- From: Robin Wilton <wilton@isoc.org>
- Date: Fri, 21 Dec 2012 17:51:42 +0000
- To: Wendy Seltzer <wendy@seltzer.com>
- Cc: public-privacy@w3.org
- Message-Id: <ADE71F08-0973-4F69-A981-8A2554389A0B@isoc.org>
I've made a note on my whiteboard, but after the Christmas break it would be great to think about turning this into some kind of "Privacy Impact Checklist" (then we could think about whether it would be a checklist for spec developers, app developers, app designers etc… or some or all of the above…) OK - timezones being what they are, I am about to clock off: I hope everyone has a wonderful break with family etc., and look forward to working with you all on this later. "First one back gets to write up the checklist!" (he says, ducking for the door… ;^) All the best, Robin Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity On 21 Dec 2012, at 17:46, Wendy Seltzer wrote: > On 12/21/2012 12:34 PM, David Singer wrote: >> >> On Dec 21, 2012, at 7:30 , Karl Dubost <karld@opera.com> wrote: >> >>> >>> Le 20 déc. 2012 à 18:53, <Ian.Oliver@nokia.com> <Ian.Oliver@nokia.com> a écrit : >>>> This particular spec/API in the form here has no privacy aspects at all. If there are then it will be buried down in the infrastructure supporting such an API/Spec and thus be out of scope and highly context dependent. >>> >>> In most circumstances, the technology is neutral because its goal is to propagate a message. HTTP logs are not privacy invasive, but their records on a long term might become privacy invasive. >>> >>> The strategy is then becoming a question such as >>> >>> * may I access to the information I created? >>> * may I record it myself (locally)? >>> * am I able to have actions on this personal record? >>> * may I block partly or totally the record of the information? >>> (think about geolocation API) >>> * may I fake it? >>> (think about fuzzy geolocation or voluntary fake location) >>> >>> In the case of Ambient events, the first privacy issue we could raise, does the API provide a mechanism (messaging channel) to block and/or modify the information at the user level. >> >> >> I like this line of questions; here are some more… >> >> 1) Is the data personally-derived, i.e. derived from the interaction of a single person, or their device or address? [If so, even if anonymous, it might be re-correlated] >> 2) Does the data record contain elements that would enable such re-correlation? [examples include an IP address, and so on] >> 3) What other data could this record be correlated with? [e.g. the ISP] >> 4) If you had large amounts of this data about one person, what conclusions would it enable you to draw? [e.g. maybe you could estimate location from many ambient light events by estimating latitude and longitude from the times of sunrise and sunset] >> > > And some more: > > * Am I likely to know if information is being collected? > * How visible is its collection and or use? > * Do I get feedback on the patterns that the information could reveal > (at any instant, over time) so I can adjust behaviors? > > good thread! > --Wendy > > -- > Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 > Policy Counsel, World Wide Web Consortium (W3C) > Fellow, Berkman Center for Internet & Society at Harvard University > Visiting Fellow, Yale Law School Information Society Project > http://wendy.seltzer.org/ > https://www.chillingeffects.org/ > https://www.torproject.org/ > http://www.freedom-to-tinker.com/ >
Received on Friday, 21 December 2012 17:53:17 UTC