Bcc

Hello all,

I had just a couple of my own comments to follow up on CDT's last call privacy comments and the "intended usage notification" thread that lingered and languished on this list a few months ago.

First of all, I'd like to second CDT's request to hear from other members of this list as to whether implementors of the API or users of the API that don't fulfill all the normative requirements in "Privacy considerations for implementors of the Geolocation API" and "Privacy considerations for recipients of location information" will be officially non-conformant with the API.

For example, Flickr's mobile website provides a "Photos taken nearby" feature which makes use of the draft Geolocation API. But Flickr apparently doesn't clearly and conspicuously disclose how long location data is retained, how location data is secured or whether location data is shared -- the "Your Privacy" link doesn't describe any uses or practices around location data. I might conclude from following another link that the "Yahoo! Privacy Policy" covers my location information, but it's never described explicitly and I couldn't definitively determine if my location information was stored or shared.

What does the WG intend by requiring recipients to "clearly and conspicuously disclose"? Is disclosure within a long Privacy Policy sufficient? Or do we expect location information to be addressed explicitly and before location information is requested? Also, will the W3C have any power to enforce or judge implementations or (ab)uses of the API?

Second (and I bring this up specifically because it might address ambiguities with the normative privacy considerations), I wasn't sure we ever came to a satisfactory conclusion on whether to allow requesters of location information to specify in their request how location information will be used, how long it will be kept or whether location information will be transmitted to 3rd parties. While Doug, Greg, Andrei and Ian proposed that allowing websites to present information about their usage would let them deceive users, Martin, Henning, Max and I thought that some additional context about how location information will be used would be valuable for user privacy.

Could we find some middle ground where requesters can't place arbitrary text which could deceive, but can fill in a timestamp for how long data will be kept and a flag for whether it will be shared? If not in V1, can we open an Issue to reconsider this question in V2? Again, this could help clarify ambiguities around "conspicuous disclosure", address concerns about privacy protection or even provide an easier step towards associating Geopriv-style permissions with location data.

Thanks,
Nick Doty
UC Berkeley School of Information