privacy questionnaire from Mike O'Neill on 2015-08-15 (public-privacy@w3.org from July to September 2015)

From: Mike O'Neill <michael.oneill@btinternet.com>
Date: Sat, 15 Aug 2015 21:41:25 +0100
To: "'public-privacy $W3C mailing list$'" <public-privacy@w3.org>, <gnorcie@cdt.org>
Message-ID: <0ce901d0d79a$c1a8b960$44fa2c20$@btinternet.com>

Hi Greg,

 

I think it would be a good idea to mention consent expiry in the
questionnaire. Cookies and the DNT exception API have this capability, while
some other recent APIs do not. For example it is a pity that there is no
built in expiry for localStorage or indexedDB even though the prototype
implementations for them did.

 

How about this amendment to para 9 in the privacy section:

 

9. Can the user easily, preferably through an element of the GUI, revoke
consent granted to a particular feature? Once consent has been given is
there a mechanism whereby it is automatically revoked after a reasonable or
user configurable period? Explanation: Consent should not be a one time
affair, but an ongoing process. A user might forget they have given it or
someone else may have given it for them, so it should not be granted for
perpetuity.

Example: If a user must clear all cookies and cache to turn off consent
granted to their webcam, this is a poor consent model.

 

Mike

Received on Saturday, 15 August 2015 20:41:56 UTC