Re: Privacy and 'atomic' specifications from Robin Wilton on 2012-12-19 (public-privacy@w3.org from October to December 2012)

From: Robin Wilton <wilton@isoc.org>
Date: Wed, 19 Dec 2012 10:23:49 +0000
To: Hannes Tschofenig <Hannes.Tschofenig@nsn.com>
Cc: ext David Singer <singer@apple.com>, <erin@elchemy.org>, <public-privacy@w3.org>
Message-Id: <C2FC49B8-CCDE-4DA3-A816-B401F3AE8872@isoc.org>

[I've changed the Subject line…]

I agree with Hannes that, when considering whether to include privacy/security recommendations in a given spec, one has to be mindful of the audience, and to ensure that material aimed at discrete audiences is presented as such. That's a very useful principle (and one which I'm sure I have flouted, I'm afraid :^(  ).

I just want to comment on Hannes' post-script, though: not because I think it implies a change to this specification, but because it says something which I think helps resolve the tension about how to handle over-arching concerns in the context of atomic specs… (so hit "Delete" now if you are *only* interested in comments on the Ambient Light spec.!)

> On 19 Dec 2012, at 09:07, Hannes Tschofenig wrote:
> 
>> 
>> PS: In this specific document I am not even sure that we are talking about
>> personal data. 

Let's bear in mind that there are many jurisdictions in which the definition of personal data runs along these lines: "information is personally identifiable if it relates to a known individual, either in its own right, or when combined with other data which can reasonably be expected to be available to the data controller". That's why I prefaced my initial remarks by noting that the majority of devices capable of registering ambient light are also capable of networked communication and of registering location, image and sound data. In other words, smartphones. In that context, Ambient Light will fall into the category of personally identifiable information in many jurisdictions.

Now - as I say, I don't think that means we should change our approach to this spec, and the key is Hannes' point about audiences. 

For the protocol technician who is implementing this exact spec, there's only one key privacy principle to have in the back of their mind, and that is "all data is potentially personal data"… and that doesn't need to be written into every spec (though that's a thought… ;^)  [kidding…]).

For the service deployer, the key principle is "in practice, am I deploying Ambient Light capability in a way that means it can or will be combined with other data that makes it personally identifiable?". And again, if that needs to be written down somewhere, it's not necessarily in this spec.

Thanks Hannes - that has been useful for me, and I hope gives us some clues about how to cater for privacy/security issues while at the same time keeping the specs atomic...

HTH,

Robin
Robin Wilton
Technical Outreach Director - Identity and Privacy
Internet Society

email: wilton@isoc.org
Phone: +44 705 005 2931
Twitter: @futureidentity

Received on Wednesday, 19 December 2012 10:25:18 UTC