Re: Privacy protection principles from Kepeng Li on 2016-10-05 (public-privacy@w3.org from October to December 2016)

From: Kepeng Li <kepeng.lkp@alibaba-inc.com>
Date: Wed, 05 Oct 2016 10:01:27 +0800
To: Joseph Lorenzo Hall <joe@cdt.org>
CC: KWASNY Sophie <Sophie.KWASNY@coe.int>, John Moehrke <johnmoehrke@gmail.com>, "José M. del Álamo" <jmdela@dit.upm.es>, Nat Sakimura <sakimura@gmail.com>, Alan Chapell <achapell@chapellassociates.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, "chaals@yandex-team.ru" <chaals@yandex-team.ru>
Message-ID: <D41A7EF4.45BEB%kepeng.lkp@alibaba-inc.com>
For people who did not attend TPAC meeting, please find the minutes here:
https://www.w3.org/2016/09/20-privacy-minutes.html
<https://www.w3.org/2016/09/20-privacy-minutes.html>

Thanks.

Kind Regards
Kepeng

å‘ä»¶äºº:  Joseph Lorenzo Hall <joe@cdt.org>
æ—¥æœŸ:  Wednesday, 5 October 2016 at 4:08 AM
è‡³:  Li Kepeng <kepeng.lkp@alibaba-inc.com>
æŠ„é€:  KWASNY Sophie <Sophie.KWASNY@coe.int>, John Moehrke
<johnmoehrke@gmail.com>, "JosÃ© M. del Ãlamo" <jmdela@dit.upm.es>, Nat
Sakimura <sakimura@gmail.com>, Alan Chapell
<achapell@chapellassociates.com>, "public-privacy (W3C mailing list)"
<public-privacy@w3.org>, "chaals@yandex-team.ru" <chaals@yandex-team.ru>
ä¸»é¢˜:  Re: Privacy protection principles

Kepeng, something I found helpful at TPAC was your explanation of why you'd
like to create something like this now based on various standards you've
seen. It would be great to capture that here for PING folks.

