- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 25 Apr 2012 20:40:17 +0200
- To: ifette@google.com
- Cc: public-tracking@w3.org
On Wednesday 25 April 2012 08:36:05 Ian Fette wrote: > > do you see an issue if we only talk about postal code? Is there another > > measure instead? > > I'm not sure what you mean by "is there another measure". Sites can > attempt to do finer grained geolocation for sure. Also, "postal code" is > not well defined in terms of privacy impact, FWIW. In the US, if you have > a postal code of 10002 I know you're in the lower east side of Manhattan. > (Basically, the area bounded by Houston to the north and Bowery to the > west). A fairly small area, but I guess probably still at least tens of > thousands of people living there. On the other hand, if you have a zip > code of 99684, I basically know you're in the area surrounding Unalakleet > AK, which is a very large geographic area (somewhere around 2,000 km^2) > but a very small population (around 760). Or, a more extreme example, > 99832 is Pelican, AK which is narrowing it down to 125 people. See, this is what I meant. We have geo-coordinates and things. Must it be the postal code only because marketing in certain western countries works with the postal code? I have my doubts and I expressed those doubts. > > Maybe this is fine and intended, but I think a lot of us are used to > thinking about postal codes in large US cities. > > Another interesting example is Canada. Go to Google Maps and search for > H2M 2M4. That's basically a subsection of a single block in Montréal (it > seems to identify somewhere around 5 apartment buildings that look like > they have about 4 units each from google maps satellite view). Yes, this matches exactly my concerns, but I also have concerns that the geolocation folks use geo-coordinates and the others use postal code. There is a friction ahead. This is my main concern. As geolocation is highly sensitive I wonder how we can come up with something sensible. EU needs consent anyway by law (very explicit in Directive 2002/58EC). As the geolocation API requires consent anyway, the only question remaining may be whether we accept DNT:0 as consent as required by the geolocation API > > > So, I'm not really sure what guidance we're actually giving people. Agree, we can do better IMHO. But at the same time try to reduce implementer burden. > > > And I agree that we have some logical break if the geolocation wants > > consent > > and the DNT specification says tracking at postal code level is fine. > > But > > IMHO this is a tricky issue. So leaving the break where it is is an > > option IMHO. > > I don't understand what the current state is. The spec seems to imply you > can't use fine grained geolocation if user sends DNT:1, but the Geo API > has express user consent. I don't think leaving the ambiguity is a good > idea. True, so let's fix that. One phrase needed IMHO. Geolocation API consent tops DNT. But what about DNT;1 received a long time after the Geolocation consent? Rigo
Received on Wednesday, 25 April 2012 19:58:34 UTC