diff --git a/draft-colwell-privacy-txt.md b/draft-colwell-privacy-txt.md index c421e29..6efb134 100644 --- a/draft-colwell-privacy-txt.md +++ b/draft-colwell-privacy-txt.md @@ -79,9 +79,12 @@ It is currently difficult to associate a complete privacy policy text with a ser This file format proposes two fields for the privacy policy. One or both can be used, depending on the policy format. -`Entity: NAME,COUNTRY_CODE` +`Entity: NAME` +`Entity-country: COUNTRY_CODE` -The entity issuing the privacy policy. A name that contains a comma should escape the comma as `\,`. The country code should follow 2-letter ISO 3166-1. +The legal name of the entity issuing the privacy policy. The country code should follow 2-letter ISO 3166-1. + +The current and historical mapping of hostname to entity can be used as a canonical key to associate privacy reputation or enforcement actions similar to a certificate authority. This proposal does not outline what a privacy authority would look like. `Privacy-policy-text: URL` @@ -98,6 +101,10 @@ This file format proposed fields to structure the consumer actions described in Below a one-click URL refers to a URL that can process a request without requiring a customer password or login. The URL should take customer identification such as email and verify as necessary to complete the request. +It is allowed to have multiple conforming Action-* values for the same action. + +An API standard to make privacy actions more toolable is not covered in this proposal. This proposal could be extended in the future to allow some well-defined API actions given there is at least one other non-assisted option available. + `Contact: mailto:EMAIL` An email contact for the privacy office must be given. This email must be able to handle consumer requests via email where there is not an applicable `Action-*` field for the request. Responses can ask for additional verification but should not require customer password or login. If `Action-*` fields are defined for all applicable consumer requests, this email does not need to handle any requests. This proposal imagines companies would build self-service one-click URLs for all consumer actions as the most scalable outcome.