- From: Dave Raggett <dsr@w3.org>
- Date: Fri, 08 Jul 2011 18:58:54 +0100
- To: Frederick.Hirsch@nokia.com
- CC: public-device-apis@w3.org
On 05/07/11 22:15, Frederick.Hirsch@nokia.com wrote: > I have created an initial draft of a Privacy Best Practices document for service providers. > > see http://dev.w3.org/2009/dap/privacy-practice I think this is a great start, but believe that usability for effective privacy is really challenging. The European Commission VP for the Digital Agenda, Neelie Kroes eloquently describes three principles for privacy: transparency, fairness and user control, see: http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/461 To which I would add usability. Transparency is about being able to understand what a website (and its third parties) wants to do and why. Fairness is about not being arm-twisted into a one sided agreement that meets the interest of big business at the expense of end users. User control is being able to review and revoke earlier decisions. You have touched upon transparency in the current draft, but I believe it should go further and set expectations that users be given clear information on what information is collected, what purposes it will be used for, how long it will be retained, and who it it may be shared with, and under what conditions. Usability studies have shown that many users are keen to get quickly to the task in hand, and click through any requests. One means to address that is to enable scrutiny by trusted third parties or perhaps wisdom of crowds (or even just your friends). This allows the UI to silently proceed with implicit consent unless the third party opinion is that doing so would harm the user's interest. In any case the application should make it easy for the user to later review the agreement with the website and revoke earlier decisions as appropriate. Popping up a dialog and asking the user to click to indicate consent isn't ideal. In some cases the user interaction with an application can be taken as implicit consent, e.g. clicking on a button to show pubs within 5 minutes walk from my current location. The consent requires human interaction, and shouldn't be granted say by a simulated click via a script generated event. The transparency of the button's label/icon in context isn't something an automated system can easily check. We thus need a way to enable third parties to review applications for adherence to best practices. Anyway, this is just a glimpse at what we are starting to explore in the EU "webinos" research project which aims to develop an open source web-based platform for applications spanning mobile, tablet, desktop, home media (TV) and in-car infortainment head-units. It will take us some time to conduct the exploration via implementation work and usability studies, but I look forward to providing further feedback as that work proceeds. -- Dave Raggett<dsr@w3.org> http://www.w3.org/People/Raggett
Received on Friday, 8 July 2011 17:59:29 UTC