RE: Pandora sends user GPS, sex, birthdate, other data to ad servers

"Key ecosystem players" are in some cases very aware of privacy issues and doing their best to establish best practices and a technical foundation enabling at least the disclosure of developer intent for use of private data, and if possible usable (e.g. effective UIs and control options for the user) means for the user to express their awareness and consent.

Our position paper for the upcoming W3C Web Tracking workshop references work in this area by the WAC (Wholesale Applications Community), in which we have defined a mechanism, based upon the W3C's POWDER specification, for developers to declare intent on usage of device APIs, network resources, and how private data is used and retained. 

We are early in the process of seeing how this works in production, including: impact on developer experience, distribution of the intent declarations, how the potentially significant amount of information can be effectively communicated to the user, how to balance user consent options with UI complexity and application impacts, etc. But our work in this area clearly shows that we consider this a very important subject and want to get practical, semantically useful methods in prototype as soon as possible, so we can see what really works.

Thanks, 
Bryan Sullivan | AT&T

-----Original Message-----
From: public-privacy-request@w3.org [mailto:public-privacy-request@w3.org] On Behalf Of Pat Walshe
Sent: Friday, April 08, 2011 7:15 AM
To: Robin Berjon; Jules Polonetsky
Cc: Karl Dubost; public-privacy (W3C mailing list)
Subject: Re: Pandora sends user GPS, sex, birthdate, other data to ad servers

Before I chip in, any views expressed by me are mine and not those of my
employer.

Like Jules, I am surprised that the well publicised app privacy issues
remain a surprise.  The issue of surreptitious access to device and user
data by apps first emerged in the summer of 2009 by an iPhone app
developer who set up i-phone-home.blogspot.com out of his concern over app
permissions.  The site is no longer active but a screen shot is attached
from 2009.

 'App privacy' has received and continues to receive global coverage so I
fail to see how key ecosystem players are not aware of them? It's not
privacy pros keeping it to themselves.  Even the information commissioner
in the UK issued a public warning that "users should not have their
personal information collected unless they are aware of it"
www.techeye.net/security/ico-issueswarning-over-iphone-apps   The recent
FTC report on consumer privacy mentioned smartphones over 37 times and
expressly raised concerns and proposals over app privacy and app oba - key
ecosystem players have responded to this report so again, I cant
understand how this is not on key radars.

Also, I spoke about these issues at the the W3C workshop held last July in
London.

It is a fact that users of smartphones sit a complex global web of
relationships with app providers, app stores, browser vendors, advertisers
and others. The only thing that appears consistent in this fragmented
ecosystem is the lack of consistency in approaches to privacy - this does
not seem to aid the development of ways in which users might be given
clear, simple, context aware and device appropriate ways in which to be
aware of the privacy implications of apps and to exercise choice and
control in respect of access to and the use of their information.  Here's
a good example from 2009 of how privacy matters to consumers:
http://news.idg.no/cw/art.cfm?id=99AAA891-1A64-67EA-E4B0225F34268201

It seems clear to me that industry needs to come together on this or risk
other stakeholders deciding what industry should do.

just some thoughts.










On 08/04/2011 10:39, "Robin Berjon" <robin@robineko.com> wrote:

>On Apr 8, 2011, at 01:06 , Jules Polonetsky wrote:
>> Pandora seems to be acting just like hundreds of other apps. An entire
>>mobile ad network ecosystem is already built around such
>>data...replicating the traditional  ad network and data exchange system
>>on the web. 
>> And although udids are used instead of cookies for tracking when third
>>party cookies aren't available in the mobile environment (safari and
>>apps) plenty of web sites or web advertisers pass their account IDs to
>>web ad nets for reporting and analysis.
>> Not justifying, just always surprised when the existence of an entire
>>well publicized industry sector is news!
>
>Because it's only well-publicised to privacy advocates. No one else
>knows. I've been describing this in every outreach or customer meeting
>I've had over the past year or so, and people are at best surprised < in
>general they tend to not really believe it. I think that's part of the
>problem.
>
>--
>Robin Berjon
>  robineko < hired gun, higher standards
>  http://robineko.com/
>
>
>



This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error.

Received on Friday, 8 April 2011 18:10:04 UTC