **> New technologies for Combatting Fraud Unit TP 267
>> **> Via Enrico Fermi 1
>> **> Ispra
>> **> 21020 VA
>> **> Italy
>> **>
>> **> giles.hogben@jrc.it
>> **> tel:+390332789187
>> **> fax:+390332789576
>> **>
>> **>
>> **
>> **
>
Received on Thursday, 19 February 2004 15:03:11 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:30 EST