Re: geolocation privacy statement strawman from Alissa Cooper on 2009-04-08 (public-geolocation@w3.org from April 2009)

From: Alissa Cooper <acooper@cdt.org>
Date: Wed, 8 Apr 2009 17:12:18 -0400
To: public-geolocation <public-geolocation@w3.org>
Message-Id: <BAF28874-60FB-43B0-BE9E-810C9BE9F83F@cdt.org>

I have another email coming about the should/must issue.

On Apr 4, 2009, at 12:02 PM, Doug Turner wrote:
>
>>> The two primary concerns regarding recipients of location  
>>> information
>>> are retention and retransmission.
>>
>> I'm not so sure that this is true. A design decision was made  
>> within Geopriv to include default privacy rules about retention and  
>> retransmission, but that decision was based on several factors,  
>> with level of "concern" being only one of them. As the rest of this  
>> paragraph explains, there are other privacy considerations besides  
>> retention and retransmission (use, disclosure, etc.), so I'm not  
>> sure how much value is added by declaring that two of these are  
>> "primary." I would drop this sentence.
>
> When the "geopriv" proposed 4 new fields to the Position interface,  
> the purpose was to convey retention or retransmission rules to the  
> requester of the geolocation data.  Are there more important  
> concerns that the "geopriv" proposal addressed?
>

What I was trying to say is that privacy protection is generally  
agreed to be a composite of many different considerations: notice  
about information collection, user choice/control, data collection  
limitation, data usage limitation, data retention limitation, data  
sharing limitation, data security, access to stored information, and  
redress in the case of abuse. Some of these are easily addressed by  
machine-readable user preferences such as those that the default  
Geopriv rules about retransmission and retention are built to convey.  
For others, like choice/control, it doesn't even make sense to think  
about encoding the user's preference in a machine-readable rule. The  
privacy considerations section now addresses all of the factors  
(except redress), and the API doesn't specify how to encode privacy  
rules. Thus, I don't think it makes sense to highlight the primacy of  
particular factors, since the section addresses most of them and they  
are all important.

Just to be clear, if the API itself contained privacy rules, I would  
still want this privacy considerations section to be as comprehensive  
as it is now. The Geopriv rules on their own aren't really enough to  
take care of the entire privacy issue.

Received on Wednesday, 8 April 2009 21:12:54 UTC