- From: Chappelle, Kasey, VF-Group <Kasey.Chappelle@vodafone.com>
- Date: Thu, 21 Apr 2011 15:22:52 +0200
- To: "Malcolm Crompton" <mcrompton@iispartners.com>, "Mark Lizar" <info@smartspecies.com>, "Karl Dubost" <karld@opera.com>
- Cc: "Rigo Wenning" <rigo@w3.org>, <public-privacy@w3.org>
And the two threads converge . . . If industry and regulation operated under Malcolm's model (which I agree would be an improvement - consent, especially in the European model, is overused to the point where it's meaningless), would Apple have been able to avoid the blogosphere calling for its head on geolocation data collection (even if it turns out to have a primary purpose)? -----Original Message----- From: public-privacy-request@w3.org [mailto:public-privacy-request@w3.org] On Behalf Of Malcolm Crompton Sent: 21 April 2011 14:11 To: 'Mark Lizar'; 'Karl Dubost' Cc: 'Rigo Wenning'; public-privacy@w3.org Subject: RE: policy infrastructure Re: oo.apple.com Just to push this debate one step further, we wrote papers in 2007 that pointed out that we are pushing the notice and consent model too hard. People have neither the time or inclination to read and make decisions on hundreds of notices a day. The original 'individual participation' principle has become a burden in too many cases, so that when it is really needed it is lost in the weeds of all the other decisions that an individual is asked to make about handling personal information. The Centre for Information Policy Leadership was making this point even earlier. The US FTC has effectively now reached a similar conclusion. The papers are online at the very bottom of the following page in the box titled 'Recommended Reading': http://www.openforum.com.au/Privacy_and_Trust. See particularly the "Working Paper" for a possible way forward to overcome the problem Malcolm Crompton Managing Director Information Integrity Solutions Pty Ltd ABN 78 107 611 898 T: +61 407 014 450 MCrompton@iispartners.com www.iispartners.com -----Original Message----- From: public-privacy-request@w3.org [mailto:public-privacy-request@w3.org] On Behalf Of Mark Lizar Sent: Thursday, 21 April 2011 10:43 PM To: Karl Dubost Cc: Rigo Wenning; public-privacy@w3.org Subject: Re: policy infrastructure Re: oo.apple.com On 21 Apr 2011, at 12:56, Karl Dubost wrote: > Mark, > > a few questions to better understand what you are suggesting. > > Le 21 avr. 2011 à 07:29, Mark Lizar a écrit : >> At this time, all of the policies and notices are ad-hoc, un- >> standardised which means that are not useful in comparison from >> service to service. > > How would you make explicit the elements of the policy? Elements of a policy are already explicit it data protection legislation globally. In fact Notice is the only consistent regulation across all major regulating jurisdiction. These elements are further defined in each regulation but almost always include basic legally required notice elements like; purpose specification, use limitation, contact information, third parties that interact with the limited use of the information etc. > What are the differences in your suggestion from P3P? > http://www.w3.org/TR/P3P11/#Introduction P3P was designed to make machine readable privacy preferences. This is about discovering and finding access to notices that are already legally required to be as open as possible to compare with something like privacy preferences. The reason I believe P3P struggled is that there is a lack of standard notices for P3P to hook into. > >> In fact without a standard in notice, there is no simple way for >> people to see what kind of control they have over information when >> interacting online. > > How would you like the policies (legalese) to be changed as controls > (actions/preferences)? Well, for example a simple standard may just have a file with fields to accommodate links to policy components. A notices meta data could provide transparency over its components, Links can provide access in a standard way to layers of policy. > >> A standard in notice would provide a way for notice to be viewed on >> aggregate for a clear and dynamic picture of policy. > > There are at least 4 parts it seems in what you are mentioning > > 1. The description of the policy (markup) > 2. The notification of changes (protocol) > 3. Knowing what has changed See http://www.goodiff.org/ > 4. The visualization of policies and their changes (design/UX) > See the work http://www.azarask.in/blog/post/privacy-icons/ > 5. Access to bits of the policy (api) Perhaps P3P, POWDER, XACML, ORDL, ACAP, RIF, etc can be used easily with a simple standard to unite such efforts? . > > If I understood what you are describing, what kind of issues would > it solve? Well, this potentially solve many issues. The primary focus should be accessibility and internationalisation of notice information, e.g. the ability for a device to automatically parse location based notices to provide notice information in different formats or languages. Although, I imaging that a simple standard would have an immense impact on privacy, trust, security and economic performance of service information that Enterprise try to deliver. > > > > -- > Karl Dubost - http://dev.opera.com/ > Developer Relations & Tools, Opera Software >
Received on Thursday, 21 April 2011 13:23:20 UTC