W3C home > Mailing lists > Public > public-tracking@w3.org > April 2012

Re: Geolocation compliance (ACTION-165)

From: イアンフェッティ <ifette@google.com>
Date: Wed, 25 Apr 2012 08:36:05 -0700
Message-ID: <CAF4kx8f2VYRQCk-wTGEw85maHe50eCAB9inA7gs95fQA658bUg@mail.gmail.com>
To: Rigo Wenning <rigo@w3.org>
Cc: public-tracking@w3.org
On Wed, Apr 25, 2012 at 12:30 AM, Rigo Wenning <rigo@w3.org> wrote:

> Hi Ian,
> do you see an issue if we only talk about postal code? Is there another
> measure instead?

I'm not sure what you mean by "is there another measure". Sites can attempt
to do finer grained geolocation for sure. Also, "postal code" is not well
defined in terms of privacy impact, FWIW. In the US, if you have a postal
code of 10002 I know you're in the lower east side of Manhattan.
(Basically, the area bounded by Houston to the north and Bowery to the
west). A fairly small area, but I guess probably still at least tens of
thousands of people living there. On the other hand, if you have a zip code
of 99684, I basically know you're in the area surrounding Unalakleet AK,
which is a very large geographic area (somewhere around 2,000 km^2) but a
very small population (around 760). Or, a more extreme example, 99832 is
Pelican, AK which is narrowing it down to 125 people.

Maybe this is fine and intended, but I think a lot of us are used to
thinking about postal codes in large US cities.

Another interesting example is Canada. Go to Google Maps and search for H2M
2M4. That's basically a subsection of a single block in Montréal (it seems
to identify somewhere around 5 apartment buildings that look like they have
about 4 units each from google maps satellite view).

So, I'm not really sure what guidance we're actually giving people.

I think we should tell the geolocation folks to also look
> at our specification if DNT can be utilized for better consent interfacing
> in case of location services.
Disagree, the notion of providing geolocation and retention are separate

> And I agree that we have some logical break if the geolocation wants
> consent
> and the DNT specification says tracking at postal code level is fine. But
> IMHO this is a tricky issue. So leaving the break where it is is an option
I don't understand what the current state is. The spec seems to imply you
can't use fine grained geolocation if user sends DNT:1, but the Geo API has
express user consent. I don't think leaving the ambiguity is a good idea.

> Best,
> Rigo
> On Tuesday 24 April 2012 19:36:56 Ian Fette wrote:
> > Currently the definition/compliance document states "Geo-location
> > information that is more granular than postal code is too granular.
> > Geolocation data must not be used at any level more granular than postal
> > code. Note that while the number of people living in a postal code varies
> > from country to country, postal codes are extant world-wide.
> > If specific consent has been granted for the use of more granular
> location
> > data, than that consent prevails."
> >
> > There exists a browser API to gain potentially very fine-grained
> > (GPS-level) location information, this has a built-in consent mechanism.
> >
> > I would propose adding into Non-Normative Discussion in the geolocation
> > compliance section the following.
> >
> > "The Geolocation API [1] available in web browsers is one mechanism by
> > which fine-grained location information can be requested by a website.
> > This API ensures that location information is only sent with the express
> > permission of the user. Use of this API would be an example of specific
> > consent being granted for the use of more granular location data. A user
> > explicitly typing a location into a website, such as entering an address
> > in a form or selecting a location on a map, would also be an example of
> > specific consent being granted."
> >
> > with the link to the API for [1] at
> http://www.w3.org/TR/geolocation-API/
> >
> > -Ian
Received on Wednesday, 25 April 2012 15:36:41 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:47 UTC