RE: PLING - Call to Action.... from Malcolm Crompton on 2010-08-17 (public-pling@w3.org from August 2010)

From: Malcolm Crompton <mcrompton@iispartners.com>
Date: Wed, 18 Aug 2010 07:58:29 +1000
To: <jeanpierre.lerouzic@orange-ftgroup.com>, <renato@iannella.it>, <public-pling@w3.org>
Message-ID: <000701cb3e57$5475e340$fd61a9c0$@com>

Interesting and very useful observation.  There is a global debate at the
moment on the need to introduce stronger accountability for the handling of
personal information by organisations (public sector and private sector).
See remarks in the last six months by Peter Hustinx, the European Data
Protection Supervisor; Viviene Reding, the EC Commissioner for Justice,
Fundamental Rights and Citizenship, the Chairman of the Federal Trade
Commission, Jon Leibowitz and his Director of Consumer Protection, David
Vladeck and similar commentary coming from various regulators.

 

But as David Chadwick points out, we need to be able to measure something
before it can be held to account (objectively).

 

The ruleset proposal in short is necessary, but not sufficient (but probably
never claimed to be).

 

Malcolm Crompton

 

Managing Director

Information Integrity Solutions Pty Ltd

ABN 78 107 611 898

 

T:  +61 407 014 450

 

 <mailto:MCrompton@iispartners.com> MCrompton@iispartners.com  

 <http://www.iispartners.com/> www.iispartners.com 

 

 

 

From: public-pling-request@w3.org [mailto:public-pling-request@w3.org] On
Behalf Of jeanpierre.lerouzic@orange-ftgroup.com
Sent: Tuesday, August 17, 2010 6:28 PM
To: renato@iannella.it; public-pling@w3.org
Subject: RE: PLING - Call to Action....

 

Hi all,

 

Isn't the privacy ruleset approach similar to a weak audit approach? I mean
it's not so useful to specify some future behaviour of a service provider if
one is not sure she is confronted to a real threat or not.

The ruleset approach works well with the nice guys, who probably will behave
nicely anyway. The bad guys will laugh at the privacy ruleset.

Another thing about auditability is that it involve some notarial recording,
here with the "privacy ruleset" there is no record about what the user
specified, so no legal enforcement could be achieved: The user terms about
her interaction with the service provider will be lost as nobody record it!

This audit approach is not the same as a policy approach which enforce in
real time.

 

Let me know your opinion,

 

Jean-Pierre

 

  _____  

De : public-pling-request@w3.org [mailto:public-pling-request@w3.org] De la
part de Renato Iannella
Envoyé : mardi 17 août 2010 02:19
À : pling
Objet : PLING - Call to Action....

Dear PLINGers...

 

You maybe interested in the outcomes of the recent W3C Workshop on Privacy
for Advanced Web APIs - the report [1] states "the W3C staff plans to
propose a charter for a Privacy Interest Group... Such an Interest Group
could also provide a focal point for privacy-related coordination with other
interested standard development organizations".

 

One of the other interesting activities of the W3C Device APIs and Policy WG
- reported from the Workshop -was the development of the "Privacy Rulesets"
[2] - a way to describe user privacy preferences.

 

Clearly, these impact on the future of PLING and our role in W3C.

 

We should discuss this at the next teleconference (at least) and online
now...

 

Cheers

 

Renato Iannella

http://renato.iannella.it

 

[1] http://www.w3.org/2010/api-privacy-ws/report

[2] http://dev.w3.org/2009/dap/privacy-rulesets/

Received on Tuesday, 17 August 2010 22:00:23 UTC