- From: Andrei Popescu <andreip@google.com>
- Date: Wed, 25 Mar 2009 14:17:53 +0000
- To: Doug Turner <doug.turner@gmail.com>
- Cc: public-geolocation@w3.org
Hi, I think we should revive this thread and encourage people to express their opinion on the wording proposed by Doug (slightly modified to include a suggestion from Martin): Privacy considerations for implementers of the Geolocation API: User Agents must not send geolocation data to websites without expressed permission of the user. Browsers will acquire permission through a user interface which will include the document origin URI. All permissions should be revocable, and applications should respect revoked permissions. Some User Agents will have prearranged trust relationship that do not require such user interfaces. For example, a User Agent will present a user interface when example.com performs a geolocation request. However, a voip telephone may not present any user interface when using a geolocation to perform an E911 function. Privacy considerations for recipients of location information: The two primary concerns regarding recipients of geolocation data are retention and retransmission. Sites must only use private information for the task for which it was provided to them and must dispose of it once completed, unless expressly permitted to do so. Users must be allowed to update and delete location information that they have posted. Recipient of location information should not retransmit the location information without the user’s consent. Care should be taken when retransmitting and use of HTTPS is encouraged. Furthermore, a clear and accessible privacy policy should be made available to all users that details the usage of location data. Thanks, Andrei
Received on Wednesday, 25 March 2009 14:18:32 UTC