- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Mon, 5 Apr 2004 20:22:54 -0400
- To: 'public-p3p-spec' <public-p3p-spec@w3.org>
I think the consensus in http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0044.html was to add the following to 2.3.2.7: User agents that evaluate cookie policies SHOULD perform this evaluation *and its resultant behavior* before setting a cookie so that the cookie can be discarded without being set if that is what is dictated by the user's preferences. And then we wanted to add the following to the guidelines (I think in the section Timing of Notices to Users... but I guess we really want to call it "Timing of Policy Evaluation and Notices to Users"): Certain jurisdictions view the storage of cookies on a user's hard drive as an act of data processing. In such jurisdictions (e.g. the EU), policies should always be evaluated before a cookie is set and cookies should not be stored unless the cookie's policy is found to comply with the user's preferences. [we may need to do some further reshuffling after we see all the changes to the guidelines section... but I would like to go ahead and adopt this and have Rigo make the edits and then we can go from there]
Received on Monday, 5 April 2004 20:23:20 UTC