- From: Malcolm Crompton <mcrompton@iispartners.com>
- Date: Sat, 23 Apr 2011 10:49:27 +1000
- To: "'Mark Lizar'" <info@smartspecies.com>, "'Rigo Wenning'" <rigo@w3.org>
- Cc: <public-privacy@w3.org>
- Message-ID: <00bc01cc0150$6ba09800$42e1c800$@com>
Mark - with regard to multi-layered notices & just in time notice concepts, there is some history that may be useful in developing this thinking. First, both of those concepts were supported by the privacy and data protection commissioners of the world in a resolution I sponsored as host of the 2003 International Conference of Data Protection and Privacy Commissioners and which they adopted. We took a very deliberate approach in the development of the resolution, with a lot of consultation between commissioners and with other stakeholders as well. The resolution and the background documentation are available on the conference website at www.privacyconference2003.org/resolution.asp and includes topical references available at the time. Rigo Wenning was one of those who spoke at the conference, calling in particular for such initiatives also to be machine readable (P3P being the leading concept at the time). This work was subsequently developed further with the Centre for Information Policy Leadership, leading to the Berlin Privacy Notices Memorandum and then to "Ten Steps To Develop a Multilayered Privacy Notice". To see this work, to the Centre Resources page at www.hunton.com/Resources/Sites/general.aspx?id=330 and scroll down towards the end of the page to the heading called Multilayered Notices. Other resources from that work include the short article at www.hunton.com/files/tbl_s47Details/FileUpload265/1142/Multi-layered_privacy _notices_mabrams.pdf. Another write up is by Eduardo Usteran at FFW: www.ffw.com/publications/all/articles/multi-layered-privacy-notices.aspx. I subsequently advised the Australian Government Information Management Office (AGIMO) on the application of multi-layered notices for www.Australia.gov.au. The ensuing short notice is at http://australia.gov.au/about/privacy-statement with links to the full notice at http://australia.gov.au/about/privacy-statement/full-privacy-statement (complete with a description of the history and links to the Berlin Memorandum at the bottom of the page). A number of other Australian Government websites have since used these statements as a template, for example www.cockatooisland.gov.au/about/privacy.html; www.heritageinfo.gov.au/about/privacy.html; www.nrm.gov.au/about/privacy.html; and many more. So has the government of the Australian Capital Territory at www.act.gov.au/privacy. However, as noted in a recent Microsoft submission to a Committee of the Senate of the Australian Parliament, "even this approach is now being challenged with more recent research suggesting, for example, adopting practices used in the food-labelling context could be a more effective way to go. Other research suggests that effective messaging is possible with tools such as "visceral notice" and anthropomorphic cues." The relevant references cited by Microsoft are: .. "Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach", Cranor et al, CyLab, Carnegie Mellon University at www.cylab.cmu.edu/research/techreports/2009/tr-cylab09014.html .. "Redrawing the Route to Online Privacy", NY Times, 28 Feb 2010 www.nytimes.com/2010/02/28/technology/internet/28unbox.html?_r=1 An interesting topic of both cultural and human as well as technical and technological dimensions! Malcolm Crompton Managing Director Information Integrity Solutions Pty Ltd ABN 78 107 611 898 T: +61 407 014 450 MCrompton@iispartners.com www.iispartners.com <http://www.iispartners.com/> From: public-privacy-request@w3.org [mailto:public-privacy-request@w3.org] On Behalf Of Mark Lizar Sent: Friday, 22 April 2011 10:05 PM To: Rigo Wenning Cc: public-privacy@w3.org Subject: Re: Opening UP Notice: A structure to apply policy infrastructure Re: oo.apple.com Thanks Rigo, Great reference doc... And yes! A standard that is simple to use.. Which is not necessarily simple to design. An approach to reducing notices and increasing there meaning may be to enhance existing notice practices to reduce the amount of notices pushed to people by enabling the pulling of notices or/and notice components. Perhaps a different approach and a broader perspective to a notice standard than P3P taxonomy or Data Types in Dave's paper. Clearly a common notice structure for Enterprise notices is needed that can be structured so that the legal components can be measured and also be audited by individuals. Producing notice metrics based not only on counting the notice components but also measuring the performance and veracity of Enterprise data practices. Producing notice metrics and meta-data that can be called by context to provide an aggregate understanding of information at anytime in an individuals web session, so as to provide a structure for more dynamic and granular control. For instance - Do-Not-Track --> an individual can click a -do-not-track option and then pull a notice that the Enterprise has acquiesced to the request not to be tracked. This sort of system can be used as a way to structure public auditing and regulate participation. I imagine a system of this nature where instead of having to read policies, notices can be layered so that a person can get an immediate visual/iconic view of aggregate notices in context via notice meta-data. (Perhaps by mode of control or governance) An information structure that can be drill down into the notice via layers, like priv-icons, then privacy labels, then compact privacy policies etc. Unlike P3P and the administration