The challenge addressed by this proposal is the lack of standardized privacy settings and cookie handling across websites on the web. Currently, each website implements its own privacy settings and cookie management methods, leading to a fragmented user experience and excessive bloat in the form of notifications and dialogs. This proposal aims to provide a solution at the browser level by introducing a standardized Privacy Policy API.
Use Cases
Consistent Privacy Settings: Users will be able to set default privacy settings at the browser level, such as accepting or declining all cookies, blocking third-party cookies, or customizing privacy preferences.
Simplified Experience: Websites will no longer need to implement their own privacy settings and consent mechanisms, reducing the number of intrusive pop-ups, notifications, and dialogs that disrupt the user experience.
Reduced Website Complexity: Website developers can focus on core functionality rather than implementing and maintaining complex privacy management systems, resulting in cleaner and more efficient websites.
Goals
To be considered successful, this proposal must:
Define a standardized Privacy Policy API that can be implemented by browser vendors.
Provide a clear and easy-to-use interface for users to manage their privacy settings.
Support various privacy preferences, such as accepting or declining all cookies, blocking third-party cookies, and managing consent for personalized ads.
Enable seamless integration with existing web technologies and frameworks.
Ensure cross-browser compatibility and consistent behavior across different platforms.
Non-goals
This proposal does not aim to:
Address website-specific privacy policies or legal requirements.
Dictate specific privacy settings or impose a one-size-fits-all approach.
Replace existing web standards or technologies related to privacy and security.
Proposed Solution
The proposed solution is to introduce a Privacy Policy API at the browser level. This API would provide a standardized interface for users to manage their privacy settings and preferences. The API could include methods to set default privacy preferences, manage cookie behavior, and control consent for personalized ads. It would also allow users to change Privacy Settings on origin-based level.
In this example, the navigator.privacyPolicy object is used to set default privacy preferences obtained from the browser for the specific origin. The dataCollection property represents the default settings for different types of data collection, such as email, phone number, and geolocation. These default settings are obtained from the browser.
Similarly, the cookies property represents the default settings for different cookie categories, such as essential, analytics, advertising, tracking, and personalization cookies. These default settings are also obtained from the browser.
If the user interacts with a notification or consent prompt on the website related to analytics cookies, for example, you can use JavaScript to update the privacy settings for that specific origin by modifying the navigator.privacyPolicy object accordingly.
navigator.privacyPolicy.cookies.analytics = true
This should probably be conveyed in UI to avoid malicious abuse.
Alternate Approaches
While this proposal suggests a browser-level Privacy Policy API, alternative approaches could include:
Browser extensions or plugins: Allowing users to install extensions or plugins that manage privacy settings across websites. i.e. Google Privacy Policy extension that manages all cookies associated with Google Analytics, Google Ads etc.
Privacy & Security Considerations
Privacy and security are crucial aspects to consider when proposing the Privacy Policy API. A basic self-review has been conducted, taking into account various factors related to privacy and security. The following considerations have been identified:
Data Protection: Ensure appropriate measures to handle and secure user data collected or processed by websites.
Consent Mechanisms: Support clear and robust consent mechanisms for user control over data collection and usage.
Cross-Origin Isolation: Isolate privacy settings to specific origins to prevent unauthorized manipulation.
User Education and Transparency: Communicate privacy settings and data collection practices clearly.
Let’s Discuss
We encourage the community to actively participate in discussions and provide valuable feedback on the following aspects of the proposed Privacy Policy API:
Granularity of Privacy Preferences: How granular should the Privacy Policy API be in terms of privacy preferences? Should it allow users to define preferences at a more detailed level, such as individual cookies, specific data types, or even specific purposes of data processing? We welcome insights on striking the right balance between user control and simplicity of implementation.
Integration with Existing Standards (including Android and iOS): How can the Privacy Policy API effectively integrate with existing web standards, frameworks, and privacy-related technologies, particularly in the context of mobile platforms like Android and iOS? Considering the unique characteristics and constraints of these platforms, we seek input on ensuring seamless interoperability and consistent behavior across browsers and native applications.
Introduction
The challenge addressed by this proposal is the lack of standardized privacy settings and cookie handling across websites on the web. Currently, each website implements its own privacy settings and cookie management methods, leading to a fragmented user experience and excessive bloat in the form of notifications and dialogs. This proposal aims to provide a solution at the browser level by introducing a standardized Privacy Policy API.
Use Cases
Goals
To be considered successful, this proposal must:
Non-goals
This proposal does not aim to:
Proposed Solution
The proposed solution is to introduce a Privacy Policy API at the browser level. This API would provide a standardized interface for users to manage their privacy settings and preferences. The API could include methods to set default privacy preferences, manage cookie behavior, and control consent for personalized ads. It would also allow users to change Privacy Settings on origin-based level.
Examples
In this example, the
navigator.privacyPolicyobject is used to set default privacy preferences obtained from the browser for the specific origin. ThedataCollectionproperty represents the default settings for different types of data collection, such as email, phone number, and geolocation. These default settings are obtained from the browser.Similarly, the cookies property represents the default settings for different cookie categories, such as essential, analytics, advertising, tracking, and personalization cookies. These default settings are also obtained from the browser.
If the user interacts with a notification or consent prompt on the website related to analytics cookies, for example, you can use JavaScript to update the privacy settings for that specific origin by modifying the navigator.privacyPolicy object accordingly.
This should probably be conveyed in UI to avoid malicious abuse.
Alternate Approaches
While this proposal suggests a browser-level Privacy Policy API, alternative approaches could include:
Privacy & Security Considerations
Privacy and security are crucial aspects to consider when proposing the Privacy Policy API. A basic self-review has been conducted, taking into account various factors related to privacy and security. The following considerations have been identified:
Let’s Discuss
We encourage the community to actively participate in discussions and provide valuable feedback on the following aspects of the proposed Privacy Policy API: