User Consent and Addresses from Adam Roach on 2016-05-06 (public-payments-wg@w3.org from May 2016)

From: Adam Roach <abr@mozilla.com>
Date: Fri, 6 May 2016 16:48:06 -0500
To: Adrian Bateman <adrianba@microsoft.com>, Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <82ed3d5e-ab42-0a6a-c87b-9f98c3082080@mozilla.com>

> *From:*Adam Roach [mailto:abr@mozilla.com]
> *Sent:* Wednesday, May 4, 2016 3:47 PM
>
> *Issue A: Interaction between address updates and user consent*
>
> Section 16.1 specifies that user data, such as shipping addresses, are 
> to be provided to the merchant page only with user consent. It's 
> unclear how this interacts with the behavior of 
> "onshippingaddresschange," which fires every time the user changes 
> their address in a payment app. As a user, I would not inherently 
> expect such actions to be automatically exfiltrated to the merchant 
> web page. We definitely need to think through and document what kind 
> of behavior represents informed user consent in these cases.
>


On 5/4/16 20:07, Adrian Bateman responded:
>
> On Issue A, I very much disagree. This group should not be defining 
> user consent.
>

I'm trying to understand this assertion. Other specifications that deal 
with users' private information -- such as the Geolocation API and the 
Media Capture API -- include treatments of user consent. What is it 
about the Web Payments WG that would make our specifications exempt from 
doing so?

-- 
Adam Roach
Principal Platform Engineer
Office of the CTO

Received on Friday, 6 May 2016 21:48:37 UTC