RE: geolocation privacy statement strawman

Hi all, 

Looks very good to me, just 2 minor suggestions below.

Regarding the example of calling emergency services : as in Europe the
passing of the location is mandatory for calls to emergency services,
for Europe the wording "may not" would even be "is not allowed to"... 

Regarding the two primary concerns with the recipients of geolocation
information, one might add a 3rd one (or alternatively include it in
"data retention" more explicitly), being the concern to ensure proper
protection of the geolocation data with the recipient (eg against
unauthorised access by the staff of the website owner and/or access to
these data by unauthorised 3rd parties).  Also if this aspect is covered
by the privacy policy we might want to mention it explicitly here as

Kind regards, 

-----Original Message-----
[] On Behalf Of Andrei Popescu
Sent: 25 March 2009 15:18
To: Doug Turner
Subject: Re: geolocation privacy statement strawman


I think we should revive this thread and encourage people to express
their opinion on the wording proposed by Doug (slightly modified to
include a suggestion from Martin):

Privacy considerations for implementers of the Geolocation API:

User Agents must not send geolocation data to websites without
expressed permission of the user. Browsers will acquire permission
through a user interface which will include the document origin URI.
All permissions should be revocable, and applications should respect
revoked permissions.

Some User Agents will have prearranged trust relationship that do not
require such user interfaces. For example, a User Agent will present a
user interface when performs a geolocation request.
However, a voip telephone may not present any user interface when
using a geolocation to perform an E911 function.

Privacy considerations for recipients of location information:

The two primary concerns regarding recipients of geolocation data are
retention and retransmission. Sites must only use private information
for the task for which it was provided to them and must dispose of it
once completed, unless expressly permitted to do so. Users must be
allowed to update and delete location information that they have
posted. Recipient of location information should not retransmit the
location information without the user's consent. Care should be taken
when retransmitting and use of HTTPS is encouraged. Furthermore, a
clear and accessible privacy policy should be made available to all
users that details the usage of location data.


Received on Wednesday, 25 March 2009 21:55:08 UTC