Usable Req 7
<< Back to Baseline Functional Requirements Index
USABLE-7. USER REQUIREMENTS
Wherever public open STANDARDS or legal requirements exist for collecting user requirements, entities conducting digital identity management functions MUST offer structured opportunities for USERS to document and express their interface and accessibility requirements, early in their interactions with those functions. Entities MUST provide a response to those user requirement communications on a reasonably timely basis.
Any entity "collecting personal data," whether they are first or third parties, would mean that the entity is interacting with USERS directly and therefore should provide a response to user requests early on in the interaction or collection. Website USER Do Not Track requests are an example of a USER request. An example of a site that handles responses to Do Not Track (DNT) requests in this manner is Medium.com which sends a single popup to new users, whether or not they are registered, about how they will handle the DNT request.
As a general principle, consent choices or other similar must-see-this-first information should be exchanged in a first encounter, and then honored in and presented in a consistent manner thereafter.
Suggested ways for User Experience mitigation includes using pop-up boxes or email responses to user requests. Links to information regarding additional use should provide adequate time for users to read the information presented to them.
The entity gathering requests should state whether identity information is being used, and the user must be notified.
Please note that the IDESG Privacy Requirements apply to these interactions and the data they generate.
More information about Do Not Track can be found at these links: FTC website on Do Not Track: https://www.ftc.gov/news-events/media-resources/protectingconsumer-privacy/do-not-track Do Not Track standard work at the W3C: http://www.w3.org/2011/tracking-protection/
APPLIES TO ACTIVITIES