- From: Doug Turner <doug.turner@gmail.com>
- Date: Sat, 4 Apr 2009 09:02:51 -0700
- To: Alissa Cooper <acooper@cdt.org>
- Cc: public-geolocation <public-geolocation@w3.org>
4, 2009, at 4:19 AM, Alissa Cooper wrote: > I would obviously prefer to have the user's privacy preferences > expressible through the API itself. But should the text below make > its way into the spec as an alternative mechanism for addressing > privacy, I have a few suggestions on how to make it clearer and more > consistent. > It has been agreed that privacy in this API is wrong for the web. I sincerely thank you for your suggestions. My comments are below. > To ensure that the sentence above doesn't swallow the considerations > for implementers entirely, I would say something like, "In limited > circumstances, certain User Agents will have. . .." Otherwise every > UA could claim to have "prearranged trust relationships." > Totally agree. >> The two primary concerns regarding recipients of location information >> are retention and retransmission. > > I'm not so sure that this is true. A design decision was made within > Geopriv to include default privacy rules about retention and > retransmission, but that decision was based on several factors, with > level of "concern" being only one of them. As the rest of this > paragraph explains, there are other privacy considerations besides > retention and retransmission (use, disclosure, etc.), so I'm not > sure how much value is added by declaring that two of these are > "primary." I would drop this sentence. When the "geopriv" proposed 4 new fields to the Position interface, the purpose was to convey retention or retransmission rules to the requester of the geolocation data. Are there more important concerns that the "geopriv" proposal addressed? > Before getting into use limitation as the next sentence does, it > might make sense to say something about limiting collection, such as: > > Web sites must only request location when necessary. > > This might seem really obvious, but a surprising amount of data > collection goes on "just because" (look at how much data most > Facebook apps collect compared to what they need to deliver their > services). This trend has made collection limitation a pretty > standard privacy principle. I have questions about the use of "must" here. Should it be "should"? > >> Care should be taken when retransmitting >> and use of HTTPS is encouraged. Furthermore, a clear and accessible >> privacy policy should be made available to all users that details the >> usage of location data. > > This disclosure suggestion is a little limiting if the words > "privacy policy" are interpreted to mean the usual long privacy > statement linked at the bottom of a Web site. It might make sense to > leave some room for disclosure in other places. It could also be > more clear about what needs to be disclosed -- there is a pretty > standard set of items that are usually disclosed in notices like > this. Suggestion: > > Recipients must clearly and conspicuously disclose the fact that > they are collecting location data, the purpose for the collection, > how long the data is retained, how the data is secured, how the data > is shared if it is shared, how users may access, update and delete > the data, and any other choices that users have with respect to the > data. This disclosure must include an explanation of any exceptions > to the guidelines listed above. Good suggestion. Same question about the must verses should usage.
Received on Saturday, 4 April 2009 16:03:33 UTC