- From: Streif, Rudolf <rstreif@partner.jaguarlandrover.com>
- Date: Tue, 13 Nov 2018 09:37:42 -0800
- To: Armin.Gerl@uni-passau.de
- Cc: public-autowebplatform <public-autowebplatform@w3.org>
- Message-ID: <CANpGCG+RmFesJQ9Sd12h8zq4L+muzzgtSE3tm1UKcue0KJYORQ@mail.gmail.com>
Hi Armin, Thank you very much. This is very helpful. I think that a consequent use of LPL together with a somewhat unified UI would really help people to better understand what they are opting in or out for. On the other hand, it could also help companies to avoid mistakes in being compliant with legislation such as GDPR. Did you already attempt to formulate Facebook's, Twitter's or any other popular application's privacy policy using LPL? It would be interesting to see how it improves clarity if those policies were decomposed. Best regards, :rjs On Tue, Nov 13, 2018 at 1:29 AM Armin Gerl <Armin.Gerl@uni-passau.de> wrote: > Hello Rudolf, > > that is a very interessting question. I understand the problem that the > user will not be informed about the consquences of an opt-in or opt-out. > > Given your example, this problem could be approached by informing the user > not only about the general device but also about its usage, e.g. by an > informative text. > > Basically, this is a problem which can be divided into three parts. First, > a suitable model is required that allows the definition of the > "consequences text" for opt-in/opt-out services. Second, a user-friendly UI > has to be developed based on this model, e.g. with a focus on presenting > the consequences. Lastly, the decision of the user has to be enforced > within the system. > > Evaluating LPL according to these requirements I would say that it > fullfills it partly at its current state. > > 1) LPL is purpose-based (opt-in/out) and allows the definition of a > general multi-lingual description for each purpose (as well as its > sub-elements). What could be improved, if necessary, is the separation > between description and consquences as separate textual descriptions within > the model. > > 2) LPL can be presented to the user, via a UI. The current prototype does > not focus on the description of the single purposes (is only shown due to > interaction). Developing a suitable UI should be possible in general. > > 3) The enforcement of the purposes is possible with LPL. The current > prototype implementation proofed this. An integration within a real-live > system has not been done yet, but would be interessting for me. > > I hope i could help you with your question. > > Best, > > Armin > > Am 12.11.2018 um 19:43 schrieb Streif, Rudolf: > > Hi Armin, > > I apologize. I dropped the ball on this. I got another question. > > Currently for pretty much any privacy policy it is often not obvious to > the user what consequences opting in or out has for the user, the > functionality of the software etc. For example, an Android app notifies the > user that it wants to use the camera and lets the user choose whether or > not to allow it. But it never tells the user what either choice will mean > e.g. what does it mean for the functionality of the app if the user does > not allow the use of the camera, what does it mean for privacy if the user > allows to the app to use the camera. Is that also something that your model > can address/incorporate? > > :rjs > > On Fri, Sep 28, 2018 at 1:20 AM Armin Gerl <Armin.Gerl@uni-passau.de> > wrote: > >> Dear Streif Rudolf, >> >> thank you for your interest and this very interesting questions. >> >> You are completely right that at the current state the user is presented >> a legal document (semi-structured text, expert knowledge required) which is >> a problem because the user has to consent/accept to the policy in an >> informed and free way. >> >> With LPL (or another privacy language) the privacy policy will be >> structured (e.g. according to purposes). With such a structured policy >> suitable/standardised user interfaces can be developed on top representing >> the content. Of course different user interfaces might have to be developed >> for different use cases (e.g. for display in car infotainment system) and >> different user groups (children, elderly, disabled people, different >> languages and nationalities). Based on this complexity it should be clear >> that there is not the single user interfaces for all. >> >> The approach that I considered for my prototype user interface (still >> further developed as a JSF TagLibrary currently) was to combine the Visual >> Information Seeking Mantra with Privacy Icons (suggested by the GDPR). In >> LPL i can define a set of icons representing the general contents of the >> policy to give an Overview. Furthermore all Purposes are listed and can be >> interacted with for further information. This allows the user to get a fast >> overview over the contents of the privacy policy and also allows to look >> into further