RE: Geolocation compliance (ACTION-165)

I see the use of the expression, “more granular than postal code” a bit arbitrary. It could cover a single house or several neighborhoods with thousands of people. Zip+4 seems more reasonable, but I don’t believe that would work globally.

JC

From: Haakon Bratsberg [mailto:haakonfb@opera.com]
Sent: Wednesday, April 25, 2012 2:17 AM
To: ifette@google.com
Cc: public-tracking@w3.org Group WG
Subject: Re: Geolocation compliance (ACTION-165)

Hi,

I agree on the the proposed addition about geolocation API.

Question:

If a user interacts with a site (foo.com<http://foo.com>) and a third party widget or similar (beacon.com<http://beacon.com>) asks for the users location, the browser will ask something like "beacon.com<http://beacon.com> wants to know your current location". Thus, the URI is indicator for which party that asks for the location.

Does this raise any issues with our distinction between first and third parties? Are there any user expectation issues we need to address? (I'm not sure, and may I see issues even if there are none)

Haakon



On Apr 25, 2012, at 4:36 AM, Ian Fette (イアンフェッティ) wrote:


Currently the definition/compliance document states "Geo-location information that is more granular than postal code is too granular. Geolocation data must not be used at any level more granular than postal code. Note that while the number of people living in a postal code varies from country to country, postal codes are extant world-wide.
If specific consent has been granted for the use of more granular location data, than that consent prevails."

There exists a browser API to gain potentially very fine-grained (GPS-level) location information, this has a built-in consent mechanism.

I would propose adding into Non-Normative Discussion in the geolocation compliance section the following.

"The Geolocation API [1] available in web browsers is one mechanism by which fine-grained location information can be requested by a website. This API ensures that location information is only sent with the express permission of the user. Use of this API would be an example of specific consent being granted for the use of more granular location data. A user explicitly typing a location into a website, such as entering an address in a form or selecting a location on a map, would also be an example of specific consent being granted."

with the link to the API for [1] at http://www.w3.org/TR/geolocation-API/


-Ian

Received on Wednesday, 25 April 2012 15:33:17 UTC