RE: When should PING start reviewing specs? [Was: Re: Privacy and fingerprintability] from Frank.Dawson@nokia.com on 2012-09-13 (public-privacy@w3.org from July to September 2012)

From: <Frank.Dawson@nokia.com>
Date: Thu, 13 Sep 2012 15:28:46 +0000
To: <Art.Barstow@nokia.com>, <runnegar@isoc.org>, <wseltzer@w3.org>
CC: <public-privacy@w3.org>
Message-ID: <B783647736D1454A9C30558CB75499011A935833@008-AM1MPN1-053.mgdnok.nokia.com>

Hello all.

I have been following the PING email discussions for some time but have had schedule conflicts for the period calls. In any case, I suppose this topic makes for a good time for me to contribute.

Specification Privacy Assessment (or SPA) is an important activity for all industry standards efforts that have some information privacy impact on the technologies we need for creating the information society and digital marketplace.

But before that discussion on methodology and proper roadmap points for such assessments, it would be good to go back and get some clarity form the W3C on what the chartered purpose and scope is for the PING. The above discussion about providing resources for conducting SPA reviews is incumbent on having a mandate. Of course, as has been recently seen in the IETF Privacy Directorate, it also will have a success factor on sufficiently skilled resources that have an understanding of W3C working group way-of-working.

Assuming the above is confirmed, then we should discuss a SPA review methodology that is appropriate for the W3C specification way-of-working.

Privacy by Design principles would advise that some form of assessment is done evening at the concepting stage and at ongoing milestones as more of the specification design progresses. It _should_ be done as a condition of the go-final milestone, along with security considerations.

-- Frank Dawson

-----Original Message-----
From: Barstow Art (Nokia-CIC/Boston)
Sent: 13 September, 2012 09:16
To: ext Christine Runnegar; Wendy Seltzer
Cc: public-privacy (W3C mailing list)
Subject: When should PING start reviewing specs? [Was: Re: Privacy and fingerprintability]

Hi All,

On 9/12/12 3:19 AM, ext Christine Runnegar wrote:

> This was one of the issues we discussed at our last call - how to usefully help other W3C WGs identify and address potential privacy concerns during the standards development process. As you point out, as early as possible is preferable. It certainly helps if PING members are already participating in the other WGs.

>

> I think there are many people in PING willing to help so it is more a question of how to constructively contribute that expertise.

I agree early review would be best, perhaps as early as the First Public Working Draft (FPWD).

FPWD publications are announced on the Member-only [chairs] list as well as the Public [w3c-annouce] list. Perhaps some set of PING members can commit to review these documents for relevant issues (and notify the IG accordingly)?

(Ideally, a WG that publishes a FPWD would engage directly this IG if it knows about issues within the scope of this IG. However, it may be the case that WG don't have the "right" expertise.)

-AB

[chairs] https://lists.w3.org/Archives/Member/chairs/

[w3c-annouce] http://lists.w3.org/Archives/Public/w3c-announce/

Received on Thursday, 13 September 2012 15:29:24 UTC