On Mon, Sep 26, 2016 at 5:55 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com>
wrote:
> Hi Sophie and Jose,
> 
> Thanks for your feedback.
> 
> In the TPAC meeting, the group tends not to define a privacy principles in
> W3C, but to find some detailed technologies to achieve the privacy principles,
> and provide enhancements to the current privacy questionnaires.
> 
> I will check your materials in the links, and provide further inputs to the
> provacy questionnaires.
> 
> Kind Regards
> Kepeng
> 
> å‘ä»¶äºº:  KWASNY Sophie <Sophie.KWASNY@coe.int>
> æ—¥æœŸ:  Monday, 26 September, 2016 2:57 pm
> è‡³:  Li Kepeng <kepeng.lkp@alibaba-inc.com>
> æŠ„é€:  John Moehrke <johnmoehrke@gmail.com>, "JosÃ© M. del Ãlamo"
> <jmdela@dit.upm.es>, Nat Sakimura <sakimura@gmail.com>, Alan Chapell
> <achapell@chapellassociates.com>, "public-privacy (W3C mailing list)"
> <public-privacy@w3.org>, "chaals@yandex-team.ru" <chaals@yandex-team.ru>
> ä¸»é¢˜:  RE: Privacy protection principles
> 
> Dear Kepeng, Dear All,
>  
> Going down a little bit deeper into the privacy principles and providing a
> guidance which is more specific to the web sounds like a great initiative,
>  
> My two cents would only consist in recalling that any list of privacy
> principles which will serve as a basis for that work, to be exhaustive â€“ from
> whichever region of the world it is being looked at - should include a
> reference to the sole international instrument in the field which is legally
> binding. Convention 108 has been the backbone of the development of the
> European Unionâ€™s legal framework and development in a number of countries
> outside Europe. It now gathers 50 countries, 47 from Europe, 1 from South
> America and 2 from Africa, (several other non-European countries, both from
> Africa and America, currently interested/being in the process of accession, no
> Asian one so far).
>  
> The proposed revised Convention is accessible at:
> http://www.coe.int/t/dghl/standardsetting/dataprotection/CAHDATA/Consolidated%
> 20version%20of%20the%20modernised%20convention%20108%20July%202016.pdf
>  
> Kind regards, 
> Sophie
> Sophie Kwasny
> Data Protection Unit
> COUNCIL OF EUROPE
> www.coe.int/dataprotection <http://www.coe.int/dataprotection>
>  
> From: JosÃ© M. del Ãlamo [mailto:jmdela@dit.upm.es]
> Sent: lundi 26 septembre 2016 09:43
> To: Kepeng Li
> Cc: John Moehrke; Nat Sakimura; Alan Chapell; public-privacy (W3C mailing
> list); chaals@yandex-team.ru
> Subject: Re: Privacy protection principles
>  
> 
> Dear Kepeng, all, I'll try to summarize below our previous experience on this
> matter.
> 
>  
> 
> As far as I know there have been some approaches to try to go in more detail
> from high-level privacy/data protection principles (OECD, ISO, GDPR,  or
> other) to lower-detailed requirements closer to the technical domain.
> 
>  
> 
> For example, the EU-funded PRIPARE project [1] developed an early catalogue of
> requirements from ISO29100 and EU GDPR principles. The idea was to move from
> the set of high-level principles into more ellaborated privacy guidelines and
> from there into a set of detailed technical requirements, in a process named
> as requirements operationalization. You can see the actual catalogue in the
> PRIPARE handbook [2], Annex B. Some other researchers have followed a similar
> path, and you can find, for example, a taxonomy of requirements refining the
> privacy goal 'transparency'. [5].
> 
>  
> 
> As I said this was an early effort within a somehow small research project,
> and thus the catalogue requires further refinement, elaboration and consensus,
> but is an early step in our vision on how some of the privacy principles can
> be further detailed and how it is aligned with the risk-driven approaches [3],
> enabling a systematic approach to engineering privacy when developing
> information systems. Indeed, this vision was inspired by earlier works at W3C,
> for example, within the Accessibility domain [4].
> 
>  
> 
> These are my 2 cents.
> 
>  
> 
> Regards,
> 
>  
> 
> Jose M. del Alamo
> 
> Universidad Politecnica de Madrid
> 
>  
> 
> [1] http://pripareproject.eu/
> 
> [2] 
> http://pripareproject.eu/wp-content/uploads/2013/11/PRIPARE-Methodology-Handbo
> ok-Final-Feb-24-2016.pdf
> 
> [3] Notario, N. et al., PRIPARE: Integrating Privacy Best Practices into a
> Privacy Engineering Methodology, IEEE Security and Privacy Workshops (SPW), .
> doi: 10.1109/SPW.2015.22
> 
> [4] Martin et al., Privacy Requirements Engineering: Valuable Lessons from
> Another Realm, 1st International Workshop on Evolving Security and Privacy
> Requirements Engineering - ESPRE2014, pp. 19-24. doi:
> 10.1109/ESPRE.2014.6890523
> 
> [5] Meis, R. et al. A Taxonomy of Requirements for the Privacy Goal
> Transparency. In International Conference on Trust and Privacy in Digital
> Business. Springer International Publishing.
> 
>  
> 
