Versions Compared

Old Version 13

changes.mady.by.user Dana Ayotte

Saved on

compared with

New Version Current

changes.mady.by.user Dana Ayotte

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Introduction

...

Some of the terms used in this document are based on the “Personal Information Protection and Electronic Documents Act” (PIPEDA).  They are defined here.

...

An organization or service shares information it has collected with external third parties.

Information Model

privacyPreferences

The container for all of the user's privacy preferences. In JSON:

...

 implies using the default settings for all of the user's privacy preferences.  Default settings are indicated using bold text.

privacyPreferences.thirdPartyTracking

Defines a set of Boolean preferences with respect to third parties tracking of a user's behaviour, and whether to alert the user of any tracking.  If the user preference is to block all tracking, and that preference is actually enforced, then the alert preference is superfluous  The default preference is to prohibit all tracking by third parties.

...

Highlight

"privacyPreferences": {

"thirdPartyTracking": {

"doNotTrack": "onLeaveSite",

"alerts": true

}

}



privacyPreferences.thirdPartyScripts

Provides preferences for restriction of

...

 on a web page or site. There is no default setting in this case, since the preference is specified in the context of the page or site.  Since there can be numerous sites and pages that these settings apply to, the thirdPartyScripts preference is an array of restrictions on a per site or per page basis.  Each site or page is defined by a URI.

  • site or page:
    • Value: URI of the site or the page to which to apply the user’s preferred restrictions
  • allow:
  •  Value: one
    • of
  • of 


Highlight

true,

...

 false,

or 

Highlight

temporarily.

    • true: allow all scripts

      • false: block all scripts

      • temporarily:  allow all scripts to run for the current session.  That is, when the user leaves the site or page, the preference switches to false.


Example:

  "privacyPreferences": {

...

"site": "www.nefarious.org",

"allow": false

}]

}

privacyPreferences.locationTracking

Provides a set of values and a whitelist of services that track the location of the user.  The default is to not allow any service to track the user’s location.  A service is specified using a URI, designated as a serviceURI.

User’s can allow all services to track them, or allow no services to track them, or allow only a set of trusted services to track.  If the latter, the preferences allow the user to specify a list of trusted services.

  • locationTracking:

    • Value:  none (default), all, or a whitelist of trusted services

    • none: indicates no location tracking is permitted by any service

    • all: indicates that all services are allowed to track the user’s location

    • array of serviceURIs:  a list of trusted services that are allowed to track the user’s location.

Examples:

The first two examples show all that is necessary to specify no tracking or, in contrast, tracking by any service.  The third example shows how to state preferences for only trusted services.

Example 1 -- no service can track:

  "privacyPreferences": {

      "locationTracking": "none"

  }

Example 2 -- all services can track:

  "privacyPreferences": {

      "locationTracking": "all"

  }

Example 3 -- trusted services can track:

  "privacyPreferences": {

...

"serviceURI",

"serviceURI",

  ]

   }

privacyPreferences.sharingContacts

A set of values and a whitelist of services with respect to sharing the user’s contacts (e.g., address book).  The default is to disallow any contact sharing.

...

  • sharingContacts:

    • Value:  off (default),on, an optional askMeFirst, or a whitelist of trusted services.

    • off: indicates that the user does not want to share their contacts with any service

    • on: indicates that the user is willing to share their contacts with all services

    • A structure that contains a Boolean value followed by a whitelist:

    • askMeFirst:

    • Value: true or false

    • true: indicates the system needs to alert the user that they are about to share their contacts with services in their whitelist, and confirm that the user wants to share.

    • false: indicates that the system does not alert the user about sharing their contacts with the services in their whitelist.

    • whiteList:

    • Value: a list of trusted services.  If a service is not listed, then contacts are not shared with that service.  Each service is specified using a string.

Examples:

The first two examples show all that is necessary to specify no sharing or, in contrast, sharing with any service.  The third and fourth examples show how to state preferences for only trusted services, with and without confirmation.

Example 1 -- do not share contacts with any service:

  "privacyPreferences": {

      "sharingContacts": "off"

  }

Example 2 -- share contacts with all services:

  "privacyPreferences": {

      "sharingContacts": "on"

  }

Example 3 -- share contacts only with trusted services, but only with user’s confirmation:

  "privacyPreferences": {

...

               "..."

           ]

      }

 }

Example 4 -- share contacts only with trusted services, but without user’s confirmation:

  "privacyPreferences": {

...

              "..."

          ]

      }

 }

privacyPreferences.clearHistory

Defines which of a user’s browser history features are to be forgotten, and when.  The browser features are history, downloads, passwords, autofill form data, and the cache.  A special case is where users do not want these features recorded in the first place.  This is represented as the special time period “neverRemember”, meaning do not record or store historical information.

