- From: David Singer <singer@apple.com>
- Date: Fri, 29 Sep 2017 13:42:35 -0700
- To: Nick Doty <npdoty@ischool.berkeley.edu>
- Cc: Michael Cooper <cooper@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
> On Sep 29, 2017, at 12:55 , Nick Doty <npdoty@ischool.berkeley.edu> wrote: > > We discussed the Timeouts criterion and privacy note on this week's Privacy Interest Group teleconference. > >> Where data can be lost due to user inactivity, users are warned at the start of a process about the length of inactivity that generates the timeout, unless the data is preserved for a minimum of 24 hours of user inactivity. >> >> Note >> Privacy regulations may require explicit user consent before user identification has been authenticated and before user data is preserved. In cases where the user is a minor, explicit consent may not be solicited in most jurisdictions. Consultation with privacy professionals and legal counsel is advised when considering data preservation as an approach to satisfy this success criterion. > > It wasn't clear to me that this level of detail regarding privacy and legal compliance in different jurisdictions is helpful or indicated. Explicit consent for user identification seems to be irrelevant. I don't know that minors can't give consent to entering data into a web form or having it stay in their browser. > > Noting that there may be a privacy tension to retention (either client-side or server-side) of entered data does seem valuable. There are privacy impacts both from a site retaining data that a user didn't intend and from client-side retention which might allow a subsequent user of the device to see entered information. (Related concerns regarding security were discussed in the development of the success criterion.) Whether these notes are necessary in the Success Criterion or in the Understanding document wasn't clear to us; it seems like https://www.w3.org/WAI/WCAG21/Understanding/21/timeouts.html has not currently been completed. > > If other public-privacy folks have comments, we can collect them here and send along to the official AGWG address. Deadline noted below is 10 October. > This seems to be a little confused. I think (but cannot be sure) that the scenario might be forms-based pages that timeout (and return to some notional ‘entry’ page) or auto-refresh, and would lose the user-entered data if ‘submit’ has not happened. Since there are plenty of forms-based pages that don’t do this, and will keep the data essentially indefinitely (albeit transiently) in the browser-state as long as the user doesn’t leave the page, the whole question of whether minors (or anyone) needs to ‘consent’ to such seems a red herring. WCAG seems to be asking for a warning “you’ll need to complete this form and press submit in less than 20 seconds or your input will be lost”. If WCAG were also asking for an affordance or option “please keep my partially-filled data on the server so I can come back to it (e.g. after a timeout)” there *might* be a question of retention, but even that presumes that the data is personal and privacy related. But WCAG doesn’t even mention, let alone recommend, such an option. I have a hard time seeing the privacy warning here as relevant. But maybe I misunderstand. David Singer Manager, Software Standards, Apple Inc.
Received on Friday, 29 September 2017 20:43:00 UTC