- From: Daniel Weitzner <weitzner@mit.edu>
- Date: Tue, 18 Oct 2016 20:03:54 +0000
- To: Adrian Bateman <adrianba@microsoft.com>, "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>, Ian Jacobs <ij@w3.org>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, Adam Roach <abr@mozilla.com>, "Telford-Reed, Nick" <Nick.Telford-Reed@worldpay.com>, Adrian Hope-Bailie <adrian@ripple.com>
- Message-ID: <CAM5xY4ctcbh18a_8Yqg6rxezr_DbTuCfBdZ1YvHPeTov-am-GQ@mail.gmail.com>
Ian - thanks for the opportunity to comment. I agree that there is complexity here and that it is not advisable to try to specify a complete UX experience. However, the specification over-emphasizes the degree of regional variation in best practice and is likely to encourage implementers to through up their hands. There is nothing in the proposed language that a developer can implement, so many will do nothing. Or, if they work for a responsible organization, they will talk to their lawyers. Just because there isn't global agreement on what is required it does not mean that W3C should wash its hands of enabling some minimum standard best privacy practice. Good minimum privacy practice when handling personal data requires transparency for users and the various intermediaries along the way who use this data. For users, when personal data is transferred, there should be a clear policy about how it is handled. That is, I would argue, the minimum required by nearly all legal systems and is just plain good design. For implementers, when receiving or processing personal data, they should know whether the user has consented to the transfer and under what terms. To enable user agent developers to meet these goals, I would simply provide a mechanism in the protocol to indicate two facts: (a) was user consent provided? (could be a boolean or a JSON object) (b) under what policy (specified by a URI) By making these two simple pieces of data visible in the mechanism, W3C will provide users and implementers a tractable way to be sure that privacy issues are addressed and that the privacy conditions can easily travel along with the personal data through the API. W3C has been down the path of trying to specific the semantics of such policy (with P3P) and that was complicated. I don't suggest going back there. However, I do think it would be good practice to enable this protocol, which seems to be very careful about how to communication about mundane (but sensitive) things like shipping addresses (and which have considerable international variation), to also look at how to be sure that personal data is handled with awareness of privacy practice. Best Danny -- Daniel J. Weitzner, Principal Research Scientist Director, MIT Internet Policy Research Initiative Massachusetts Institute of Technology Tel: +1 617 253 8036 On Fri, Oct 7, 2016 at 9:24 AM Adrian Bateman <adrianba@microsoft.com> wrote: > > On Fri, Oct 07, 2016 at 05:38:19, Lukasz Olejnik (W3C) wrote: > > The UA MUST inform about the past and current uses of the API " > > That seems unnecessary. When someone is trying to checkout in an online > store, they don't expect to see all the times other web sites might > have called the API. > > The question at hand here is the degree to which user consent can > be defined in a technical specification where UX is out of scope. > We have lots of experience in other working groups of trying to > specify this and given the different legal and regulatory > environments around the world, I posit that we should not be > trying to specify such policy in this kind of document. It is > sufficient to be clear that UAs will not release information > in the absence of consent, whatever form that takes. >
Received on Tuesday, 18 October 2016 20:31:40 UTC