W3C home > Mailing lists > Public > www-ws-arch@w3.org > March 2002

RE: WS Privacy [Was RE: Status of D-AG006]

From: Joseph Hui <jhui@digisle.net>
Date: Wed, 20 Mar 2002 20:32:30 -0800
Message-ID: <C153D39717E5F444B81E7B85018A460B081B2781@ex-sj-5.digisle.com>
To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Cc: "Rigo Wenning" <rigo@w3.org>
Hi Hugo,
 
Please see my comments in-lined below.

>* Joseph Hui <jhui@digisle.net> [2002-03-20 10:33-0800]
>[..]
>> On the new goal you're proposing -- protecting comsumers' private data
>> from exploitation, I tend to think legislative bodies (instead of technological
>> standard bodies) can be much much more effective in privacy areas.
>> E.g. I don't know of any effective technical mechanism that can prevent
>> a merchant from whom a consumer has purchased goods from using the
>> consumer's shipping address for promotional mails.  But if the law
>> says the merchant must provide a checkbox for consumers to
>> exclude themselves from potential spams, then the problem (which is
>> only one of many privacy problems) is pretty much solved, as it's technologically
>> trivial to add such anti-spam feature (i.e. stopping spams at their sources).
>
> Privacy can be protected by, for example:
> - minimalizing the amount of data collected to what is necessary only.
> - limit the period such data is held.

I'm not aware of any technology that can do these effectively.
On the other hand, if the law says the merchants have to comply with
the two, then they will have to comply.

> I don't think we can prevent data collection, but we can have services
> advertize what they are doing, e.g. by using P3P, which was developed
> at W3C[1], and plan for such things in the architecture.

Ok, Iaccept this is a step in the right direction.
 
Regards,
 
Joe Hui
Exodus, a Cable & Wireless company
=====================================
>> I'd also suggest that as we're starting to deliberate Privacy, we need to
>> *define* (de Javu?) what Privacy means in the WSAWG context,
>> so we know what we're getting ourselves into.
>
> Even though I have been the one advocating for privacy, I am no
> privacy expert and am copying Rigo Wenning on this in case he wants to
> add something.
>
> To me, privacy in the Web services architecture context is about
> collection of data by service providers about the service consumers;
> the tricky part is that there could be several parties involved for
> providing a complex service, which could each have different policies.
> 
> The data could be tied to your name, address, or maybe simply a user
> identifier, for marketing purposes or maybe just for statistical
> analyses, it could be shared among providers or kept to one provider,
> etc.
>
> Regards,
> 
> Hugo
>
>  1. http://www.w3.org/P3P/
> --
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
Received on Wednesday, 20 March 2002 23:32:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:56 GMT