W3C home > Mailing lists > Public > www-p3p-policy@w3.org > May 2001

Re: user voice data

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 31 May 2001 17:23:18 +0200
To: www-p3p-policy@w3.org
Message-ID: <20010531172318.O704@w3.org>
On Thu, May 31, 2001 at 09:05:00AM -0400, Martin Presler-Marshall wrote:
>      Rick asked:
[...]
> 
> > 2) Notification
> > What are your suggestions for conveying privacy information to
> > users over the phone - is text to speech on a human readable text file
> > enough, do we need a to text to speech the policy file also?
>      You certainly don't want to text-to-speech the XML version of the P3P
> policy. I would say that in a voice-accessible system, users would expect a
> voice-based, "human-interpretable" privacy policy. If the system is both
> Web-accessible and voice-accessible, then the Web-side should have a P3P
> policy attached.

I could imagine, that it might be convenient to have different
text-to-speech versions for different languages generated from
the P3P-XML Policy. But this has nothing to do with the P3P
Specification.
> 
> > 3) Accessible/Updateable
> > Is is it acceptable that some information not be changeable
> > or accessible over the phone, like for instance, income
> > level? Does the fact that information is stored and used in
> > several arenas (web ui, telephone ui) mean the info must be
> > accessible/updateable in at least one arena or all of them?

>      Deciding how much data to make accessible is the job of the service
> provider, and you certainly shouldn't allow access to personal information
> with authenticating the requester. Also, the P3P spec says that "The method

I doubt whether you meant with or rather without.. I don't want,
that anybody can access my personal information at a certain
service provider. I want this access limited to me..

> of access is not specified" - it's only that access is required. Thus,
> access through only one mode (voice, Web, etc) is certainly acceptable.

Note, that the EU Data Protection Directive requires access to
personally identified information, but doesn't specify the mode
of access. So you are free to design your system and describe it.
There is no rule, that requires access to information by the same
channel by which it was collected..

Best, 


Rigo Wenning            W3C/INRIA
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
+33 (0)6 73 84 87 31    F-06902 Sophia Antipolis
http://www.w3.org/
Received on Thursday, 31 May 2001 11:23:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT