- From: Streif, Rudolf <rstreif@partner.jaguarlandrover.com>
- Date: Mon, 12 Nov 2018 10:43:20 -0800
- To: Armin.Gerl@uni-passau.de
- Cc: T Guild <ted@w3.org>, public-autowebplatform <public-autowebplatform@w3.org>
- Message-ID: <CANpGCG+QheyrfT3xgETAnUO72Lw-B223D3TLNcKyuCvKkjN4sg@mail.gmail.com>
Hi Armin, I apologize. I dropped the ball on this. I got another question. Currently for pretty much any privacy policy it is often not obvious to the user what consequences opting in or out has for the user, the functionality of the software etc. For example, an Android app notifies the user that it wants to use the camera and lets the user choose whether or not to allow it. But it never tells the user what either choice will mean e.g. what does it mean for the functionality of the app if the user does not allow the use of the camera, what does it mean for privacy if the user allows to the app to use the camera. Is that also something that your model can address/incorporate? :rjs On Fri, Sep 28, 2018 at 1:20 AM Armin Gerl <Armin.Gerl@uni-passau.de> wrote: > Dear Streif Rudolf, > > thank you for your interest and this very interesting questions. > > You are completely right that at the current state the user is presented a > legal document (semi-structured text, expert knowledge required) which is a > problem because the user has to consent/accept to the policy in an informed > and free way. > > With LPL (or another privacy language) the privacy policy will be > structured (e.g. according to purposes). With such a structured policy > suitable/standardised user interfaces can be developed on top representing > the content. Of course different user interfaces might have to be developed > for different use cases (e.g. for display in car infotainment system) and > different user groups (children, elderly, disabled people, different > languages and nationalities). Based on this complexity it should be clear > that there is not the single user interfaces for all. > > The approach that I considered for my prototype user interface (still > further developed as a JSF TagLibrary currently) was to combine the Visual > Information Seeking Mantra with Privacy Icons (suggested by the GDPR). In > LPL i can define a set of icons representing the general contents of the > policy to give an Overview. Furthermore all Purposes are listed and can be > interacted with for further information. This allows the user to get a fast > overview over the contents of the privacy policy and also allows to look > into further details on demand. This includes that the user can personalize > the privacy policy according set rules by the creator (e.g. Data Protection > Officer) of the policy. I also integrated the possibility to describe each > of the elements in multiple languages, so international companies/services > do not require various policies. > > In LPL we follow the concept that elements (Purpose, DataRecipient, Data) > have an attribute "required" indicating that the user can agree to it or > not. For example a user might be presented a purpose "Newsletter > subscription" with the data elements "prename", "surname" and "e-mail". The > newsletter subscription is voluntary and only the e-mail address is > required. Therefore the user has the option to consent/dissent to the whole > purpose, or if consent is given he is free to choose to give his prename > and surname (to e.g. personalize the mails). This concept can be applied to > other business processes too. > > I hope this gives an good overview. For further insights in the current > state of my work I would refer to the publications mentioned in one of the > last slides of my presentation, there are 2 papers on the user interface. > > Of course I am happy about any further questions on this. > > Best, > > Armin > > > Am 28.09.2018 um 00:48 schrieb Streif, Rudolf: > > This looks very interesting. Unfortunately, the call is at a time that is > not that convenient for me. Thank you, Armin, for sharing the presentation. > > I have one question, to begin with, for this discussion. To a user, all of > these policies are typically presented as a legal document using a language > most people are not familiar with (even though it's written in English, > German, or whatever language). In addition to that, whether the user > understands the policy or not, he or she typically has to agree to it in > its entirely before the user gets what they are looking for e.g. access to > an application, service, etc. How would LPL, or any other policy language > for that matter, address transparency as well as the possibility to agree > to certain parts but not to others? How would that type of granularity be > translated into what the user can do with the application, service etc.? > > :rjs > > On Thu, Sep 27, 2018 at 1:01 PM Ted Guild <ted@w3.org> wrote: > >> Primary topic was presentation from Armin Gerl on his Layered Policy >> Language research >> >> https://www.w3.org/2018/09/20-auto-minutes >> >> -- >> Ted Guild <ted@w3.org> >> W3C Automotive Lead >> http://www.w3.org >> >> > > -- > *Rudolf J Streif* > System Architect > Oregon Software Technology Center > > *M:* +1.619.631.5383 > *E:* rstreif@partner.jaguarlandrover.com > > > > > > > UK: G/26/2 G02 Building 523, Engineering Centre, Gaydon, Warwick, CV35 ORR > US: 1419 NW 14th Ave, Portland, OR 97209 > jaguar.com | landrover.com > > Jaguar Land Rover Limited, Abbey Road, Whitley, Coventry CV3 4LF, UK > Registered in England No: 1672070 > > CONFIDENTIALITY NOTICE: This e-mail message including > attachments, is intended only for the person to whom it is addressed & > may contain confidential information. Any unauthorised review; use, > disclosure or distribution is prohibited. If you are not the intended > recipient, please contact the sender by reply e-mail and destroy all copies > of the original message. > > -- *Rudolf J Streif* System Architect Oregon Software Technology Center *M:* +1.619.631.5383 *E:* rstreif@partner.jaguarlandrover.com UK: G/26/2 G02 Building 523, Engineering Centre, Gaydon, Warwick, CV35 ORR US: 1419 NW 14th Ave, Portland, OR 97209 jaguar.com | landrover.com Jaguar Land Rover Limited, Abbey Road, Whitley, Coventry CV3 4LF, UK Registered in England No: 1672070 CONFIDENTIALITY NOTICE: This e-mail message including attachments, is intended only for the person to whom it is addressed & may contain confidential information. Any unauthorised review; use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Received on Monday, 12 November 2018 18:43:55 UTC