W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2010

OECD Privacy Conference and future ITAC privacy work

From: Mark Lizar <mark@smartspecies.com>
Date: Thu, 14 Oct 2010 12:39:39 +0100
Cc: Christine Runnegar <runnegar@isoc.org>
Message-Id: <AD0CA128-1CEF-4359-AA4D-5592CAF4A22C@smartspecies.com>
To: public-privacy@w3.org
The Need for Digital Notice

As you may or may not be aware there is an  OECD Privacy conference  
this month in which the W3C (i believe) has the opportunity to  
contribute input.  Regardless, I would like to raise the issue of  
digital Notice and its role in the development of public privacy to  
this list and if possible through this list to the OECD.

For this reason I wanted to highlight further the idea of a subject  
access API and the role of Notice to regulators globally.  
Fundamentally, digital notice is needed for people to understand  
privacy impacts or to engage in controlling their information sharing  
and privacy.     Perhaps this is something this list might be  
interested in discussing? My hope is that this can be done in view of  
providing a request, asking the OECD to provide regulator guidance,  
which enforces and evolves digital data protection regulation to a  
minimum digital standard for legal notice.  As you may or may not be  
aware at this time the legal infrastructures do not support digital  
notice and as a result there is no core legal infrastructure for the  
social web.  This is a big problem and I believe this is the source of  
many issues we face in public privacy today.

The specific OECD topic:

> The Evolving Role of the Individual in Privacy Protection:
>

Critically in both privacy protection and public identity management  
the quality of notice (a.k.a. transparency), greatly impacts on the  
quality of consent and control people need to have to effectively  
manage their own identity and privacy.

In this respect, I am looking for a Public Privacy recommendation to  
the OECD asking them to provide regulatory guidance and evolve  
existing data protection regulation in a way that supports a digital  
standard of notice.

 From a rights perspective, without a minimal digital standard of  
notice, data subject access to information is disproportionate to the  
technical methods which are being used to harvest personal data.  This  
makes it difficult for an individual (and the W3C) to develop control  
and trust in the use of digital identity. (violating rights and  
crippling the social internet) In this regard I am looking for ITAC to  
ask the OECD to include thes two points in their guideline review:

Evolve the existing data protection to include:
1. digital (proportional) ability for data subject's to access  
institutionally held information. (e.g. no mandatory written requests  
if possible)
2. ability for a subject to give a digital notice to control the  
collection, use, and revocation of information shared digitally with a  
service provider.

Talking Points
To champion and advocate this issue I would go so far as to assert  
that a high standard quality in notice would go a long way to solving  
many internet privacy and trust framework issues in identity  
management.  In addition, i assert that a higher quality of notice  
would have a tremendous impact on the social and creative expression  
across the internet, positively impacting the Internet economy and  
facilitating global interoperability of personal data control  
architecture. (e.g. Open social use of the web, live identity, real  
time integration of actual data, standard observability over time,  
internet of things, etc.)

The bottom line, the use of information age identity management with  
industrial aged notice is a rights concern.  A concern that promotes  
inequality of access to information as the existing quality of notice  
is not sufficient enough for the average data subject to understand  
privacy on the network layer.


> 1. What technical innovations offer promise for giving individuals  
> easier access to and control over information about them?

Digital notice for subject access and digital subject notice to and  
from organisations
>
> 2. What are the incentives and barriers for innovating privacy tools  
> and what are challenges to successful deployment?
The incentives are  accessibility, education, access and control of  
information independent of service providers,
- Notices are inherently legal and are also an explicit component of  
consent.   With no legal quality of notice enforced the law and  
consent lack trust and integrity needed for the social web.

>
> 3. What is the role of technological innovation within a broader  
> framework for privacy protection?

Digital notice would provide road signs for an internet of services at  
a regulatory level this is a needed mechanism for technological  
interoperability.  The subsequent transparency enables the development  
of tools so people can not only see privacy impacts but also evolve  
control over their information.

- With a standard in digital notice issues lack un-usable terms of  
service, and lack of internet policy infrastructure can be  
comprehensively addressed.
- Notice is an implicit component of informed consent
- Notice's are inherently legal as they are "one sided legally binding  
demarcations."

Best Regards,

Mark Lizar

On 6 Oct 2010, at 22:25, Christine Runnegar wrote:

> Hello all.
>
> IGF @ Vilnius
>
>
> First, please let me reiterate my thanks for supporting the Internet  
> Society in this endeavour and contributing very considered and  
> insightful perspectives on the Future of Privacy. It was a very  
> successful workshop with approximately 100 participants in the room  
> plus remote participation. We also presented a brief report on the  
> workshop during the main session on Security, Openness and Privacy,  
> summarising some of the views expressed regarding international  
> cooperation on privacy, including those provided by the Internet  
> technical community. The contributions from the Internet technical  
> community can be found here: www.isoc.org/privacyinsights.
>
>
> ITAC Privacy work
>
>
> As you are no doubt aware, the Kantara Initiative (and W3C) is a  
> member of the Internet Technical Advisory Committee (ITAC) to the  
> OECD. ITAC's work with the OECD WPISP covers many areas, including  
> privacy.
>
>
> The terms of the ITAC Charter are available here: http://www.internetac.org/wp-content/uploads/2009/03/itac-charter1.pdf 
> . Important - Please read this document.
>
>
> OECD Privacy Conference
>
>
> Recently, I posted an email to the ITAC email list (oecditac@elists.isoc.org 
> ) regarding an ITAC contribution for the upcoming OECD Privacy  
> Conference in Israel (25-26 October 2010) entitled: The Evolving  
> Role of the Individual in Privacy Protection: 30 Years After The  
> OECD Privacy Guidelines, and encouraging ITAC members interested in  
> privacy issues to indicate their availability for a conference call  
> to prepare some discussion points for the conference.
>
>
> The OECD Secretariat has very kindly invited us to participate in a  
> panel on Fostering Innovation in Privacy Protection as a discussant.  
> The OECD does not want a formal presentation as they would like to  
> have a more interactive discussion. They would like us to provide  
> perspectives on the role of technical innovations in the realm of  
> privacy governance. While the OECD has invited me to be the voice,  
> we really want this to be an ITAC contribution. We have a lot of  
> Internet technical privacy experts in ITAC (particularly in the IAB,  
> OASIS, Kantara Initiative P3WG and W3C). This is a great opportunity  
> for us to provide input into the policy debate on privacy.
>
> In addition to the points for that panel, Trent Adams and I would  
> like to prepare a couple of points for each session to have ready  
> for use as appropriate.
>
> Specifically, we would like to build on the work that you and other  
> members of the Internet technical community have already done for  
> the IGF Workshop on the Future of Privacy.
>
> If you are interested in contributing to the ITAC presentation,  
> would you please let me know as soon as possible.
>
>
> Please do not hesitate to contact me if you have any questions.
>
>
> Best regards,
>
> Christine
>
> ______________________
>
> Christine Runnegar
> Senior Manager Public Policy
> Internet Society
> Galerie Jean-Malbuisson 15
> CH-1204 Geneva
> Switzerland
>
> Tel: +41 22 807 1455
> www.isoc.org
>
> _______________________________________________
> WG-P3 mailing list
> WG-P3@kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
Received on Thursday, 14 October 2010 12:00:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 October 2010 12:00:32 GMT