Re: Geolocation compliance (ACTION-165) from Jonathan Mayer on 2012-04-25 (public-tracking@w3.org from April 2012)

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Wed, 25 Apr 2012 13:27:28 -0700
To: ifette@google.com
Cc: Rigo Wenning <rigo@w3.org>, public-tracking@w3.org
Message-Id: <596669E9-AC1C-4103-B90E-475DA09B2A9F@stanford.edu>
I support Ian's thinking.  Non-normative language pointing to the W3C geolocation API will be helpful to some implementers, and it will provide a nice example of an out-of-band (i.e. non-DNT: 0) consent mechanism.

Two friendly suggestions: First, I would include non-normative references to the geolocation API in both the consent and geolocation sections since it touches on both.  Second, I would provide contrast by citing other geolocation permission models that are insufficiently granular for third-party DNT purposes (e.g. smartphone OSes that support geolocation permissions per first-party app).

Jonathan

On Apr 25, 2012, at 8:36 AM, Ian Fette (イアンフェッティ) wrote:

> On Wed, Apr 25, 2012 at 12:30 AM, Rigo Wenning <rigo@w3.org> wrote:
> Hi Ian,
> 
> do you see an issue if we only talk about postal code? Is there another
> measure instead?
> 
> I'm not sure what you mean by "is there another measure". Sites can attempt to do finer grained geolocation for sure. Also, "postal code" is not well defined in terms of privacy impact, FWIW. In the US, if you have a postal code of 10002 I know you're in the lower east side of Manhattan. (Basically, the area bounded by Houston to the north and Bowery to the west). A fairly small area, but I guess probably still at least tens of thousands of people living there. On the other hand, if you have a zip code of 99684, I basically know you're in the area surrounding Unalakleet AK, which is a very large geographic area (somewhere around 2,000 km^2) but a very small population (around 760). Or, a more extreme example, 99832 is Pelican, AK which is narrowing it down to 125 people.
> 
> Maybe this is fine and intended, but I think a lot of us are used to thinking about postal codes in large US cities.
> 
> Another interesting example is Canada. Go to Google Maps and search for H2M 2M4. That's basically a subsection of a single block in Montréal (it seems to identify somewhere around 5 apartment buildings that look like they have about 4 units each from google maps satellite view).
>  
> 
> So, I'm not really sure what guidance we're actually giving people.
> 
> I think we should tell the geolocation folks to also look
> at our specification if DNT can be utilized for better consent interfacing
> in case of location services.
> 
> 
> Disagree, the notion of providing geolocation and retention are separate
>  
> And I agree that we have some logical break if the geolocation wants consent
> and the DNT specification says tracking at postal code level is fine. But
> IMHO this is a tricky issue. So leaving the break where it is is an option
> IMHO.
> 
> 
> I don't understand what the current state is. The spec seems to imply you can't use fine grained geolocation if user sends DNT:1, but the Geo API has express user consent. I don't think leaving the ambiguity is a good idea.
>  
> Best,
> 
> Rigo
> 
> On Tuesday 24 April 2012 19:36:56 Ian Fette wrote:
> > Currently the definition/compliance document states "Geo-location
> > information that is more granular than postal code is too granular.
> > Geolocation data must not be used at any level more granular than postal
> > code. Note that while the number of people living in a postal code varies
> > from country to country, postal codes are extant world-wide.
> > If specific consent has been granted for the use of more granular location
> > data, than that consent prevails."
> >
> > There exists a browser API to gain potentially very fine-grained
> > (GPS-level) location information, this has a built-in consent mechanism.
> >
> > I would propose adding into Non-Normative Discussion in the geolocation
> > compliance section the following.
> >
> > "The Geolocation API [1] available in web browsers is one mechanism by
> > which fine-grained location information can be requested by a website.
> > This API ensures that location information is only sent with the express
> > permission of the user. Use of this API would be an example of specific
> > consent being granted for the use of more granular location data. A user
> > explicitly typing a location into a website, such as entering an address
> > in a form or selecting a location on a map, would also be an example of
> > specific consent being granted."
> >
> > with the link to the API for [1] at http://www.w3.org/TR/geolocation-API/
> >
> > -Ian
>
Received on Wednesday, 25 April 2012 20:27:59 UTC