> 2016-09-20 3:03 GMT+02:00 Kepeng Li <kepeng.lkp@alibaba-inc.com>:
> 
> I agree that from high level overview, my proposed privacy principles are
> quite similar to OECD privacy principles.
> 
>  
> 
> I am wondering if we can go down a little bit deeper, and make each principle
> in more detail, and also make it specific to web.
> 
>  
> 
> The goal is to make it as guidelines or best practices to achieve privacy
> principles in the open web environment..
> 
>  
> 
> My document is still in the very early stage. I am just trying to find a way
> to move forward, to make it useful in some way..
> 
>  
> 
> Thanks,
> 
>  
> 
> Kind Regards
> 
>  
> 
> Kepeng Li
> 
> Alibaba
> 
>  
> 
> å‘ä»¶äºº: John Moehrke <johnmoehrke@gmail.com>
> æ—¥æœŸ: Tuesday, 20 September, 2016 1:33 am
> è‡³: Li Kepeng <kepeng.lkp@alibaba-inc.com>
> æŠ„é€: Nat Sakimura <sakimura@gmail.com>, Alan Chapell
> <achapell@chapellassociates.com>, "public-privacy (W3C mailing list)"
> <public-privacy@w3.org>, <chaals@yandex-team.ru>
> ä¸»é¢˜: Re: Privacy protection principles
> é‡å‘å‘ä»¶äºº: <public-privacy@w3.org>
> é‡å‘æ—¥æœŸ: Tue, 20 Sep 2016 07:18:07 +0000
> 
>  
> 
> I have a cross-reference between various standards on Privacy Principles. With
> linkage to them (where I am allowed)
> 
> https://healthcaresecprivacy.blogspot.com/2015/04/privacy-principles.html
> 
>  
> 
> John
> 
> 
> John Moehrke
> Principal Engineering Architect: Standards - Interoperability, Privacy, and
> Security
> CyberPrivacy â€“ Enabling authorized communications while respecting Privacy
> M +1 920-564-2067 <tel:%2B1%20920-564-2067>
> JohnMoehrke@gmail.com
> https://www.linkedin.com/in/johnmoehrke
> https://healthcaresecprivacy.blogspot.com
> "Quis custodiet ipsos custodes?" ("Who watches the watchers?")
>  
> 
> On Mon, Sep 19, 2016 at 12:08 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com>
> wrote:
> Hi Nat,
> 
>> > There are many well respected documents that have something very similar in
>> them.
> 
> Can you send the links of the mentioned similar documents?
> 
> Thanks,
> 
> Kind Regards
> Kepeng
> 
> --------------------------
> 
> å‘ä»¶äºº:Nat Sakimura<sakimura@gmail.com>
> æ—¥æœŸï¼š15:28
> æ·»åŠ æ”¶ä»¶äººAlan Chapell<achapell@chapellassociates.com>
> è¾“å…¥ä¸»é¢˜Re: Privacy protection principles
> 
> Sorry, I have not been following the list lately so I am probably missing
> something, but what is the context around this document?
> 
> There are many well respected documents that have something very similar in
> them. What are we creating yet another one?
> 
> Nat 
> 
> 2016/09/19 åˆå‰3:15 "Alan Chapell" <achapell@chapellassociates.com>:
>> 
>>  
>> 
>>  
>> 
>> Cheers,
>> 
>>  
>> 
>> Alan Chapell
>> 
>> Chapell & Associates
>> 
>> 917 318 8440 <tel:917%20318%208440>
>> 
>>  
>> 
>>  
> 
>>> On 9/18/16, 12:49 PM, "Kepeng Li" <kepeng.lkp@alibaba-inc.com> wrote:
>>> 
>>>  
>>> 
>>>  
>>> 
>>> Hi Chaals,
>>> 
>>> Thanks for your edits. It is quite helpful.
>>> 
>>> I made some further edits based on your proposed changes.
>>> 
>>> About your embedded questions, we can discuss them during the PING meeting
>>> on Tuesday.
>>> 
>>> Kind Regards
>>> Kepeng
>>>> 
>>>> ------------------------------------------------------------------
>>>> å‘ä»¶äººï¼š<chaals@yandex-team.ru>
>>>> æ—¥ æœŸï¼š2016å¹´09æœˆ16æ—¥ 01:38:52
>>>> æ”¶ä»¶äººï¼šKepeng Li<kepeng.lkp@alibaba-inc.com>;
>>>> public-privacy@w3.org<public-privacy@w3.org>
>>>> ä¸» é¢˜ï¼šRe: Privacy protection principles
>>>> 
>>>> - runnegar@, tjwhalen@
>>>> 
>>>> Hi Kepeng, all,
>>>> 
>>>> I made a few minor edits, mostly shuffling things that seemed to belong in
>>>> a different place, or trying to simplify the language.
>>>> 
>>>> One of the things I did is change "privacy information" in some places to
>>>> "private information", and in other places to "privacy-sensitive
>>>> information".
>>>> 
>>>> "privacy information" sounds wrong to me, but I am not sure what a better
>>>> phrase would be.
>>>> 
>>>> Feel free to over-write any of my edits....
>>>> 
>>>> cheers
>>>> 
>>>> Chaals
>>>> 
>>>> 15.09.2016, 17:11, "Kepeng Li" <kepeng.lkp@alibaba-inc.com>:
>>>>> > Hi Christine, Tara and all,
>>>>> >
>>>>> > I just submitted an initial proposal for privacy protection principles:
>>>>> > https://www.w3.org/wiki/Privacy/Privacy_protection_principles
>>>>> >
>>>>> > I hope we can allocate some time in TPAC PING IG to discuss that, to see
>>>>> > if it is valuable to continue to work on this subject.
>>>>> >
>>>>> > Thanks and see you in TPAC!
>>>>> >
>>>>> > Kind Regards
>>>>> >
>>>>> > Kepeng Li
>>>>> > Alibaba
>>>> 
>>>> -- 
>>>> Charles McCathie Nevile - web standards - CTO Office, Yandex
>>>> chaals@yandex-team.ru - - - Find more at http://yandex.com
> 
>  
> 
>  
>  



-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

Tech Prom, CDT's Annual Dinner, is April 20, 2017!
https://cdt.org/annual-dinner
Received on Wednesday, 5 October 2016 02:02:40 UTC