- From: dillonstreator <notifications@github.com>
- Date: Sun, 05 Jul 2026 08:26:48 -0700
- To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/clipboard-apis/issues/154/4886554793@github.com>
dillonstreator left a comment (w3c/clipboard-apis#154) Another use case worth considering: web apps that handle regulated data (healthcare, legal, finance). The discussion so far has centered on passwords and OTPs, but there's a whole class of applications where a developer-supplied sensitivity hint would be a useful privacy control. Think PHI in healthcare apps (HIPAA), privileged material in legal tools, or special-category PII under GDPR. Most of these applications are web-based now (EHRs, case management systems, patient portals) and copy/paste is a core workflow. A clinician copying a medical record number or lab result between systems is an everyday thing. On Windows with Cloud Clipboard enabled, that content gets uploaded to Microsoft's servers and synced across devices. Handoff does similar roaming on Apple platforms. For a covered entity, that's regulated data silently leaving the controlled environment. Native apps can prevent this today (`CanUploadToCloudClipboard`, `ExcludeClipboardContentFromMonitorProcessing`, `org.nspasteboard.ConcealedType`) but web apps have no equivalent, which is a real platform gap for these industries. This use case also speaks to a couple of earlier questions in the thread: 1. On "how would an application determine whether something is sensitive?": regulated applications aren't guessing. They have a legal obligation to classify this data and already do so internally. The hint just gives them a way to express a classification they already have. 2. It supports the per-capability design discussed above (history vs. roam) rather than a single boolean. Keeping PHI in local clipboard history may be acceptable in some deployments while cloud sync is not. On user overrides: even if the UA ultimately lets users override the hint, it still has value for this class of app, since it gives enterprise or UA policy something concrete to enforce. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/clipboard-apis/issues/154#issuecomment-4886554793 You are receiving this because you are subscribed to this thread. Message ID: <w3c/clipboard-apis/issues/154/4886554793@github.com>
Received on Sunday, 5 July 2026 15:26:52 UTC