W3C home > Mailing lists > Public > public-tracking@w3.org > April 2012

Re: Geolocation compliance (ACTION-165)

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 25 Apr 2012 20:40:17 +0200
To: ifette@google.com
Cc: public-tracking@w3.org
Message-ID: <3639882.zKu49V6Yro@hegel.sophia.w3.org>
On Wednesday 25 April 2012 08:36:05 Ian Fette wrote:
> > do you see an issue if we only talk about postal code? Is there another
> > measure instead?
> 
> I'm not sure what you mean by "is there another measure". Sites can
> attempt to do finer grained geolocation for sure. Also, "postal code" is
> not well defined in terms of privacy impact, FWIW. In the US, if you have
> a postal code of 10002 I know you're in the lower east side of Manhattan.
> (Basically, the area bounded by Houston to the north and Bowery to the
> west). A fairly small area, but I guess probably still at least tens of
> thousands of people living there. On the other hand, if you have a zip
> code of 99684, I basically know you're in the area surrounding Unalakleet
> AK, which is a very large geographic area (somewhere around 2,000 km^2)
> but a very small population (around 760). Or, a more extreme example,
> 99832 is Pelican, AK which is narrowing it down to 125 people.

See, this is what I meant. We have geo-coordinates and things. Must it be 
the postal code only because marketing in certain western countries works 
with the postal code? I have my doubts and I expressed those doubts. 
> 
> Maybe this is fine and intended, but I think a lot of us are used to
> thinking about postal codes in large US cities.
> 
> Another interesting example is Canada. Go to Google Maps and search for
> H2M 2M4. That's basically a subsection of a single block in Montréal (it
> seems to identify somewhere around 5 apartment buildings that look like
> they have about 4 units each from google maps satellite view).

Yes, this matches exactly my concerns, but I also have concerns that the 
geolocation folks use geo-coordinates and the others use postal code. There 
is a friction ahead. This is my main concern. 

As geolocation is highly sensitive I wonder how we can come up with 
something sensible. EU needs consent anyway by law (very explicit in 
Directive 2002/58EC). As the geolocation API requires consent anyway, the 
only question remaining may be whether we accept DNT:0 as consent as 
required by the geolocation API
> 
> 
> So, I'm not really sure what guidance we're actually giving people.

Agree, we can do better IMHO. But at the same time try to reduce implementer 
burden. 

> 
> > And I agree that we have some logical break if the geolocation wants
> > consent
> > and the DNT specification says tracking at postal code level is fine.
> > But
> > IMHO this is a tricky issue. So leaving the break where it is is an
> > option IMHO.
> 
> I don't understand what the current state is. The spec seems to imply you
> can't use fine grained geolocation if user sends DNT:1, but the Geo API
> has express user consent. I don't think leaving the ambiguity is a good
> idea.

True, so let's fix that. One phrase needed IMHO. Geolocation API consent 
tops DNT. But what about DNT;1 received a long time after the Geolocation 
consent?

Rigo
Received on Wednesday, 25 April 2012 19:58:34 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:27 UTC