RE: privacy questionnaire from Mike O'Neill on 2015-08-17 (public-privacy@w3.org from July to September 2015)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Mon, 17 Aug 2015 19:37:22 +0100
To: <norcie@cdt.org>, "'Mike O'Neill'" <michael.oneill@btinternet.com>
Cc: "'public-privacy $W3C mailing list$'" <public-privacy@w3.org>
Message-ID: <191a01d0d91b$c1f6dd70$45e49850$@baycloud.com>

Thanks Greg, I just did that.

 

Mike

 

From: Greg Norcie [mailto:gnorcie@cdt.org] 
Sent: 17 August 2015 15:35
To: Mike O'Neill <michael.oneill@btinternet.com>
Cc: public-privacy (W3C mailing list) <public-privacy@w3.org>
Subject: Re: privacy questionnaire

 

Hi Mike,

Thanks, those are both great suggestions.

If you'd like, you can actually edit the wiki directly:
https://www.w3.org/wiki/index.php?title=Privacy_and_security_questionnaire <https://www.w3.org/wiki/index.php?title=Privacy_and_security_questionnaire&action=edit&section=2> &action=edit&section=2

I don't want to create a situation where I'm the "gatekeeper" on all edits - while it'd be nice to reach a consensus on list before editing, everyone has the ability to edit the questionnaire. (Just please put in a small edit summary)

 

 

On Sat, Aug 15, 2015 at 4:41 PM, Mike O'Neill <michael.oneill@btinternet.com <mailto:michael.oneill@btinternet.com> > wrote:

Hi Greg,

 

I think it would be a good idea to mention consent expiry in the questionnaire. Cookies and the DNT exception API have this capability, while some other recent APIs do not. For example it is a pity that there is no built in expiry for localStorage or indexedDB even though the prototype implementations for them did.

 

How about this amendment to para 9 in the privacy section:

 

9. Can the user easily, preferably through an element of the GUI, revoke consent granted to a particular feature? Once consent has been given is there a mechanism whereby it is automatically revoked after a reasonable or user configurable period? Explanation: Consent should not be a one time affair, but an ongoing process. A user might forget they have given it or someone else may have given it for them, so it should not be granted for perpetuity.

Example: If a user must clear all cookies and cache to turn off consent granted to their webcam, this is a poor consent model.

 

Mike




-- 

/***********************************/
Greg Norcie ( <mailto:norcie@cdt.org> norcie@cdt.org)

Staff Technologist

Center for Democracy & Technology

1634 Eye St NW Suite 1100

Washington DC 20006

(p) 202-637-9800

PGP:  <http://norcie.com/pgp.txt> http://norcie.com/pgp.txt


Fingerprint:  
73DF-6710-520F-83FE-03B5
8407-2D0E-ABC3-E1AE-21F1

/***********************************/

Received on Monday, 17 August 2015 18:37:53 UTC