Re: privacy questionnaire from Katie Haritos-Shea on 2015-08-17 (public-privacy@w3.org from July to September 2015)

From: Katie Haritos-Shea <ryladog@gmail.com>
Date: Sun, 16 Aug 2015 22:25:34 -0400
To: "Mike O'Neill" <michael.oneill@btinternet.com>
Cc: gnorcie@cdt.org, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <CAEy-OxHSDMTRi+34_M1SZYMvettssV6DsjYGY+Wig=a4WHLLMg@mail.gmail.com>

+1
On Aug 15, 2015 4:44 PM, "Mike O'Neill" <michael.oneill@btinternet.com>
wrote:

> Hi Greg,
>
>
>
> I think it would be a good idea to mention consent expiry in the
> questionnaire. Cookies and the DNT exception API have this capability,
> while some other recent APIs do not. For example it is a pity that there is
> no built in expiry for localStorage or indexedDB even though the prototype
> implementations for them did.
>
>
>
> How about this amendment to para 9 in the privacy section:
>
>
>
> 9. Can the user easily, preferably through an element of the GUI, revoke
> consent granted to a particular feature? Once consent has been given is
> there a mechanism whereby it is automatically revoked after a reasonable or
> user configurable period? Explanation: Consent should not be a one time
> affair, but an ongoing process. A user might forget they have given it or
> someone else may have given it for them, so it should not be granted for
> perpetuity.
>
> Example: If a user must clear all cookies and cache to turn off consent
> granted to their webcam, this is a poor consent model.
>
>
>
> Mike
>

Received on Monday, 17 August 2015 02:26:11 UTC