- From: <Frederick.Hirsch@nokia.com>
- Date: Wed, 19 Jan 2011 02:00:26 +0100
- To: <public-device-apis@w3.org>
- CC: <Frederick.Hirsch@nokia.com>
The following open issues are related to privacy. Below I list some possible resolutions, next steps/actions and comments. ISSUE-34 Protecting data versus protecting apis 2009-10-21 APIs — General I would argue both need consideration, privacy considerations directly related to data itself and access control at a coarser level for APIs. The aspect of protecting APIs should probably be mentioned in our Permissions draft (and also APIs Requirements) and privacy related to data needs work like Rulesets, I would suspect. --- ISSUE-64 "Generic" sensors may permit discovering sensitive information 2010-01-06 System Information and Events API This is a legitimate concern and I would recommend a note in the Systems Information draft to this effect. We do have some privacy considerations but they could probably be revised to make this concern clearer. --- ISSUE-78 Capture has a minimisation problem with EXIF data (e.g. it could be Geotagged) 2010-03-16 Capture API Media Capture has a highlighted note on the topic, HTML media capture mentions it parenthetically. I propose the HTML Media Capture have a note added similar to that in Media Capture. --- ISSUE-86 Privacy issue about sharing other users contact information from own address book 2010-07-13 Contacts API I suggest following sentence be added as new paragraph at end of section 3.1: "Note that even if a user gives permission to share their contact information this can have privacy implications for those parties whose contacts are shared, as they may not wish such sharing to occur. This should be considered by web services when requesting and using such information." --- ISSUE-87 Degree of ruleset transmission with API calls, how often, which 2010-07-13 Privacy This issue seems to be the fundamental issue related to whether to adopt the Rulesets proposal. I suggest we publish the Rulesets draft to obtain wider feedback on the approach, with the understanding that this does not imply how the document will progress beyond Working Draft. --- ISSUE-88 User interaction for ruleset confirmation when multiple APIs are used to provide functionality, usability etc 2010-07-13 Privacy This issue is the "treating group of permissions as an application" and as such we could argue is not inconsistent with the general ruleset desire across all interfaces (e.g. user wants certain behaviour constency). This issue appears to state that ruleset preference could be stated at "application install" time in that model as opposed to on a per api call basis. --- ISSUE-89 Clarify how rulesets interact with pre-existing relationships 2010-07-13 Privacy duplicate of ISSUE-88? --- ISSUE-9 0 Create privacy best practices document for web site developer 2010-07-13 Privacy Need editorial action to create privacy best practices draft that the WG contributes to and publishes? --- ISSUE-91 Be clear to distinguish site (service) privacy policy versus included location provider policy etc 2010-07-14 Privacy suggest we close this issue as any approach we take would have to consider relationship of service provider to that approach --- ISSUE-95 Different regulatory environments and relationship to privacy and rulesets 2010-07-16 Privacy This note was added to Rulesets doc: "Jurisdiction-based configurations: There may be legal and other jurisdiction-based constraints that require web applications to perform certain operations on user data. With a small static set of rulesets, the result of these constraints may be that certain applications are unable to comply with particular rulesets" I would like to see action to describe concrete example and explain why it it is a concern. --- ISSUE-100 Subscribing to new messages should be done with filters and data minimization 2010-08-25 Messaging API is this moot now, if not what is the detail of the issue? --- regards, Frederick Frederick Hirsch Nokia
Received on Wednesday, 19 January 2011 01:01:07 UTC