- From: <Frederick.Hirsch@nokia.com>
- Date: Fri, 4 Feb 2011 20:13:32 +0000
- To: <Daniel.Appelquist@vodafone.com>
- CC: <Frederick.Hirsch@nokia.com>, <www-tag@w3.org>
Dan Comment on Data Minimization draft at http://www.w3.org/2001/tag/doc/APIMinimization.html I suggest adding the following paragraph (or something like it) as an additional paragraph at the end of the Introduction to set expectations: "Protecting the privacy of end-users involves the entire system in use, including social, legal, economic and technology factors. A systemic approach is required, including responsibilities and commitments of service providers as to how they will use and retain data. Data minimization in API design is one aspect that can contribute to the overall system but in isolation is not enough. Access control through user interaction or other means should be considered in conjunction with minimization. As with security, there is also a cost to mechanisms to mitigate against threats, thus an understanding of the risks and consequences is important. The cost of designing APIs with a view toward minimization is low and is thus recommended with the reminder that it serves as only one aspect of an end-to-end privacy approach." Another consideration is that we want to make it possible for well-intentioned developers to create applications that minimize potential inadvertent privacy mistakes, and minimization can help with this. An attacker has a variety of options depending on their capabilities and determination so the issue noted in the document is certainly possible. An implementation might mitigate against this with sufficient granularity of access control or from a less technical view, with audit and legal/social mechanisms. Perhaps TAG members have other ideas appropriate to the web environment. regards, Frederick Frederick Hirsch Nokia
Received on Friday, 4 February 2011 20:14:25 UTC