- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Thu, 14 Aug 2003 14:37:48 -0400
- To: Rigo Wenning <rigo@w3.org>
- Cc: public-p3p-spec@w3.org
On Thursday, August 14, 2003, at 10:35 AM, Rigo Wenning wrote: > > Lorrie, late but hopefully not too late: my 2 cents after re-reading > the > draft. Nope, not too late. Thanks for the comments! > ======================================================================= > On Element opturi (attribute of POLICY element) > > It currently says: Find out how to opt-out at [with link to opturi] > > But the opturi can also be a uri to opt-in. By standardizing the text > above, we prevent the expression of opturi as opt-in Maybe we should change to "Find out how to opt-in or opt-out at" > > ======================================================================= > <ACCESS><all /> > > It says: We give you access to all of our information that identifies > you > > I'm a bit reluctant with my pigeon-english to comment here, but there > might be data attached to a record of a natural person that does not > identify this person but just enhances the profile. What about: > > We give you access to all of our information about you > > Hmm.. reading further in ACCESS, there is a mixture of "identifies you" > and "information about you". This could be canonicalized for better > understanding. The definition of <all/> is restricted to "identified data" so "about you" seems to broad? > ======================================================================= > > <DISPUTES> > > it says often "[display long description and short description, if > provided, with hyperlink to service URI]" > > shouldn't we provide a default in the absence of such a description? > > This could resolve some of the concerns of David Stampley, as we might > say: If other dispute resolutions have failed, you could ultimately go > to court with your case (which is always true ;) This makes more sense > for <law />. Your rights are ultimately protected by law. > The service URL is always required, so maybe that should be the default > ======================================================================= > > <REMEDIES> > > I agree with the concerns of David Stampley concerning the <law /> > element. > > ======================================================================= > > <NON-IDENTIFIABLE> > > it says: > > "We do not keep any information that could be used to identify you > personally" > > But in fact, this is a question of retention. Non-identifiable means: > > We do not collect any information that could be used to identify you > personally The definition of this element includes both the case that the info is not collected and the case that it is collected but anonymized before being stored. That's why we use the term "keep" rather than "collect."
Received on Thursday, 14 August 2003 14:34:49 UTC