Date:  2009-10-28
From:  W3C Geolocation Working Group
Title: Response to Continuing Concerns about Geolocation Privacy

Dear Mark,

Thank you for your comments. We appreciate your spending time on
reviewing the W3C Geolocation API specification.

The question of whether or not privacy policy should be included in
the Geolocation API itself, or rather addressed as a set of
recommendations and requirements in the specification, has been
extensively discussed by the working group. In particular, both the
original and modified Geopriv proposals were discussed over a period
of several months before, during and after the f2f meeting in December
2008. In the end the consensus among the group members was to not
adopt either of the Geopriv proposals.

The discussions and conclusions were tracked here:

- Should the Geolocation API include privacy information? :
http://www.w3.org/2008/geolocation/track/issues/2
- GEOPRIV WG proposal for privacy within the API :
http://www.w3.org/2008/geolocation/track/issues/4

The fact that the working group decided not to adopt the Geopriv
proposals does not mean that the group didn't manifest concerns about
users' privacy. The intense discussions around this issue did
contribute significantly to the wording of the privacy considerations
section of the specification:

- What should the Recommendation state about security and privacy
considerations? : http://www.w3.org/2008/geolocation/track/issues/5

The working group concluded that privacy protection is better handled
as part of a more generic privacy and security framework for device
access. The recently formed Device API and Policy Working Group is
chartered to develop precisely such a framework
(http://www.w3.org/2009/05/DeviceAPICharter).

Please acknowledge receipt of this email to public-geolocation@w3.org
by November 12 2009.
In your acknowledgment please let us know whether or not you are
satisfied with the working group's response to your comment.

On behalf of the W3C Geolocation Working Group,
Lars Erik Bolstad, Angel Machin