Versions Compared

Old Version 2

changes.mady.by.user Mikael Linden

Saved on

compared with

New Version Current

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fix broken link & reference

...

However, the Data protection regulators and the groups developing and  enforcing   these regulations recognize that there is a balance between  full   disclosure  to meet the requirements and usability. A poor design  of the   user  interaction screens can actually reduce the likelihood  that users will understand what is happening.

 


1.1 Requirements from the Directive

...

Note: Introduction to Code of Conduct proposes to defer release of optional extra Attributes based on user consent until Phase 2. 


1.2 General Principles for informing the user

...

The UK information commissioner proposes a "layered approach"; the basic information is on the main page, and there is a hyperlink for detail.  Merely having a  clickable link labelled "privacy policy here" probably wouldn't be enough.

"A layered notice usually consists of a short notice plus a

...

longer notice. The short notice contains basic information, such as

...

the identity of the organisation and the way in which the

...

personal information will be used... The short notice contains a link to

...

a second, longer notice which provides much more detailed information."
(the UK information commissioner's Privacy Notices Code of Practice, "physical" page 18, PDF page 17)

The goal here is to provide a human readable form as the primary interface with the  ability  to click further to see what the 'technical'  data is. The AUPs presented by most Internet  services do not suffice as they are rarely read nor understood by  the users. The basic information should be provided as short accurate "user-friendly" descriptions; detailed information about "exactly what's going on" can be provided as a link. 

...

A good way to explain to a user why there is a transfer of   information is "your email, name and affiliation will be transfered, as   we do for international projects like Zyzzy, VO2 and Tjollabong".   Explaining by analogy is human, albeit not necessarily academic in all   disciplines. 


1.3 Recommendations

See SAML 2 Profile for the Data Protection Code of Conduct for details on the related SAML2 metadata elements.

...