W3C home > Mailing lists > Public > public-sysapps@w3.org > June 2012

RE: updated draft charter

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Wed, 6 Jun 2012 17:30:11 +0000
To: Robin Berjon <robin@berjon.com>
CC: Dave Raggett <dsr@w3.org>, W3C SysApps <public-sysapps@w3.org>
Message-ID: <59A39E87EA9F964A836299497B686C350FEF151B@WABOTH9MSGUSR8D.ITServices.sbc.com>
Comment inline.

Bryan Sullivan 

-----Original Message-----
From: Robin Berjon [mailto:robin@berjon.com] 
Sent: Wednesday, June 06, 2012 1:57 AM
Cc: Dave Raggett; W3C SysApps
Subject: Re: updated draft charter

Hi Bryan,

On Jun 6, 2012, at 05:24 , SULLIVAN, BRYAN L wrote:
> On the privacy aspects, I think it would be a good time to take a system-level approach to that across these APIs. Thus I propose that we add a Privacy API to the phase 1, with the objective of providing to the user whatever information is relevant to the privacy related characteristics of all apps on the device, and related system-wide controls for the same. For example, in the DNT discussion it's been noted that diverse implementations in web user agents (of which there can be multiple) and web-enabled apps can lead to fragmented and inconsistent representations of user privacy preferences. Thus it would be good to enable management of preferences system-wide, and ensure that the applicable signals are always used (e.g. DNT header). The objective of the API would not be to mandate any UI aspects, but to provide the ability of apps to disclose privacy related characteristics, and the ability of suitably authorized apps to read those characteristics and manage system-wide privacy settings.

I heartily agree that the entire platform should be under a consistent privacy policy - the current approach of some regulatory bodies in which Web sites have to comply to strict privacy laws (e.g. on cookies) but apps just get a free pass is nothing short of moronic.

But I didn't see this as requiring a separate API - I thought it would be part of the system settings.

[bryan] Does "system settings" mean this is unspecified, or would we define requirements at least? The point of the API I recommended is that we need a semantic, normative way for apps to make privacy assertions and for the user to accept them in informed consent. The management of privacy preferences on a system wide basis I agree is a detail of system settings, but will there be an API for that? If there isn't I think it will be difficult to promote a consistent privacy experience for users, i.e. the experience on different devices may vary widely. We would like to avoid that by providing this as an appropriately permitted app that can be deployed across different Web-based devices.

Robin Berjon - http://berjon.com/ - @robinberjon
Received on Wednesday, 6 June 2012 17:31:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:09 UTC