- From: Adrian Bateman <adrianba@microsoft.com>
- Date: Fri, 7 Oct 2016 13:20:50 +0000
- To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>, Ian Jacobs <ij@w3.org>
- CC: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, Adam Roach <abr@mozilla.com>, "Telford-Reed, Nick" <Nick.Telford-Reed@worldpay.com>, Adrian Hope-Bailie <adrian@ripple.com>
> On Fri, Oct 07, 2016 at 05:38:19, Lukasz Olejnik (W3C) wrote: > The UA MUST inform about the past and current uses of the API " That seems unnecessary. When someone is trying to checkout in an online store, they don't expect to see all the times other web sites might have called the API. The question at hand here is the degree to which user consent can be defined in a technical specification where UX is out of scope. We have lots of experience in other working groups of trying to specify this and given the different legal and regulatory environments around the world, I posit that we should not be trying to specify such policy in this kind of document. It is sufficient to be clear that UAs will not release information in the absence of consent, whatever form that takes.
Received on Friday, 7 October 2016 13:21:40 UTC