details on demand. This includes that the user can personalize >> the privacy policy according set rules by the creator (e.g. Data Protection >> Officer) of the policy. I also integrated the possibility to describe each >> of the elements in multiple languages, so international companies/services >> do not require various policies. >> >> In LPL we follow the concept that elements (Purpose, DataRecipient, Data) >> have an attribute "required" indicating that the user can agree to it or >> not. For example a user might be presented a purpose "Newsletter >> subscription" with the data elements "prename", "surname" and "e-mail". The >> newsletter subscription is voluntary and only the e-mail address is >> required. Therefore the user has the option to consent/dissent to the whole >> purpose, or if consent is given he is free to choose to give his prename >> and surname (to e.g. personalize the mails). This concept can be applied to >> other business processes too. >> >> I hope this gives an good overview. For further insights in the current >> state of my work I would refer to the publications mentioned in one of the >> last slides of my presentation, there are 2 papers on the user interface. >> >> Of course I am happy about any further questions on this. >> >> Best, >> >> Armin >> >> >> Am 28.09.2018 um 00:48 schrieb Streif, Rudolf: >> >> This looks very interesting. Unfortunately, the call is at a time that is >> not that convenient for me. Thank you, Armin, for sharing the presentation. >> >> I have one question, to begin with, for this discussion. To a user, all >> of these policies are typically presented as a legal document using a >> language most people are not familiar with (even though it's written in >> English, German, or whatever language). In addition to that, whether the >> user understands the policy or not, he or she typically has to agree to it >> in its entirely before the user gets what they are looking for e.g. access >> to an application, service, etc. How would LPL, or any other policy >> language for that matter, address transparency as well as the possibility >> to agree to certain parts but not to others? How would that type of >> granularity be translated into what the user can do with the application, >> service etc.? >> >> :rjs >> >> On Thu, Sep 27, 2018 at 1:01 PM Ted Guild <ted@w3.org> wrote: >> >>> Primary topic was presentation from Armin Gerl on his Layered Policy >>> Language research >>> >>> https://www.w3.org/2018/09/20-auto-minutes >>> >>> -- >>> Ted Guild <ted@w3.org> >>> W3C Automotive Lead >>> http://www.w3.org >>> >>> >> >> -- >> *Rudolf J Streif* >> System Architect >> Oregon Software Technology Center >> >> *M:* +1.619.631.5383 >> *E:* rstreif@partner.jaguarlandrover.com >> >> >> >> >> >> >> UK: G/26/2 G02 Building 523, Engineering Centre, Gaydon, Warwick, CV35 ORR >> US: 1419 NW 14th Ave, Portland, OR 97209 >> jaguar.com | landrover.com >> >> Jaguar Land Rover Limited, Abbey Road, Whitley, Coventry CV3 4LF, UK >> Registered in England No: 1672070 >> >> CONFIDENTIALITY NOTICE: This e-mail message including >> attachments, is intended only for the person to whom it is addressed & >> may contain confidential information. Any unauthorised review; use, >> disclosure or distribution is prohibited. If you are not the intended >> recipient, please contact the sender by reply e-mail and destroy all >> copies >> of the original message. >> >> > > -- > *Rudolf J Streif* > System Architect > Oregon Software Technology Center > > *M:* +1.619.631.5383 > *E:* rstreif@partner.jaguarlandrover.com > > > > > > > UK: G/26/2 G02 Building 523, Engineering Centre, Gaydon, Warwick, CV35 ORR > US: 1419 NW 14th Ave, Portland, OR 97209 > jaguar.com | landrover.com > > Jaguar Land Rover Limited, Abbey Road, Whitley, Coventry CV3 4LF, UK > Registered in England No: 1672070 > > CONFIDENTIALITY NOTICE: This e-mail message including > attachments, is intended only for the person to whom it is addressed & > may contain confidential information. Any unauthorised review; use, > disclosure or distribution is prohibited. If you are not the intended > recipient, please contact the sender by reply e-mail and destroy all copies > of the original message. > > > -- *Rudolf J Streif* System Architect Oregon Software Technology Center *M:* +1.619.631.5383 *E:* rstreif@partner.jaguarlandrover.com UK: G/26/2 G02 Building 523, Engineering Centre, Gaydon, Warwick, CV35 ORR US: 1419 NW 14th Ave, Portland, OR 97209 jaguar.com | landrover.com Jaguar Land Rover Limited, Abbey Road, Whitley, Coventry CV3 4LF, UK Registered in England No: 1672070 CONFIDENTIALITY NOTICE: This e-mail message including attachments, is intended only for the person to whom it is addressed & may contain confidential information. Any unauthorised review; use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Received on Tuesday, 13 November 2018 17:38:18 UTC