From 908b9fa37db54b4111a0ef5a7b26c5242cf00521 Mon Sep 17 00:00:00 2001
From: Ade Bateman <bateman@acm.org>
Date: Thu, 28 Apr 2016 17:48:04 -0700
Subject: [PATCH 1/2] Update security and privacy considerations sections

Add note about not sharing user information without consent. We will
need to refine this language.
---
 specs/paymentrequest.html | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/specs/paymentrequest.html b/specs/paymentrequest.html
index 63e39be7..fcb1cba9 100644
--- a/specs/paymentrequest.html
+++ b/specs/paymentrequest.html
@@ -1237,10 +1237,29 @@ <h2>Security Considerations</h2>
         This section is a placeholder to record security considerations as we gather them through working
         group discussion.
       </p>
-        The <a><code>PaymentRequest</code></a> API does not directly support encryption of data fields.
-        Individual <a>payment methods</a> may choose to include support for encrypted data but it is not
-        mandatory that all <a>payment methods</a> support this.
+      <section>
+        <h2>Encryption of data fields</h2>
+        <p>
+          The <a><code>PaymentRequest</code></a> API does not directly support encryption of data fields.
+          Individual <a>payment methods</a> may choose to include support for encrypted data but it is not
+          mandatory that all <a>payment methods</a> support this.
+        </p>
+      </section>
+    </section>
+
+    <section class='informative'>
+      <h2>Privacy Considerations</h2>
+      <p class="ednote">
+        This section is a placeholder to record privacy considerations as we gather them through working
+        group discussion.
       </p>
+      <section>
+        <h2>Exposing user information</h2>
+        <p>
+          The <a>user agent</a> should never provide share information about the user to the web page
+          (such as the shipping address) without user consent.
+        </p>
+      </section>
     </section>
 
     <hr>

From 7afd609e03d7f4e99f0144e43215804c1065ea22 Mon Sep 17 00:00:00 2001
From: Ade Bateman <bateman@acm.org>
Date: Fri, 29 Apr 2016 05:40:49 -0700
Subject: [PATCH 2/2] Fix typo.

---
 specs/paymentrequest.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/specs/paymentrequest.html b/specs/paymentrequest.html
index fcb1cba9..1e8188ce 100644
--- a/specs/paymentrequest.html
+++ b/specs/paymentrequest.html
@@ -1256,7 +1256,7 @@ <h2>Privacy Considerations</h2>
       <section>
         <h2>Exposing user information</h2>
         <p>
-          The <a>user agent</a> should never provide share information about the user to the web page
+          The <a>user agent</a> should never share information about the user to the web page
           (such as the shipping address) without user consent.
         </p>
       </section>