Re: policy infrastructure Re: oo.apple.com from Mark Lizar on 2011-04-21 (public-privacy@w3.org from April to June 2011)

From: Mark Lizar <info@smartspecies.com>
Date: Thu, 21 Apr 2011 13:42:57 +0100
To: Karl Dubost <karld@opera.com>
Cc: Rigo Wenning <rigo@w3.org>, public-privacy@w3.org
Message-Id: <1E8A798F-9D11-49D3-A040-51E728640FAA@smartspecies.com>

On 21 Apr 2011, at 12:56, Karl Dubost wrote:

> Mark,
>
> a few questions to better understand what you are suggesting.
>
> Le 21 avr. 2011 à 07:29, Mark Lizar a écrit :
>> At this time, all of the policies and notices are ad-hoc, un- 
>> standardised which means that are not useful in comparison from  
>> service to service.
>
> How would you make explicit the elements of the policy?

Elements of a policy are already explicit it data protection  
legislation globally.  In fact Notice is the only consistent  
regulation across all major regulating jurisdiction.  These elements  
are further defined in each regulation but almost always include basic  
legally required notice elements like; purpose specification, use  
limitation, contact information, third parties that interact with the  
limited use of the information etc.

> What are the differences in your suggestion from P3P?
> http://www.w3.org/TR/P3P11/#Introduction

P3P was designed to make machine readable privacy preferences.  This  
is about discovering and finding access to notices that are already  
legally required to be as open as possible to compare with something  
like privacy preferences.  The reason I believe P3P struggled is that  
there is a lack of standard notices for P3P to hook into.

>
>> In fact without a standard in notice, there is no simple way for  
>> people to see what kind of control they have over information when  
>> interacting online.
>
> How would you like the policies (legalese) to be changed as controls  
> (actions/preferences)?

Well, for example a simple standard may just have a file with fields  
to accommodate links to policy components.  A notices meta data could  
provide transparency over its components,   Links can provide access  
in a standard way to layers of policy.

>
>> A standard in notice would provide a way for notice to be viewed on  
>> aggregate for a clear and dynamic picture of policy.
>
> There are at least 4 parts it seems in what you are mentioning
>
> 1. The description of the policy (markup)

> 2. The notification of changes (protocol)
> 3. Knowing what has changed See http://www.goodiff.org/
> 4. The visualization of policies and their changes (design/UX)
>   See the work http://www.azarask.in/blog/post/privacy-icons/
> 5. Access to bits of the policy (api)

Perhaps P3P, POWDER, XACML, ORDL, ACAP, RIF, etc can be used easily  
with a simple standard to unite such efforts? .

>
> If I understood what you are describing, what kind of issues would  
> it solve?

Well, this potentially solve many issues.  The primary focus should be  
accessibility and internationalisation of notice  information, e.g.  
the ability for a device to automatically parse location based notices  
to provide notice information in different formats or languages.

Although, I imaging that a simple standard would have an immense  
impact on privacy, trust, security and economic performance of service  
information that Enterprise try to deliver.

>
>
>
> -- 
> Karl Dubost - http://dev.opera.com/
> Developer Relations & Tools, Opera Software
>

Received on Thursday, 21 April 2011 12:52:20 UTC