Geolocation compliance (ACTION-165)

Currently the definition/compliance document states "Geo-location
information that is more granular than postal code is too granular.
Geolocation data must not be used at any level more granular than postal
code. Note that while the number of people living in a postal code varies
from country to country, postal codes are extant world-wide.
If specific consent has been granted for the use of more granular location
data, than that consent prevails."

There exists a browser API to gain potentially very fine-grained
(GPS-level) location information, this has a built-in consent mechanism.

I would propose adding into Non-Normative Discussion in the geolocation
compliance section the following.

"The Geolocation API [1] available in web browsers is one mechanism by
which fine-grained location information can be requested by a website. This
API ensures that location information is only sent with the express
permission of the user. Use of this API would be an example of specific
consent being granted for the use of more granular location data. A user
explicitly typing a location into a website, such as entering an address in
a form or selecting a location on a map, would also be an example of
specific consent being granted."

with the link to the API for [1] at


Received on Wednesday, 25 April 2012 02:37:25 UTC