No, I wouldn't.
But then I wouldn't create an XML interface to my application with out first disclaiming acceptable use of the interface by other applications.
My wording could have been better. Maybe something more like:
"I'd like to believe that by using the XML interface with the user id and password given, my application has been granted permission for this use by the owner of the user id and no further notice to the end user is required."
The question of my naivety is still open to the floor :) | [reply] |
Your new phrasing is definitely helpful, so perhaps I can improve my comment too, and clarify that my remark was not accusatory, but rather, intended to highlight a consideration which may or may not -- in your judgment -- be relevant in your circumstances:
The lack of a disclaimer (popup or whatever) troubles me because if I understand you correctly, your description suggests that the ap is -- effectively -- waiving the privacy rights of its user(s) without their knowledge.
| [reply] |
Thanks. I think I understand your position.
The Facebook comparison earlier was probably not the best analogy to begin with. The Facebook scenario revolves around the other organization keeping the privacy of our personal information. As a user you probably don't want your information used without your consent, and to do so would be just plain bad form. In fact, that seems to be at the center of the previously cited Facebook dispute?
In my particular situation, the disclaimer revolves around the privacy of the other organization.
Let's say, for example, we are a hospital and we are required to send our patient data to a national patient registry. We have access to our (and only our) patient records through the national system. We also keep our own copies of the records, and from time to time it becomes necessary compare our system with the national system to correct errors on either side. The application I'm building is an automated bridge between the our system and the national system. The disclaimer in question comes from the national system with regards to the privacy of their data (and rightly so). We as a hospital, obviouly have our own privacy/security procedures.
Except for changing the names and faces and organizations of the people involved, that pretty nearly nails my current direction.
To continue with this example, is it enough for the hospital administrator to authorize access to the national system from my application without requiring other staff members accept the national privacy statement? I suppose even the answer to this question biased by the organizations involved. The local aquarium club probably doesn't rate the same level of privacy as say the department of national defense.
| [reply] |