of preferences, this suggestion is more along the lines of measuring Enterprise compliance to law and legal practices so as to facilitate interaction with those practices. Describing an infrastructure upon which something like P3P can be effective in asserting preferences across. Fundamentally suggesting Enterprise put all of their open notices and signs online in a standard way as a matter of best practice to extend the openness of Notices for digital use. Raising the minimum usability of a notice by placing it in a standard place online for needed accessibility that is proportional to the practices of digital data gathering. This standard could include everything from building signs to surveillance notices, to notices about privacy policies and the like. This way any applications, webservice, product, etc can call notice information according to context. Not only according to privacy preferences, which people don't necessarily know or understand. (without the right tools and common structure) The theory being that a common Enterprise notice infrastructure that is first accessible and available online can be measured and parsed to be publicly accountable. Delivering standard structure and metrics for the performance of an Enterprise in contrast to their notice and designed to develop uniform enforceability across and with-in jurisdictions to data protection regulation. (and privacy best practices) (GAPP <http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/ GenerallyAcceptedPrivacyPrinciples/Pages/default.aspx> ) Perhaps also providing a way to harmonize regulatory policy, and notice taxonomies. Producing a path for accountability for any type of application product and service especially privacy and informed consent applications. Introducing the concept of a mechanism that can be called at anytime to produce an aggregate visual view of information control for the web service User that is layered. Hope this helps introducd the difference in approach and how this may interact with P3P. Best Regards, Mark On 21 Apr 2011, at 20:22, Rigo Wenning wrote: Dave Raggett had written down something along those lines for the Workshop on Privacy and data usage control: http://www.w3.org/2010/09/raggett-fresh-take-on-p3p/ I was impressed by the potential of his approach, which would even work for DAP. Mainly he throws away the things in P3P that were too much overhead and keeps the things of P3P we still use today. Even the PrimeLife project did not need additional semantics. But one thing is a conviction after PrimeLife and XACML policies. If this would have to work on the web platform we are building, it must be dirt simple. PrimeLife's XACML approach works in heavily engineered intranets of large companies, but isn't ready for web scale [1] If we would have some mechanism to trigger notifications, that would be a big step forward. But I also follow concerns from others that we should not succumb to the creation of an avalanche of notifications. Producing simple solutions isn't simple at all! Best, Rigo On Thursday 21 April 2011 18:27:59 Mark Lizar wrote: Yes.. It seems all conversations in this area come back to the FTC's most fundamental (and first) principle .. Notice so.. Is the question how to go about developing something like P3P but on a broader scale for notification in general? . Malcolm's paper raises the issues: "A better approach would be one where individuals have more 'real' control. This could be by better means of providing notice or by setting stricter rules. Another option would be to support notice/use limitation approaches by providing better mechanisms to assure individuals that their personal information is under control (while still allowing direct control where this is practicable and where individuals wish to exercise it) for example by: .. providing for adaptable information handling standards that could respond more specifically to culture and context; .. more robust transparency requirements for organisations; .. compliance audits published in certain circumstances; and/or .. risk/incentive frameworks to get information handling right." Another approach may be to open notification of public notices to a standard, and to open consent as a specific breed of bilateral notice standard so that these are functions that are external from Enterprise. Right now these two functions are performed by each enterprise and notice and consent are not systematically accessible. It is clear that a standard is specifically needed for consent status. With out a dramatic increase in accessibility to notices it is very difficult to develop solutions like Do-Not-Track that work or provide clarity of control. This is what I believe to be causing notification to be such a burden, and as Apple is realising, causing so much friction with Customers.. Rather than asserting some privacy principles are doing too much I would suggest that for the first time we can look at enhancing the static notification infrastructure that exists on and off line. Suggesting something along the lines of a simple digital/online notice standard providing a common notice location and focusing on structuring notices for accessibility first. In response to the requirement for assurance metrics and audits .. Include something like a common versioning process for logging notices and Online notices can be used as the top layer of an audit log for consent and control of information policy online. The idea of a privacy risk rating system is great and I think would be much easier to create with an open notice standard. Although I think it is a larger than privacy issue.
Received on Saturday, 23 April 2011 00:51:45 UTC