charter: plan for getting user consent #101
Labels
needs-resolution
PING expects this item to be resolved to their satisfaction.
s:trace-context
https://w3c.github.io/trace-context/
wg:distributed-tracing
https://www.w3.org/groups/wg/distributed-tracing
This is a tracker issue. Only discuss things here if they are privacy group internal meta-discussions about the issue. Contribute to the actual discussion at the following link:
§ w3c/distributed-tracing-wg#36
Copy of issue text:
On the assumption that the new specs being developed are intended to touch the browser (see w3c/distributed-tracing-wg#35)...
This technology looks at best like third-party cookies come back from the grave and at worst like more invasive active spyware. While generally unacceptable, that might be tolerable in some limited contexts, like having it deliberately and explicitly turned on for limited time intervals for debugging purposes. To that end, how does the WG intend to request informed consent from the user? Do you need protocol elements to ask for it in real time? If so, please add appropriate work items to the charter. Contemplate how to ask for consent for different time intervals (e.g. 90 seconds for automated debugging, 15 minutes for human-involved debugging, or 24 hours for intermittent issues, how to deal with language issues, and how to scope the consent to the least-invasive possible form (e.g. listing specific domains or even hosts). (Yes, these are hard problems.)
The text was updated successfully, but these errors were encountered: