- From: Nick Doty <npdoty@ischool.berkeley.edu>
- Date: Fri, 29 Sep 2017 12:55:59 -0700
- To: Michael Cooper <cooper@w3.org>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-Id: <92962136-B75F-43F4-ACC3-AB9F40EF6D36@ischool.berkeley.edu>
We discussed the Timeouts criterion and privacy note on this week's Privacy Interest Group teleconference. > Where data can be lost due to user inactivity, users are warned at the start of a process about the length of inactivity that generates the timeout, unless the data is preserved for a minimum of 24 hours of user inactivity. > > Note > Privacy regulations may require explicit user consent before user identification has been authenticated and before user data is preserved. In cases where the user is a minor, explicit consent may not be solicited in most jurisdictions. Consultation with privacy professionals and legal counsel is advised when considering data preservation as an approach to satisfy this success criterion. It wasn't clear to me that this level of detail regarding privacy and legal compliance in different jurisdictions is helpful or indicated. Explicit consent for user identification seems to be irrelevant. I don't know that minors can't give consent to entering data into a web form or having it stay in their browser. Noting that there may be a privacy tension to retention (either client-side or server-side) of entered data does seem valuable. There are privacy impacts both from a site retaining data that a user didn't intend and from client-side retention which might allow a subsequent user of the device to see entered information. (Related concerns regarding security were discussed in the development of the success criterion.) Whether these notes are necessary in the Success Criterion or in the Understanding document wasn't clear to us; it seems like https://www.w3.org/WAI/WCAG21/Understanding/21/timeouts.html <https://www.w3.org/WAI/WCAG21/Understanding/21/timeouts.html> has not currently been completed. If other public-privacy folks have comments, we can collect them here and send along to the official AGWG address. Deadline noted below is 10 October. Cheers, Nick > On Sep 12, 2017, at 8:00 AM, Michael Cooper <cooper@w3.org> wrote: > The Accessibility Guidelines Working Group has published an updated Working Draft of Web Content Accessibility Guidelines (WCAG) 2.1: > https://www.w3.org/TR/WCAG21/ <https://www.w3.org/TR/WCAG21/> > This draft has all the new Success Criteria that the Working Group plans to add to WCAG 2.1, so this is the version on which the WG requests wide review and horizontal review. The Working Group plans to publish another Working Draft in November that addresses comments and then transition to CR, so comments on this draft are critical. Comments are requested by 10 October 2017. > > To comment, the Working Group requests input be filed as new issues at: > https://github.com/w3c/wcag21/issues/ <https://github.com/w3c/wcag21/issues/> > or by email to: > public-agwg-comments@w3.org <mailto:public-agwg-comments@w3.org> > Success Criteria that may particularly need Privacy review: > > Timeouts https://www.w3.org/TR/WCAG21/#timeouts <https://www.w3.org/TR/WCAG21/#timeouts>
Received on Friday, 29 September 2017 19:56:22 UTC