- From: Alissa Cooper <acooper@cdt.org>
- Date: Wed, 12 Nov 2008 16:37:14 -0500
- To: Angel Machín <angel.machin@gmail.com>
- Cc: public-geolocation@w3.org
Angel, I'd like to take a moment to step back from the Geopriv-specific discussion to explain why we think tying privacy rules to location will be helpful for privacy on the web. In doing so I will address your comment about the Article 29 Working Party opinion on location data. John and I (and many others) do not believe that the consumer privacy experience on the Web thus far has been a good one. The main vehicle that companies have used as a means to express their privacy practices is the privacy policy. The examples of privacy policies that I mentioned in my previous email to Ian provide a mere snapshot of the problem. Privacy policies are written as disclaimers of legal liability for corporations, not as the expression of privacy rights of individuals. Study after study has shown that privacy policies are too long and complicated for people to understand [1]. When people see the words "Privacy Policy" at the bottom of a web page, they falsely believe that their privacy is being protected [2]. When they find out the actual state of affairs on the Web -- that their data is often being collected and disclosed without their knowledge -- the majority of people are upset or uncomfortable [3]. Thus, it is not the case that the Internet is full of highly informed users who carefully choose which sites they share data with based on an understanding of each site's policies. The best that can be said about privacy on the Web is that most users are ignorant of what actually goes on with their data, and when they find out they don't like it. Thus, the notion of tying privacy rules to location appeals to us because it represents a way to improve over the status quo for a sensitive category of data. Presenting sites with privacy rules provides an explicit expression of the user's privacy expectation, and creates a basis to judge whether the rules are enforced, regardless of how privacy-protective the user's legal regime may be. But folks are right to raise the impact that the user's legal regime can have. In the US, where we have no specific law protecting the location information that sites would obtain through this API, passing privacy rules increases privacy protection because the mere expression of such rules will enhance a court's willingness to honor them. In the EU, the data protection directive does provide an expression of individual privacy rights. But that doesn't mean that each member state's implementation of the directive is fully protective of location information, and it certainly doesn't mean that legislators and judges in each EU country will interpret Article 29 Working Party opinions, which are not law, so as to protect location information. If the regime as defined in the directive in 1995 were clear, search engine companies may not have felt the need to make constant adjustments to their data retention policies over the last 2 years, for example. As another example, it is not at all clear how lawmakers and judges across the EU will interpret "the length of time necessary for providing the service" in the opinion that you cite below. Might companies claim that indefinite storage is a reasonable length of time, and will courts agree? While each member state is busy grappling with these questions, passing privacy rules to sites can express the user's robust interpretation of how location information should be treated. With this spec, we have the opportunity to surpass what we believe is a dismal status quo for privacy on the web. We can decide to whitewash the privacy issue by making some generic policy recommendation, the result of which will likely be that companies add more vague language to their privacy policies absolving them of legal liability for whatever happens to the location information they collect. Or we can move the ball forward by making user privacy preferences explicit and putting the onus on web developers to respect those preferences or face potential consequences. Alissa [1] http://portal.acm.org/citation.cfm?id=1284627 [2] http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1262130 [3] http://blog.cdt.org/2008/03/28/consumer-discomfort-with-online-tracking/ On Nov 5, 2008, at 7:18 AM, Angel Machín wrote: > Hi Alissa, > > On Tue, Nov 4, 2008 at 8:49 PM, Alissa Cooper <acooper@cdt.org> wrote: > > Frankly, I would be astounded if even the small number of sites that > already obtain location information using the existing version of > this API (1) delete location data after some amount of time less > than many years, and (2) commit to not sharing location information > with others. > > ... but in this particular case we have regulation controlling it, > why should we need a specific policy item? > > "Storage time – storage of location data is only permitted for the > length of time necessary for providing the service. It cannot be > stored after that, except for billing and payment purposes. If it > is, it must be rendered anonymous." > http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2005/wp115_en.pdf > > Regards, > Angel >
Received on Wednesday, 12 November 2008 21:37:52 UTC