- From: Matthias Schunter <mts@zurich.ibm.com>
- Date: Fri, 13 Dec 2002 16:54:07 +0100
- To: <public-p3p-ws@w3.org>
- Cc: wmi@zurich.ibm.com, evh@zurich.ibm.com
SCOPE Currently, data subjects opt-in or opt-out to elements within a statement. For example, they can opt-out of a certain recipient for a given set of statements and retention policies. This implies that they automatically opt-in or opt-out to the resulting cross product with this recipient and all purposes and retentions. This is usually not what a user wants. In practice, a customer usually opts in for a abstract textual description that reflects many uses. Since opt-in and opt-out usually corresponds to certain business processes in an organization that require multiple data elements for multiple purposes, it is advisable to introduce `consent blocks' that enable to opt-in or opt-out to a set of statements. This can be formalized by named consent descriptors that can be opt-in or opt-out and describe (in text) what the consent means. Each statement can then specify a consent descriptor. If this particular consent has been given, the statement is applicable. Otherwise, it is not applicable. RESOURCES - Matthias Schunter - Elaborate our proposal to express consent choices in P3P 1.1 - Discussions with the P3P 1.1 working group If P3P wants to specify a format for _collecting_ consent in P3P 2.0, we'd be willing to contribute as well. Collecting consent would require elements that fix primary and secondary recipients and purposes. -- Dr. Matthias Schunter <mts (at) zurich.ibm.com> --- IBM Zurich Research Laboratory, Ph. +41 (1) 724-8329 Fax +41-1-724 8953; More info at www.semper.org/sirene PGP Fingerprint 989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Friday, 13 December 2002 11:00:35 UTC