- From: David Singer <singer@apple.com>
- Date: Fri, 21 Dec 2012 09:34:06 -0800
- To: "public-privacy@w3.org Privacy" <public-privacy@w3.org>
On Dec 21, 2012, at 7:30 , Karl Dubost <karld@opera.com> wrote: > > Le 20 déc. 2012 à 18:53, <Ian.Oliver@nokia.com> <Ian.Oliver@nokia.com> a écrit : >> This particular spec/API in the form here has no privacy aspects at all. If there are then it will be buried down in the infrastructure supporting such an API/Spec and thus be out of scope and highly context dependent. > > In most circumstances, the technology is neutral because its goal is to propagate a message. HTTP logs are not privacy invasive, but their records on a long term might become privacy invasive. > > The strategy is then becoming a question such as > > * may I access to the information I created? > * may I record it myself (locally)? > * am I able to have actions on this personal record? > * may I block partly or totally the record of the information? > (think about geolocation API) > * may I fake it? > (think about fuzzy geolocation or voluntary fake location) > > In the case of Ambient events, the first privacy issue we could raise, does the API provide a mechanism (messaging channel) to block and/or modify the information at the user level. I like this line of questions; here are some more… 1) Is the data personally-derived, i.e. derived from the interaction of a single person, or their device or address? [If so, even if anonymous, it might be re-correlated] 2) Does the data record contain elements that would enable such re-correlation? [examples include an IP address, and so on] 3) What other data could this record be correlated with? [e.g. the ISP] 4) If you had large amounts of this data about one person, what conclusions would it enable you to draw? [e.g. maybe you could estimate location from many ambient light events by estimating latitude and longitude from the times of sunrise and sunset] David Singer Multimedia and Software Standards, Apple Inc.
Received on Friday, 21 December 2012 17:34:37 UTC