- From: Nick Doty <npdoty@ischool.berkeley.edu>
- Date: Sun, 28 Feb 2010 16:38:03 -0800
- To: public-geolocation@w3.org
- Cc: Deirdre Mulligan <dkm@ischool.berkeley.edu>, Erik Wilde <dret@berkeley.edu>
Hello all, As I mentioned at the F2F in November, I've been working on documenting the web sites that are currently using the W3C Geolocation API and how they provide notice of their information practices to users (as we require in Section 4.2). Working with a couple professors at Berkeley, I've written up the results of that research and also done some broader analysis of how the API deals with privacy issues. The report is available online [1] and I hope it will be helpful to the Working Group. (It's also been sent to the Device APIs and Policy Working Group [2].) In particular, we found web sites to be consistently lacking in the notice they provided: frequently prompting users immediately on loading the page and rarely providing a clear explanation of how collected location data will be used, stored or re-transmitted, even one buried in a privacy policy. On the plus side, we were impressed with the handful of sites that let users inspect and change location data before submitting it in a form back to the server. This report includes only a limited survey of implementing web sites and we're currently pursuing ways to get a much broader set of data -- we'll be sure to keep the group updated on what more exhaustive surveys reveal. Though this is quickly getting unmanageable, I'm trying to keep an updated list of sites that use the API [3], what they use it for and whether they provide notice to users. Much thanks to co-authors Deirdre Mulligan and Erik Wilde for help in analysis and writing and to the Working Group for your support. Thanks, Nick Doty UC Berkeley, School of Information [1] http://escholarship.org/uc/item/0rp834wf [2] http://lists.w3.org/Archives/Public/public-device-apis/2010Feb/0174.html [3] http://npdoty.name/location/services
Received on Monday, 1 March 2010 00:38:40 UTC