2009/dap/policy-reqs Overview.html,1.14,1.15 from Frederick Hirsch via cvs-syncmail on 2010-03-02 (public-dap-commits@w3.org from March 2010)

From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
Date: Tue, 02 Mar 2010 02:26:07 +0000
To: public-dap-commits@w3.org
Message-Id: <E1NmHoF-0001o9-2M@lionel-hutz.w3.org>

Update of /sources/public/2009/dap/policy-reqs
In directory hutz:/tmp/cvs-serv6868

Modified Files:
	Overview.html 
Log Message:
add intro paragraph to privacy material Dom added, also add "Notice,
Transparency and Feedback" topic.


Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/policy-reqs/Overview.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- Overview.html	1 Mar 2010 14:18:54 -0000	1.14
+++ Overview.html	2 Mar 2010 02:26:04 -0000	1.15
@@ -348,7 +348,26 @@
     </section> <!-- user control -->
     <section>
       <h2>Privacy considerations</h2>
-      <p>[[PRIVACY-ISSUES-GEO]] raises several aspects that APIs which expose user private data should take into consideration.</p>
+<p>Privacy considerations are important to Device APIs, since misuse of  
+information can have financial, physical safety, and reputation  
+impacts, among others. Privacy needs a systemic solution, including  
+functional requirements on user agents, web sites and other components  
+of the system, since any opportunity for misuse of private information  
+is a risk. Addressing privacy may include functional requirements in  
+the technical standards, laws and regulations, and best practices.  
+When privacy concerns are not appropriately met, legal remedies in the  
+courts may be required after the fact. Thus it is important that  
+privacy is addressed appropriately up-front.
+</p>
+      <p>[[PRIVACY-ISSUES-GEO]] raises several aspects that APIs that
+      expose user private data should take into consideration.
+In general these concerns apply to all APIs, though the impact of  
+privacy risks may vary with individual API. For example, inappropriate  
+disclosure of contacts or location information could have serious  
+personal safety issues, while other system type information
+      disclosures might   
+have fewer issues.
+</p> 
       <section>
 	<h3>Minimization</h3>
 	<p>To reduce the risks of over-exposing users data, it is helpful to design APIs so that Web developers can request as little information as they need to accomplish their goals.</p>
@@ -391,7 +410,21 @@
 	</ul>
 	</div>
       </section>
-    </section>
+      <section>
+	<h3>Notice, Transparency and Feedback</h3>
+	<p>When a requestor needs data, is the user informed how the data
+    will be used, and in general how to access the privacy policy? Can
+    the user specify rules on the use of their data, taking an active
+    role in managing their privacy? Can
+    the user access a log to determine how their information was used
+    and by whom?</p>
+	<div class="issue"><p>Is it possible to provide an indicator that
+    personal information is being used, and enable follow up action
+    from the user to determine how it is being used? (e.g. visual
+    indicator and means to access log)
+    </p> </div>
+      </section>
+      </section>
 
     <section>
       <h2>Identification</h2>

Received on Tuesday, 2 March 2010 02:26:08 UTC