Re: geolocation privacy statement strawman from Doug Turner on 2009-03-10 (public-geolocation@w3.org from March 2009)

From: Doug Turner <doug.turner@gmail.com>
Date: Mon, 9 Mar 2009 21:05:48 -0700
To: Andrei Popescu <andreip@google.com>
Cc: public-geolocation@w3.org
Message-Id: <39E7FCF9-20C3-45DA-97A2-0282786FE71C@gmail.com>

On Mar 9, 2009, at 8:49 PM, Andrei Popescu wrote:

> Hi Doug,
>
> Thanks for the proposal. I think it's a very good start. I have a
> couple of questions, too:
>
>> All permissions should be revocable, and applications should  
>> respect revoked permissions.
>
> I'm not sure what you meant by this exactly. The application would
> simply stop receiving the location data if the user has revoked the
> permission using the UA's interface, so I don't think the application
> has a choice (whether to respect or not the revoked permissions). Or
> am I misunderstanding this statement?

We were thinking along the lines of the "remember this decision"  
option common in many UAs permission dialogs.  If I give  
site.example.com/foopy/index.html permission to access my location and  
I ask the UA to remember this decision, we think that there should be  
some common way to remove such permission.  The result would be a new  
permission dialog the next time you go to site.example.com/foopy/ 
index.html.

>
>> Recipient of location information should retain location  
>> information only as long as required.
>
> I agree with Henning, we could be more explicit here. Perhaps we could
> encourage Web sites to inform the users about how long they plan to
> store their location?

I certainly agree that sites should inform the user about how long  
they plan on storing the location and didn't imply by may statement  
anything less (or i hope i didn't).  Some of the use cases we  
considered were sites that track a trail that you ran on.  For  
example, if I use watchPostion during a race, and the site would  
generate a plot of the data over a map.  my position was recorded by  
the website and I really do want the site to keep this information as  
long as required.

I liked Marin's summarization on this point:

Sites must only use private information for the task for which it was  
provided to them and must dispose of it once completed, unless  
expressly permitted to do so.

Received on Tuesday, 10 March 2009 04:06:32 UTC