- From: grahammudd via GitHub <sysbot+gh@w3.org>
- Date: Thu, 16 Mar 2023 22:24:59 +0000
- To: public-patcg@w3.org
grahammudd has just created a new issue for https://github.com/patcg/docs-and-reports: == Scope for PATCG Privacy Principles == The goal of this issue is to iterate on and eventually arrive at an agreed upon outline of the scope the privacy principles this group has committed to developing. With scope in place, we can begin drafting principles that align with each area of focus. Most of these scope dimensions were discussed in our 3/13 meeting. In no particular order, our principles should address: - **Consolidation of Data:** Most would agree that the greater the amount of personal data consolidated in one place (e.g with a company, government or other entity), the greater the potential privacy harm. The development of cross-context/site profiles is a particularly relevant concern when considering digital advertising privacy. - **Consent:** What is our general position on the role of consent (opt-in and/or opt-out) in protecting people’s privacy? When is consent appropriate and when does it put an overly onerous burden on individuals? When should consent be assumed to be inherent by default (i.e. opt-out) and when should it be requested explicitly? - **Control:** Regardless of whether consent has been explicitly requested, individuals should have the ability to make informed decisions regarding the collection, transfer, and usage of their personal data. This is particularly important in the context of advertising data, as it raises questions about what types of controls should be implemented to ensure that people have the agency and autonomy to manage their data as they see fit. What measures can be taken to provide individuals with the level of control they deserve over their data? - **Relevance:** Setting aside the treatment of the underlying data enabling advertising, is the relevance of advertising an inherent privacy issue? Said another way, is relevance the enemy? - **Harmful Use:** While the collection and transfer of data through or for advertising is almost certainly in scope for these principles, to what degree is the use of that data, particularly in cases where the use may result in harm. For example, should these principles address the use of data to deliver advertising that may be emotionally harmful, biased or manipulative? - **Security / Trust Model:** Any reasonable definition of privacy is impossible to achieve without data security. When considering data security, what types of parties, if any, can be trusted to keep data secure? - **Competition:** Data is a critically important asset for both the buyers and sellers of advertising, therefore strong incentives exist to acquire it — or keep it from one’s competitors. Systems that control the flow of data are necessary to support privacy, but they can potentially impact competition. How should access to data and the related impact on competition be considered when considering approaches to privacy? - **Identifiers:** Identifiers support the transfer of data and the consolidation of data related to a given individual or device, and are therefore an important privacy consideration. How should the use or transfer of identifiers be limited? - **Inferences:** Inferences, whether related to an identifier (often referred to as a ‘probabilistic ID’) or an attribute can be sufficient accurate as to be essentially indistinguishable from deterministic data. Incorrect inferences can also create harm. To what degree should these privacy principles consider inferences derived from advertising data? Feedback appreciated. Please view or discuss this issue at https://github.com/patcg/docs-and-reports/issues/36 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 16 March 2023 22:25:01 UTC