- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Wed, 06 Jul 2011 18:51:54 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/privacy-practices
In directory hutz:/tmp/cvs-serv31002
Modified Files:
Overview.html
Log Message:
add examples related to user decisions in context, add references to
contacts api and HTML5
Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/privacy-practices/Overview.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- Overview.html 6 Jul 2011 17:55:09 -0000 1.5
+++ Overview.html 6 Jul 2011 18:51:52 -0000 1.6
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
- <title>Device API Privacy Best Practices</title>
+ <title>Device API Privacy Best Practices for Services</title>
<meta http-equiv='Content-Type' content='text/html;charset=utf-8' />
<script src='../ReSpec.js/js/respec.js' class='remove'></script>
<script class='remove'>
@@ -25,7 +25,7 @@
<body>
<section id='abstract'>
This document describes privacy best practices relevant to device
- APIs.
+ APIs for web services.
</section> <!-- abstract -->
<section id='sotd'>
@@ -38,25 +38,27 @@
<section id='introduction'>
<h2>Introduction</h2>
<p>
- This document outlines good privacy practices for implementers of
+ This document outlines good privacy practices for implementers
+ of web services that use
device APIs. It is a companion to the privacy principles and
requirements documented in the Device API Privacy Requirements Note
- [[DAP-PRIVACY-REQS]],
- [[GEOLOCATION-PRIVACY]].
+ [[DAP-PRIVACY-REQS]].
</p>
</section>
<section id="generalprinciples">
<h2>General Principles</h2>
<section id="privacybydesign">
<h3>Privacy By Design</h3>
- <p>Privacy should be considered from the beginning of design and
- implementation.</p>
+ <p>Privacy should be a default mode of operation, including the
+ concepts of considering from the beginning of design and
+ implementation, making privacy the default, and reflect other
+ principles of "privacy by design" [[PRIVACY-BY-DESIGN]].</p>
<div class="practice">
<p><a id="bp-privacy-by-design"></a><span
class="practicelab">Consider privacy as part of design</span></p>
<p class="practicedesc">
Consider privacy when designing a service at the very
- beginning.
+ beginning and the principles outlined in "Privacy by Design".
</p>
</div>
</section>
@@ -88,6 +90,25 @@
difference. An example is when the decision involves
sharing data with a third party who could change.
</p>
+ <p>
+ Examples are the presentation of a "picker"
+ interface to a user for selecting contacts fields of
+ potential contacts returned from a find operation in
+ the contacts API [[CONTACTS-API]], or the selection
+ of a file in
+ response to HTML5 <code><input type="file"></code> markup
+ [[HTML5]]. In each of these cases a user makes a
+ decision of what to share in the context of their
+ current activity and indicates that decision through
+ the selection process.
+ </p>
+ <p>Another similiar example is
+ drag and drop in HTML5 where a user clearly indicates a
+ desired sharing of information.
+ </p>
+ <p>
+ These are examples of granting permission implicitly
+ through action.</p>
</div>
<div class="practice">
<p><a id="bp-sp-choices"></a><span
@@ -111,7 +132,8 @@
<p class="practicedesc">
Minimal user interface interaction should be required
with minimal consent dialogs (to avoid known problem
- of choosing to accept only to continue work).
+ of choosing to accept only to continue work)
+ [[GEOLOCATION-PRIVACY]].
</p>
</div>
</section>
Received on Wednesday, 6 July 2011 18:51:59 UTC