- From: Marcos Cáceres <notifications@github.com>
- Date: Fri, 22 Sep 2017 06:34:35 +0000 (UTC)
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-request/pull/628/review/64492573@github.com>
marcoscaceres commented on this pull request. > @@ -3320,6 +3320,11 @@ The <a>user agent</a> MUST NOT share information about the user with a developer (e.g., the shipping address) without user consent. </p> + <p> + The <a>user agent</a> MUST NOT share sales information beyond the payment So, not really... the budget thing is just an example to illustrate a point... it wouldn't ever be any sort of baked in API in the browser. Don't get hung up on it. The point I'm trying to make is: 1. The W3C or this Working Group can't actually control what happens with `displayItems`. We can sprinkle MUST or MUST NOT or whatever on things, but these are just, literally, "Recommendations" (i.e., not laws, etc. or anything remotely enforceable - if we want real data protection, then that's what government regulations are for). 1. When we do sprinkle specs with RFC2119 keywords, it's a best hope thing. So best we can do is kindly ask that, if any browser is going to share this information with a third-party app, they at least have the decency to ask the user if that's ok (my proposed text). We can see already that Google is doing the right thing and not sharing `displayItems` with third party apps - but who is to say if others won't in the future... but again, if they choose to... they should have the decency to put the user in control. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/pull/628#discussion_r140420817
Received on Friday, 22 September 2017 06:34:58 UTC