- From: ianbjacobs <notifications@github.com>
- Date: Tue, 27 Sep 2016 10:31:02 -0700
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
- Message-ID: <w3c/browser-payment-api/issues/229/249937391@github.com>
The more I consider this (including the guidance in the mediacapture spec), the less I am inclined to provide specific guidance. Here is an update that exposes a few more considerations. Guidance is limited to "please consult appropriate good practice documentation". Ian =========== PROPOSED: Capturing user information (payment credentials, shipping address, etc.) exposes personally-identifiable information to applications. The user agent should never share user information to the web page without user consent. For a number of reasons, this specification does not recommend particular practices for establishing user consent: * What constitutes user consent from a regulatory perspective may vary by jurisdiction. * Users provide consent through a variety of mechanisms, both case-by-case (e.g., one-time click-through agreement) and persistent (e.g., contractual agreements that involve a single user interaction, user agent settings, and operating system settings). * There are numerous good practices for establishing consent, such as clear notice to the user about implications of an action, usability of configuration interfaces to view and change user decisions, and avoiding unnecessary prompts. Developers should therefore consult up-to-date good practice documentation, which may vary by region, browser, operating system, and payment system. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/issues/229#issuecomment-249937391
Received on Tuesday, 27 September 2016 17:31:33 UTC