Seeking feedback on "user consent" text in Web Payments Working Group specification from Ian Jacobs on 2016-10-06 (public-privacy@w3.org from October to December 2016)

From: Ian Jacobs <ij@w3.org>
Date: Thu, 6 Oct 2016 10:22:03 -0500
To: public-privacy@w3.org
Cc: Adam Roach <abr@mozilla.com>, "Telford-Reed, Nick" <Nick.Telford-Reed@worldpay.com>, Adrian Hope-Bailie <adrian@ripple.com>
Message-Id: <5DCE81B0-952D-4B49-96B7-4613E4D04FC6@w3.org>

Dear Privacy IG,

The Web Payments WG’s draft “Payment Request API” [1] involves user actions
to share some information with a merchant (e.g., credit card details, shipping address).
We would like to make it clear in the specification that that information should not be
shared without user consent. Opinions vary on how much (if any) guidance to provide
about securing user content.

I would like to ask for your review of the proposal below, which would appear in
our “Privacy Considerations” (section 18). Please let me know whether you find the text
below useful and sufficient.

For comparison, an analogous section in the Media Capture and Streams specification goes into
greater detail:
 https://w3c.github.io/mediacapture-main/getusermedia.html#privacy-and-security-considerations

Thank you,

Ian

[1] https://w3c.github.io/browser-payment-api/

=================
Proposal for 18.1 Exposing user information

Capturing user information (payment credentials, shipping address, etc.) exposes personally-identifiable information to applications.
The user agent should never share user information to the web page without user consent.

For a number of reasons, this specification does not recommend particular practices for establishing user consent:

 • What constitutes user consent from a regulatory perspective may vary by jurisdiction.

 • Users provide consent through a variety of mechanisms, both case-by-case (e.g., one-time click-through agreement)
          and persistent (e.g., contractual agreements that involve a single user interaction, user agent settings, and operating system settings).

 • There are numerous good practices for establishing consent, such as clear notice to the user about implications of an action,
          usability of configuration interfaces to view and change user decisions, and avoiding unnecessary prompts. Developers should
          therefore consult up-to-date good practice documentation, which may vary by region, browser, operating system, and payment system.

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447

Received on Thursday, 6 October 2016 15:22:15 UTC