Re: geolocation privacy statement strawman


Thanks for your comments.

> I don't see the need for regional defaults - users pick what they  
> want, and the upper limit is min(user choice, local regulations,  
> provider privacy statement). That seems pretty easy to understand  
> and provides protection at least equal to the data protection laws  
> governing the transaction today.

Users will not know what to pick, so there will be a default setting.   
And it sounded like region differences will be an issue for UAs  
according to some of the people at the Face to Face,  Take a look at  
the meeting notes for details.

> In many circumstances, asking is difficult (limited UI devices, API- 
> based services that don't have web interfaces, or language issues).  
> The whole point of having very basic rules is that the user does not  
> have to answer this question again and again for each service.

how are the rules enforced?  and if they are default rules that are  
unenforceable, why do they need to be in a api?

>  During our earlier discussions, we had extensive exchanges with  
> people who deal with privacy issues professionally, so I put some  
> stock in their recommendations. I'd really like to do better than  
> whatever is most convenient for developers, given that the industry  
> track record on privacy isn't all that exemplary. (You can read  
> about the Verizon example of "sneaking in"  disclosure on Slashdot  
> today, if you care.)

Who are you talking about?  Certainly of the UAs deal with privacy  
issues professional each and every day.


Received on Monday, 9 March 2009 04:10:59 UTC