Usable Req 7: Difference between revisions
No edit summary |
|||
| Line 51: | Line 51: | ||
---- | ---- | ||
---- | ---- | ||
[[Category:User Experience]] | |||
Latest revision as of 22:53, 12 October 2018
<< Back to Baseline Functional Requirements Index
USABLE-7. USER REQUIREMENTS
Wherever public open STANDARDS or legal requirements exist for collecting user requirements, entities conducting digital identity management functions MUST offer structured opportunities for USERS to document and express their interface and accessibility requirements, early in their interactions with those functions. Entities MUST provide a response to those user requirement communications on a reasonably timely basis.
SUPPLEMENTAL GUIDANCE
Any entity "collecting personal data," whether they are first or third parties, would mean that the entity is interacting with USERS directly and therefore should provide a response to user requests early on in the interaction or collection. Website USER Do Not Track requests are an example of a USER request. An example of a site that handles responses to Do Not Track (DNT) requests in this manner is Medium.com which sends a single popup to new users, whether or not they are registered, about how they will handle the DNT request.
As a general principle, consent choices or other similar must-see-this-first information should be exchanged in a first encounter, and then honored in and presented in a consistent manner thereafter.
Suggested ways for User Experience mitigation includes using pop-up boxes or email responses to user requests. Links to information regarding additional use should provide adequate time for users to read the information presented to them.
The entity gathering requests should state whether identity information is being used, and the user must be notified.
Please note that the IDESG Privacy Requirements apply to these interactions and the data they generate.
REFERENCES
More information about Do Not Track can be found at these links: FTC website on Do Not Track: https://www.ftc.gov/news-events/media-resources/protectingconsumer-privacy/do-not-track Do Not Track standard work at the W3C: http://www.w3.org/2011/tracking-protection/
APPLIES TO ACTIVITIES
REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION
KEYWORDS
ACCESSIBLE, ACCOMMODATION, ACCOUNT, CHOICE, CONSENT, FEEDBACK, OPEN-STANDARDS, USABILITY
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |