- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Sun, 28 Feb 2010 11:03:38 -0500
- To: W3C Device APIs and Policy WG <public-device-apis@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
I'd like to propose the following draft text for the Privacy portion of the "Device API Security,Privacy and Policy Requirements" document [1]. (We can merge this rough draft with the text that Dom provides.) I will probably have more to offer later. Privacy Requirements Privacy considerations are important to Device APIs, since misuse of information can have financial, physical safety, and reputation impacts, among others. Privacy needs a systemic solution, including functional requirements on user agents, web sites and other components of the system, since any opportunity for misuse of private information is a risk. Addressing privacy may include functional requirements in the technical standards, laws and regulations, and best practices. When privacy concerns are not appropriately met, legal remedies in the courts may be required after the fact. Thus it is important that privacy is addressed appropriately up-front. The following aspects of privacy should be addressed with more detailed requirements [PrivacyIssuesGeolocation]: Appropriateness - is the information collected appropriate to the context Minimization - is the minimum necessary granularity collected User Control - Does the user have control over the sharing of information, active or passive? Are there defaults? Notice - What information is provided to the user by the entity requesting information regarding that request? Can a user attach rules regarding use to the information provided? Consent - Is the user in control of decisions to disclose information? How is this control manifested, per use, per recipient, etc. What is the model, opt-in, opt-out? Secondary Use - Is consent required for secondary use? Are there mechanisms for setting limits or asking permission? Distribution - Can the entity requesting the information redistribute it? Retention - Can policy statements about retention be made? Is the information provided with a timestamp to enable retention limits? Transparency and Feedback - Are flows of information transparent to the user? Can the user access log information? Aggregation - Can information be aggregated, are persistent unique identifiers used? In general these concerns apply to all APIs, though the impact of privacy risks may vary with individual API. For example, inappropriate disclosure of contacts or location information could have serious personal safety issues, while system information disclosures might less so. [PrivacyIssuesGeolocation] Doty, N. Mulligan, D. Wilde, E. "Privacy Issues of the W3C Geolocation API". UC Berkeley School of Information. 24 February 2010. URI: http://escholarship.org/uc/item/Orp834wf --- (It might be worth considering if a light weight version of P3P or Geopriv is appropriate and can be generalized for DAP in the context of extension points as discussed by Noah.) regards, Frederick Frederick Hirsch Nokia [1] http://dev.w3.org/2009/dap/policy-reqs/
Received on Sunday, 28 February 2010 16:04:11 UTC