W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

RE: privacy questionnaire

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Mon, 17 Aug 2015 19:37:22 +0100
To: <norcie@cdt.org>, "'Mike O'Neill'" <michael.oneill@btinternet.com>
Cc: "'public-privacy \(W3C mailing list\)'" <public-privacy@w3.org>
Message-ID: <191a01d0d91b$c1f6dd70$45e49850$@baycloud.com>
Thanks Greg, I just did that.




From: Greg Norcie [mailto:gnorcie@cdt.org] 
Sent: 17 August 2015 15:35
To: Mike O'Neill <michael.oneill@btinternet.com>
Cc: public-privacy (W3C mailing list) <public-privacy@w3.org>
Subject: Re: privacy questionnaire


Hi Mike,

Thanks, those are both great suggestions.

If you'd like, you can actually edit the wiki directly:
https://www.w3.org/wiki/index.php?title=Privacy_and_security_questionnaire <https://www.w3.org/wiki/index.php?title=Privacy_and_security_questionnaire&action=edit&section=2> &action=edit&section=2

I don't want to create a situation where I'm the "gatekeeper" on all edits - while it'd be nice to reach a consensus on list before editing, everyone has the ability to edit the questionnaire. (Just please put in a small edit summary)



On Sat, Aug 15, 2015 at 4:41 PM, Mike O'Neill <michael.oneill@btinternet.com <mailto:michael.oneill@btinternet.com> > wrote:

Hi Greg,


I think it would be a good idea to mention consent expiry in the questionnaire. Cookies and the DNT exception API have this capability, while some other recent APIs do not. For example it is a pity that there is no built in expiry for localStorage or indexedDB even though the prototype implementations for them did.


How about this amendment to para 9 in the privacy section:


9. Can the user easily, preferably through an element of the GUI, revoke consent granted to a particular feature? Once consent has been given is there a mechanism whereby it is automatically revoked after a reasonable or user configurable period? Explanation: Consent should not be a one time affair, but an ongoing process. A user might forget they have given it or someone else may have given it for them, so it should not be granted for perpetuity.

Example: If a user must clear all cookies and cache to turn off consent granted to their webcam, this is a poor consent model.




Greg Norcie ( <mailto:norcie@cdt.org> norcie@cdt.org)

Staff Technologist

Center for Democracy & Technology

1634 Eye St NW Suite 1100

Washington DC 20006

(p) 202-637-9800

PGP:  <http://norcie.com/pgp.txt> http://norcie.com/pgp.txt


Received on Monday, 17 August 2015 18:37:53 UTC

This archive was generated by hypermail 2.3.1 : Monday, 17 August 2015 18:37:53 UTC