Last call and usage notification

Hello all,

I had just a couple of my own comments to follow up on CDT's last
call privacy comments and the "intended usage notification" thread that
lingered and languished on this list a few months ago.

First of all, I'd like to second CDT's request to hear from other members of
this list as to whether implementors of the API or users of the API that
don't fulfill all the normative requirements in "Privacy considerations for
implementors of the Geolocation API" and "Privacy considerations for
recipients of location information" will be officially non-conformant with
the API.

For example, Flickr's mobile website provides a "Photos taken nearby"
feature [1] which makes use of the draft Geolocation API.  But Flickr
apparently doesn't clearly and conspicuously disclose how long location data
is retained, how location data is secured or whether location data is shared
-- the "Your Privacy" link [2] doesn't describe any uses or practices around
location data.  I might conclude from following another link that the
"Yahoo! Privacy Policy" [3] covers my location information, but it's never
described explicitly and I couldn't definitively determine if my location
information was stored or shared.

What does the WG intend by requiring recipients to "clearly and
conspicuously disclose"?  Is disclosure within a long Privacy Policy
sufficient?  Or do we expect location information to be addressed explicitly
and before location information is requested?  Also, will the W3C have any
power to enforce or judge implementations or (ab)uses of the API?

Second (and I bring this up specifically because it might address
ambiguities with the normative privacy considerations), I wasn't sure we
ever came to a satisfactory conclusion on whether to allow requesters of
location information to specify in their request how location information
will be used, how long it will be kept or whether location information will
be transmitted to 3rd parties.[4]  While Doug, Greg, Andrei and Ian proposed
that allowing websites to present information about their usage would let
them deceive users, Martin, Henning, Max and I thought that some additional
context about how location information will be used would be valuable for
user privacy.

Could we find some middle ground where requesters can't place arbitrary text
which could deceive, but can fill in a timestamp for how long data will be
kept and a flag for whether it will be shared?  If not in V1, can we open an
Issue to reconsider this question in V2?  Again, this could help clarify
ambiguities around "conspicuous disclosure", address concerns about privacy
protection or even provide an easier step towards associating Geopriv-style
permissions with location data.

Nick Doty
UC Berkeley School of Information





Received on Saturday, 8 August 2009 02:01:06 UTC