- From: Rigo Wenning <rigo@w3.org>
- Date: Thu, 31 May 2001 17:23:18 +0200
- To: www-p3p-policy@w3.org
On Thu, May 31, 2001 at 09:05:00AM -0400, Martin Presler-Marshall wrote: > Rick asked: [...] > > > 2) Notification > > What are your suggestions for conveying privacy information to > > users over the phone - is text to speech on a human readable text file > > enough, do we need a to text to speech the policy file also? > You certainly don't want to text-to-speech the XML version of the P3P > policy. I would say that in a voice-accessible system, users would expect a > voice-based, "human-interpretable" privacy policy. If the system is both > Web-accessible and voice-accessible, then the Web-side should have a P3P > policy attached. I could imagine, that it might be convenient to have different text-to-speech versions for different languages generated from the P3P-XML Policy. But this has nothing to do with the P3P Specification. > > > 3) Accessible/Updateable > > Is is it acceptable that some information not be changeable > > or accessible over the phone, like for instance, income > > level? Does the fact that information is stored and used in > > several arenas (web ui, telephone ui) mean the info must be > > accessible/updateable in at least one arena or all of them? > Deciding how much data to make accessible is the job of the service > provider, and you certainly shouldn't allow access to personal information > with authenticating the requester. Also, the P3P spec says that "The method I doubt whether you meant with or rather without.. I don't want, that anybody can access my personal information at a certain service provider. I want this access limited to me.. > of access is not specified" - it's only that access is required. Thus, > access through only one mode (voice, Web, etc) is certainly acceptable. Note, that the EU Data Protection Directive requires access to personally identified information, but doesn't specify the mode of access. So you are free to design your system and describe it. There is no rule, that requires access to information by the same channel by which it was collected.. Best, Rigo Wenning W3C/INRIA Policy Analyst Privacy Activity Lead mail:rigo@w3.org 2004, Routes des Lucioles +33 (0)6 73 84 87 31 F-06902 Sophia Antipolis http://www.w3.org/
Received on Thursday, 31 May 2001 11:23:19 UTC