|Welcome to the Monastery|
Do you accept the terms of our agreement?by ruzam (Curate)
|on Nov 23, 2007 at 01:56 UTC||Need Help??|
I'm not sure how to begin searching for this, so forgive me if it's been raised before.
I've written a perl application to interface to another organization's web application using XML. It's a no brainer. Send a request, get some data, apply an update here and there. It's all good. The users are thrilled.
The other organization requires a user id and password which was provided to me for the application. If you log into their website directly, you must accept a privacy disclaimer before continuing. Obviously, the XML interface also requires a user id and password, but there's no privacy disclaimer included in the interaction.
Today one of the users asked why it is that they can access the other organization's data without first agreeing to the privacy disclaimer and I'm at a loss as to how to answer.
Obviously, the XML interface was created to allow direct application to application communication and no disclaimer is involved in the transaction. I could add more code to my application to throw up a privacy disclaimer before users are allowed to use this functionality, but that will get tiresome quickly. Besides, the idea of copying another organization's disclaimer and enforcing it through my application doesn't seem any more black and white in my eyes.
I'd like to believe that by using the XML interface with the user id and password given, my application has already agreed to disclaimer and no further notice to the end user is required. Maybe this is naive.
I know I'm not the only one interfacing to password protected sites (XML interfaces or not). I guess the question is what (if any) are the accepted practices when faced with privacy disclaimers?