Added based on issue 936 (#937)

ianbjacobs · web-flow · commit 0e2ad2b248b2 · 2021-02-04T15:38:20.000-06:00
* Added based on issue 936 #936 (comment) * Marcos' edits
diff --git a/index.html b/index.html
@@ -4900,6 +4900,19 @@ <h2 id="user-info">
           The <a>user agent</a> MUST NOT share information about the user with
           a developer (e.g., the shipping address) without user consent.
         </p>
+        <p>
+          In particular, the {{PaymentMethodData}}'s {{PaymentMethodData/data}}
+          and {{PaymentResponse}}'s {{PaymentResponse/details}} members allow
+          for the arbitrary exchange of data. In light of the wide range of
+          data models used by existing payment methods, prescribing data
+          specifics in this API would limit its usefulness. The
+          {{PaymentResponse/details}} member carries data from the payment
+          handler, whether Web-based (as defined by the [[[payment-handler]]])
+          or proprietary. The [=user agent=] MUST NOT support payment handlers
+          unless they include adequate user consent mechanisms (such as
+          awareness of parties to the transaction and mechanisms for
+          demonstrating the intention to share data).
+        </p>
         <p>
           The <a>user agent</a> MUST NOT share the values of the
           {{PaymentDetailsBase/displayItems}} member or
