- From: Alissa Cooper <acooper@cdt.org>
- Date: Wed, 28 Apr 2010 12:40:28 +0100
- To: Robin Berjon <robin@robineko.com>
- Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
For sharing, I think the following are true statements: --internal and affiliates are NOT mutually exclusive. In pretty much every case where a company is sharing with affiliates, it will also be sharing internally. --internal and unrelated companies are NOT mutually exclusive. Same rationale as above. --affiliates and unrelated companies ARE mutually exclusive. A company could certainly share with one without sharing with the other, and users may desire some service that requires sharing with one but not the other. For example, I might be fine with Evite sharing some of my contacts with Facebook, but not with Match.com (Evite and Match.com are both owned by IAC and are thus affiliates; Facebook is an unrelated company). --public IS mutually exclusive from all of the other attributes. This might sound a little counterintuitive, but I think it's true. You may upload some data through a Device API for the sole purpose of having it publicly posted. But that doesn't mean you want the app to share it internally, with affiliates, or with unrelated companies. All of those companies may be able to find your data because it's public, but the fact that they would have to search for it makes the disclosure materially different than if they were given the data directly. Recall, for example, the original user outrage over the Facebook news feed. For secondary use, I would agree that contextual is not mutually exclusive from each of the other two. Most services are unlikely to give you customization or marketing unless they can troubleshoot the service, and if users are willing to accept either of those they are probably also willing to accept contextual secondary uses. But I do think customization and marketing-or-profiling are mutually exclusive, and it will be important in the eyes of some users to be able to say that they want customization without marketing or profiling, or conversely that they accept the use of their data for marketing or profiling even in the context of services that offer no customization. Alissa On Apr 21, 2010, at 4:07 PM, Robin Berjon wrote: > Hi Alissa, > > thanks for the update. > > On Apr 20, 2010, at 17:18 , Alissa Cooper wrote: >> The privacy rulesets draft has been converted to ReSpec, has the >> glossary filled in (including pointers to existing relevant >> definitions), and now has citations. > > Mulling this over I tend to think that the attributes for sharing > and secondary use should either be mutually exclusive, or we should > be clearer about why they aren't. The spheres of internal, > affiliates, unrelated companies, and the public seem (to me :) to be > included in one another. To a lesser degree the same applies for > secondary use (and the privacy violation that they constitute in > both cases seems clearly gradual). > > -- > Robin Berjon > robineko — hired gun, higher standards > http://robineko.com/ > > > > > >
Received on Wednesday, 28 April 2010 11:41:01 UTC