Re: TRS policy property (ISSUE 2, ISSUE 22, ISSUE 23) from Shane M Wiley on 2017-03-27 (public-tracking@w3.org from March 2017)

From: Shane M Wiley <wileys@yahoo-inc.com>
Date: Mon, 27 Mar 2017 01:34:32 +0000 (UTC)
To: Mike O'Neill <michael.oneill@baycloud.com>, "'Aleecia M. McDonald'" <aleecia@aleecia.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <845875239.4332610.1490578472725@mail.yahoo.com>

Mike,
That was not the initial goal of the TSRO so I'd rather we not overload the API with that perspective at this time.  While loosely structured there was never a goal that this information be parsed in an understandable manner for User Agent interrogation such as P3P.
- Shane Shane Wiley
VP, Privacy Policy
Yahoo

      From: Mike O'Neill <michael.oneill@baycloud.com>
 To: 'Aleecia M. McDonald' <aleecia@aleecia.com>; public-tracking@w3.org 
 Sent: Sunday, March 26, 2017 8:45 AM
 Subject: RE: TRS policy property (ISSUE 2, ISSUE 22, ISSUE 23)
   
The idea is that the information should be machine-readable, i.e. by user
agents (which includes extensions like PB) or by website scanners run by
privacy researchers etc.

Information in anchor tags could be parsed but how would the machine know if
it was a link to a privacy policy or something else?




> -----Original Message-----
> From: Aleecia M. McDonald [mailto:aleecia@aleecia.com]
> Sent: 26 March 2017 16:19
> To: public-tracking@w3.org (public-tracking@w3.org)
(public-tracking@w3.org)
> <public-tracking@w3.org>
> Subject: Re: TRS policy property (ISSUE 2, ISSUE 22, ISSUE 23)
> 
> Presumably sites with all information in one html file can just use anchor
tags, so
> this is not a request for any specific structure, just that the
information be extant
> (as required by various laws.)
> 
>     Aleecia
> 
> > On Mar 26, 2017, at 4:06 AM, Rob van Eijk <rob@blaeu.com> wrote:
> >
> > For the discussion that @mschunte2 staged:
> >
> > I see a need for multiple policy attributes. For instance, reference to
a
> resource's (a) cookie policy, (b) privacy statement, (c) security policy,
e.g., a
> responsible disclosure policy, (d) terms and conditions, or (e) a DNT
policy as
> required by AB370. There is no straight forward way to distinguish at the
> moment whereas for consent this information should be easily available. I
> propose to add metadata such that UI's can use these hooks when providing
> information to the user, when needed.
> >
> > There are multiple ways of dealing with this need. I propose three
alternatives:
> >
> > A: extending the policy attribute to an array of strings. For example:
> >
> > "policy": ["https://webresource.com/cookies",
> "https://webresource.com/privacy", "https://webresource.com/security",
> "https://webresource.com/terms_and_conditions"]
> >
> > B: instead of having one policy property, extending to multiple policy
> properties. For example:
> >
> > "cookies_policy": "https://webresource.com/cookies"
> > "privacy_policy": "https://webresource.com/privacy"
> > "security_policy": "https://webresource.com/security"
> > "terms_and_conditions": "https://webresource.com/terms_and_conditions"
> >
> > C: extending the policy attribute to an array of key-values. For
example:
> >
> > "policy": [("cookie_policy", "https://webresource.com/cookies") ,
> ("privacy_policy", "https://webresource.com/privacy"),
> ("responsible_disclosure_policy", "https://webresource.com/security"),
> ("terms_and_conditions", "https://webresource.com/terms_and_conditions")]
> >
> >
> >
> > Option C is my preferred proposal, since the array of key/values is easy
to
> extend.
> >
> > Regards,
> > Rob
> >
>

Received on Monday, 27 March 2017 01:35:04 UTC