PING - informal chairs summary - 4 December 2014

PING - informal chairs’ summary – 4 December 2014

Thanks again to Nick for acting as scribe.

Regrets from Frank Dawson, Frederick Hirsch, Wendy Seltzer, Rigo Wenning, Karima Boudaoud

Welcome to new PING members!

Our next call will be on 15 January 2014 at the usual time. We will not have a formal agenda for this call. Instead, we are inviting PING members and others to join an open discussion on current privacy issues (whether legal, technical, policy or otherwise).

=> Moving the work on the privacy considerations document forward - topics for discussion: data minimisation and identifiers

The following ideas were shared:

- document current Web practices with the objective of not expanding the surface area for fingerprinting and other forms of identification

- while adding a new factor with local state may not a problem as such, but it is important to address what should happen when cookies and other local storage are set and cleared

- data minimization is a useful goal

- it is useful to consider what identifiers are added (e.g. credentials in the Web Crypto API)

- might there be instances where identifiers might improve privacy?

- storing data locally (in the UA) and preventing its communication to the server(s) may be an appropriate approach for some use cases (e.g. biometric data for authentication), another might be to require secure/authentication origin (*ongoing discussion in various WGs, including the Geolocation WG on this issue)

- re geolocation/geofencing data – it useful to be able to vary and limit the granularity of data returned, however, from an accessibility point of view individuals with impaired visibility may need access to very granular geolocation information for navigation but they don’t want others to see the data

- useful questions – how unique are the identifiers? (e.g. per window, per user) – how persistent does the identifier need to be? (e.g. globally unique but constantly changing) – who can access the identifier? (e.g. is it tied to a particular origin)

- what is the privacy impact of storage of authentication mechanisms being deployed for better security?

- see the First Public Working Draft Requirements for Powerful Features [1] – specifies that certain identifiers should go over a secure transport, to prevent leaking a persistent identifier, for example with EME

Mike West (Google) has been working on a Strawman Self-Review Questionnaire: Security and Privacy [2], which may be useful to incorporate (as appropriate) in PING’s privacy guidance documents.

We also discussed these general design principles as a starting point for more specific guidance in the privacy considerations document:

- specifications should make it easy for developers and implementers to request as little information data as needed for the intended use

- specifications must use non-persistent identifiers unless a persistent identifier is required for their functionality (“non-persistent identifiers”).

- specifications that require identifiers for their functionality should use randomly generated identifiers (“randomly generated identifiers”).

No conclusions as yet.



=> Article 29 WP Opinion regarding device fingerprinting

The European Union Article 29 Working Party on the Protection of Individuals with regard to the processing of personal data recently adopted an opinion on the application of Directive 2002/58/EC to device fingerprinting.

The opinion uses the definition of ‘fingerprint’ in RFC 6973 Privacy Considerations for Internet Protocols. It describes data protection risks associated with device fingerprinting, explains the application of the EU legal framework to device fingerprinting with use case examples and concludes:

“… Thus Article 5(3) of the ePrivacy Directive also applies to instances of device fingerprinting.

Therefore, parties who wish to process device fingerprints which are generated through the gaining of access to, or the storing of, information on the user’s terminal device must first obtain the valid consent of the user (unless an exemption applies).”

There is also a statement concerning DNT – “… Article 5(3) allows for processing to be exempt from the requirement of consent, if one of the following criteria is satisfied. … Furthermore, the website operator must respect the defined meaning of any other signal which indicates the user’s preference in this regard – such as the Do-Not-Track header.”

There was a request for a presentation from the authors of the opinion on a future PING call. PING chairs will follow this up. There was also a query about providing feedback on the opinion. The Article 29 WP has not invited comments, however, the chairs will consider what may be appropriate after compiling the feedback (if any). To this end, PING members are invited to share their views, particularly with regard to the technical aspects.

=> Web Security Interest Group

Viriginie Galindo (chair) was not able to join the call, but we noted that the Web Security Interest Group is interested in exploring closer collaboration with PING. 

=> W3C Workshop on Privacy and User-Centric Controls

The W3C held a workshop in Berlin (20-21 November 2014) on privacy and user-centric controls. There was good participation from browser vendors, mobile, researchers and others. PING’s role was highlighted and there are now some new members in the IG.

The report should be available soon.




20.11.2014 -

21.11.2014 -

=> AOB

PING’s charter has been extended. Nick Doty suggested PING might want to consider editing the scope to specifically call out its role in privacy reviews, but said this is not necessary.

Minutes are available here:

Christine and Tara

Received on Tuesday, 9 December 2014 15:33:11 UTC