RE: W3C Web Security IG - a new work about deleting data

Indeed an interesting idea.

Section 4. Privacy Considerations at least needs a section 4.x. to acknowledge that (as far as I can see in the current draft at least) any third-party data set as a result of the visit to the first-party subdomain will not be removed in a Clear-Site-Data event.

Simon

Dr Simon Rice
Group Manager (Technology)
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
T. +44 (0)1625 545811  F. +44 (0)1625 524510  ico.org.uk<http://ico.org.uk/>  twitter.com/iconews<https://twitter.com/iconews>
Please consider the environment before printing this email

From: Christine Runnegar [mailto:runnegar@isoc.org]
Sent: 21 July 2015 12:59
To: public-privacy (W3C mailing list)
Subject: Fwd: W3C Web Security IG - a new work about deleting data

This is also something PING should take a look at


Begin forwarded message:

From: GALINDO Virginie <Virginie.Galindo@gemalto.com<mailto:Virginie.Galindo@gemalto.com>>
Subject: W3C Web Security IG - a new work about deleting data
Date: 20 July 2015 3:05:36 pm GMT+2
To: "public-web-security@w3.org<mailto:public-web-security@w3.org>" <public-web-security@w3.org<mailto:public-web-security@w3.org>>
Resent-From: <public-web-security@w3.org<mailto:public-web-security@w3.org>>

Dear all,
In case you missed it, an interesting work starting in W3C Web App Sec WG about the possibility for web developer to ask user agent to delete some data related to a domain.
More here : https://w3c.github.io/webappsec/specs/clear-site-data/
Regards,
Virginie

________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.


____________________________________________________________________


The ICO's mission is to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

If you are not the intended recipient of this email (and any attachment), please inform the sender by return email and destroy all copies. Unauthorised access, use, disclosure, storage or copying is not permitted.
Communication by internet email is not secure as messages can be intercepted and read by someone else. Therefore we strongly advise you not to email any information, which if disclosed to unrelated third parties would be likely to cause you distress. If you have an enquiry of this nature please provide a postal address to allow us to communicate with you in a more secure way. If you want us to respond by email you must realise that there can be no guarantee of privacy.
Any email including its content may be monitored and used by the Information Commissioner's Office for reasons of security and for monitoring internal compliance with the office policy on staff use. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you write or forward is within the bounds of the law.
The Information Commissioner's Office cannot guarantee that this message or any attachment is virus free or has not been intercepted and amended. You should perform your own virus checks.
__________________________________________________________________

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113  Fax: 01625 524 510 Web: www.ico.org.uk