- From: Giles Hogben <giles.hogben@jrc.it>
- Date: Wed, 18 Feb 2004 10:46:23 +0100
- To: "'Lorrie Cranor'" <lorrie@cs.cmu.edu>
- Cc: "'public-p3p-spec'" <public-p3p-spec@w3.org>
I think the clickstream issue still does not come across. Here are a couple of suggested ammendments to help with this. Otherwise I think the text is nice: Timing of Notices to Users As a best practice, users should receive notice about a site's privacy practices prior to their user agent transmitting any personal data. Personal data means anything which might reasonably be linked to the user (see section ****) and as such can even include IP addresses and locale data transmitted in http headers before a page has even loaded. In order to present such notice, a user agent would need to fetch a P3P policy prior to loading a page following the guidelines specified in section 2.4.3 **"The Safe Zone." However, implementers will need to consider the performance, usability, and privacy tradeoffs associated with displaying privacy information prior to loading a page. One way that privacy and usability might be simultaneously maximized is to treat all requests made prior to display of policy information as "safe zone" requests. At sites that include form fields, user agents SHOULD provide notice about the corresponding privacy practices prior to form submittal. Besides being best practice, this may be needed in order to comply with regulations in some jurisdictions (such as the European Union) that require a notice about the purpose of data collection to be presented to the user before any personal information is captured. User interface designs should recognize that the privacy policy for the form's action URI may be different than the privacy policy for the HTML page in which the form is embedded. In order to allow users to view privacy policy information associated with action URIs prior to form submittal, user agents might include a privacy tab that loads policy information for action URIs as a page loads, a button or menu item that causes policy information for action URIs to be displayed, or a pop-up that appears when a user begins entering information into a form field. >**I suggest this be added as a subsection of section with the title >**"Timing of Notices to Users" >** >**While the directive is asking for notice about purpose, I >**could imagine >**other jurisdictions asking for notice about say, data recipients or >**data retention as well. So i don't think we should limit our >**discussion >**to notice about purpose. >** >**I also think we need to spell things out a bit more so that people >**understand what data might be transmitted before a page is >**displayed. >**It is also not entirely clear to me how clickstream >**information comes >**into play here. Here is a proposal: >** >** >**Timing of Notices to Users >** >**As a best practice, users should receive notice about a >**site's privacy >**practices prior to their user agent transmitting any >**personal data. In >**order to do this, a user agent would need to fetch a P3P >**policy prior >**to loading a page following the guidelines specified in >**section 2.4.3 >**The "Safe Zone." However, implementers will need to consider the >**performance, usability, and privacy tradeoffs associated with >**displaying privacy information prior to loading a page. One way that >**privacy and usability might be simultaneously maximized is >**to treat all >**requests made prior to display of policy information as "safe zone" >**requests. >** >**At sites that include form fields, user agents SHOULD provide notice >**about the corresponding privacy practices prior to form submittal. >**Besides being best practice, this may be needed in order to >**comply with >**regulations in some jurisdictions (such as the European Union) that >**require a notice about the purpose of data collection to be >**presented >**to the user before any personal information is captured. >**User interface >**designs should recognize that the privacy policy for the >**form's action >**URI may be different than the privacy policy for the HTML >**page in which >**the form is embedded. In order to allow users to view privacy policy >**information associated with action URIs prior to form >**submittal, user >**agents might include a privacy tab that loads policy information for >**action URIs as a page loads, a button or menu item that >**causes policy >**information for action URIs to be displayed, or a pop-up >**that appears >**when a user begins entering information into a form field. >** >** >**On Thursday, February 5, 2004, at 03:00 AM, Giles Hogben wrote: >** >**> >**> Apart from the issue on primary purpose, the following is >**the latest >**> suggested text for the UA Guidelines >**> >**> Some jurisdictions (E.g. the European Union) require human >**readable >**> information on purpose of collection to be presented to the user >**> before any information is captured. One way to comply with >**this is to >**> present human >**> readable translations of policies for action uri's of forms >**> simultaneously >**> with the forms. As a best practice, information on >**purposes should be >**> made >**> available before any personal information is transmitted. >**This might be >**> achieved be achieved for example by a privacy tab which is >**> synchronised to >**> display information before pages load, or by including information >**> which is >**> displayed on clicking a link. >**> >**> >**> ------------------------------------- >**> Giles Hogben >**> European Commission Joint Research Centre >**> Institute for the Protection and Security of the Citizen >**Cybersecurity >**> New technologies for Combatting Fraud Unit TP 267 >**> Via Enrico Fermi 1 >**> Ispra >**> 21020 VA >**> Italy >**> >**> giles.hogben@jrc.it >**> tel:+390332789187 >**> fax:+390332789576 >**> >**> >** >**
Received on Wednesday, 18 February 2004 04:45:59 UTC