  • clearHistory:

    • Value: a set of browser features with an associated frequency for periodically clearing that feature.  All browser features MUST be listed.  The features to clear are:

    • history

    • downloads

    • passwords

    • autofillFormData

    • cache

    • The associated time periods are:

    • neverRemember,

    • hourly,

    • daily (default),

    • weekly,

    • monthly,

    • neverDelete,

    • onQuit

Example:

This example shows a list of all the different browser features and how frequently they should be cleared.

...

          "cache": "daily"

      }

  }

privacyPreferences.eraseAfterUsing

Defines whether specific personal information, which has been provided, needs to be erased and forgotten immediately after its use.  An example is providing one’s credit card information for making a purchase.  When the purchase is complete, and the information is no longer needed, this preference indicates that the user expects their credit card information will be erased.

  • eraseAfterUsing:

    • Value:  true (default) or false.

    • true:  indicates that personal information is erased immediately after use.

    • false: indicates that personal information is retained.

Example:

This example indicates that personal information should be erased immediately after it is no longer needed.

...

      "eraseAfterUsing": true

  }

privacyPreferences.allowAdvertising

Defines a set of values and a whitelist of advertisements.  The default is to not allow any advertisements.

...

  • allowAdvertising:

    • Value:  off (default), on, or a whitelist of targeted advertisements.

    • off:  indicates no advertising is allowed

    • on:  indicates that all advertising is allowed

    • array: a list of allowed advertisements.  Each advertisement is idenitified as a serviceURI

Examples:

The first two examples show all that is necessary to prohibit any advertisements or, in contrast, allow all advertisements by any service.  The third example shows how to state preferences for only targeted advertisements.

Example 1 -- no advertisements:

  "privacyPreferences": {

      "allowAdvertising": "on"

  }

Example 2 -- all advertisements:

  "privacyPreferences": {

      "allowAdvertising": "off"

  }

Example 3 -- trusted services can track:

  "privacyPreferences": {

...

"serviceURI",

"serviceURI",

  ]

   }

privacyPreferences.cookies

The “cookies” preference is a container for a number of privacy settings with respect to the creation of cookies, the sharing of cookie data, and when to force the expiration of a cookie.

  • allowCreation:

    • Value:  never, always, fromOriginalService (default),askFirst, or a whitelist of trusted services.

    • never: indicates that cookie creation of any kind is not allowed.  Note that this may mean that a given page or site might not work as expected, especially if it cookies are required for normal functionality

    • always: indicates that there are no restrictions on cookie creation

    • fromOriginalService: indicates that cookie creation is allowed if the site currently visited is creating the cookie.  Third party cookie creation from the same page is not allowed.

    • askFirst: requires the system to present a confirmation dialog to the user to confirm if a cookie or cookies can be created when a service attempt is to do so.

    • A whitelist of trusted services: an array of serviceURIs representing trusted services that are allowed to create cookies

      allowSharing:

    • Value: never (default), always, askFirst, or a whitelist of trusted services.

    • never: indicates that cookie sharing of any kind is not allowed.

    • always: indicates that there are no restrictions on cookie creation

    • askFirst: requires the system to to present a confirmation dialog to the user asking if a cookie or cookies can be shared.

    • A whitelist of trustedServices: an array of serviceURIs representing trusted services with which sharing cookies are allowed

    expiration:

    • Value: endOfSession, whenLeavingSite (default), daily, weekly

    • endOfSession: indicates that cookie data is to be erased at the end of the session

    • onLeaveSite: indicates that cookies are erased when the user leaves the site.

    • daily: indicates that cookies are deleted at the end of the day

    • weekly: indicates that cookies are deleted at the end of the week

Examples:

  "privacyPreferences": {

...

          "expiration": "endOfSession"

      }

  }

privacyPreferences.dataControl

This group of preferences allows users to view, update, delete, set expiration dates, and ask for details about how their information is being used or disclosed.  The preferences represent user requests about their personal information as managed by some organization. The preferences or requests is on a per-organization basis.  Organizations are specified by a serviceURI.  Since a user can supply information to multiple organizations, the dataControl preferences are a list of requests for each organization.

...

  • viewAll: user wants to view all data held by the organization

  • editUpdateAll: user wants to update the accuracy of their data, and submit changes back to the organization

  • howUsed:  user requests an explanation as to how their data is being used by the organization

  • howDisclosed: user requests which third parties the organization has disclosed their personal information to, and for what purposes.

  • deleteAll: user wants to delete all the personal information held by the organization

    expiration: user specifies when their personal information is to be deleted

    • Value: ISO-8601 specification of date/time

Example:

  "privacyPreferences": {

...

     "expiration": "2017-04-05T14:30Z"

      }]

  }

Full Preference Set Example

  "privacyPreferences": {

...