W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2012

Re: Privacy by Design in APIs

From: Robin Berjon <robin@berjon.com>
Date: Fri, 30 Mar 2012 11:37:11 +0200
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <4B85A598-A711-4EB1-A154-44F33E54A7E4@berjon.com>
To: Richard Barnes <richard.barnes@gmail.com>
Hi Richard,

On Mar 29, 2012, at 18:33 , Richard Barnes wrote:
> Good start!

Thanks :)

>  You might also consider some of the thoughts on allowing
> users to express privacy preferences discussed in RFC 6280:
> <http://tools.ietf.org/html/rfc6280#section-1.3>
> Note also that the W3C Geolocation group decided not to design this
> type of privacy...

I am very much aware of the existence of Geopriv, and have deliberately stayed away from reopening that option. The primary reason for this is that I want to document privacy-enhancing strategies in API design that can ship ASAP. Irrespective of the merits it may have, Geopriv is very much a political third-rail at this point, so that including it would nullify any hope of making progress in this space.

Additionally, I'm still mulling this over, but I have some doubts about the necessity of this sort of privacy preference expression (mind you I said "doubts", not "brutal opposition" or anything of the sort ;). On instinct, I would tend to think that if users are privacy-literate enough to apply something like Geopriv effectively, then they have the privacy savvy (and care) to pick a more privacy-friendly product over a competing one. This in turn creates market pressure for such privacy-friendly alternatives to be developed, which then means you don't need privacy preference expression :) Of course, there are complicating factors and chances that I'm missing an important aspect, so as I said: these are just instinctive doubts.

Robin Berjon - http://berjon.com/ - @robinberjon
Received on Friday, 30 March 2012 09:37:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:53 UTC