W3C home > Mailing lists > Public > public-device-apis@w3.org > April 2010

Re: Privacy Rulesets updated

From: Alissa Cooper <acooper@cdt.org>
Date: Wed, 28 Apr 2010 12:40:28 +0100
Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Message-Id: <FB60C333-8D77-4C74-BC04-2577EA319AB7@cdt.org>
To: Robin Berjon <robin@robineko.com>
For sharing, I think the following are true statements:

--internal and affiliates are NOT mutually exclusive. In pretty much  
every case where a company is sharing with affiliates, it will also be  
sharing internally.

--internal and unrelated companies are NOT mutually exclusive. Same  
rationale as above.

--affiliates and unrelated companies ARE mutually exclusive. A company  
could certainly share with one without sharing with the other, and  
users may desire some service that requires sharing with one but not  
the other. For example, I might be fine with Evite sharing some of my  
contacts with Facebook, but not with Match.com (Evite and Match.com  
are both owned by IAC and are thus affiliates; Facebook is an  
unrelated company).

--public IS mutually exclusive from all of the other attributes. This  
might sound a little counterintuitive, but I think it's true. You may  
upload some data through a Device API for the sole purpose of having  
it publicly posted. But that doesn't mean you want the app to share it  
internally, with affiliates, or with unrelated companies. All of those  
companies may be able to find your data because it's public, but the  
fact that they would have to search for it makes the disclosure  
materially different than if they were given the data directly.  
Recall, for example, the original user outrage over the Facebook news  

For secondary use, I would agree that contextual is not mutually  
exclusive from each of the other two. Most services are unlikely to  
give you customization or marketing unless they can troubleshoot the  
service, and if users are willing to accept either of those they are  
probably also willing to accept contextual secondary uses.

But I do think customization and marketing-or-profiling are mutually  
exclusive, and it will be important in the eyes of some users to be  
able to say that they want customization without marketing or  
profiling, or conversely that they accept the use of their data for  
marketing or profiling even in the context of services that offer no  


On Apr 21, 2010, at 4:07 PM, Robin Berjon wrote:

> Hi Alissa,
> thanks for the update.
> On Apr 20, 2010, at 17:18 , Alissa Cooper wrote:
>> The privacy rulesets draft has been converted to ReSpec, has the  
>> glossary filled in (including pointers to existing relevant  
>> definitions), and now has citations.
> Mulling this over I tend to think that the attributes for sharing  
> and secondary use should either be mutually exclusive, or we should  
> be clearer about why they aren't. The spheres of internal,  
> affiliates, unrelated companies, and the public seem (to me :) to be  
> included in one another. To a lesser degree the same applies for  
> secondary use (and the privacy violation that they constitute in  
> both cases seems clearly gradual).
> --
> Robin Berjon
>  robineko  hired gun, higher standards
>  http://robineko.com/
Received on Wednesday, 28 April 2010 11:41:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:32:19 UTC