- From: David Singer <singer@mac.com>
- Date: Mon, 25 Apr 2016 10:54:17 -0700
- To: Shane M Wiley <wileys@yahoo-inc.com>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
> On Apr 25, 2016, at 10:44 , Shane M Wiley <wileys@yahoo-inc.com> wrote: > > Sounds like P3P all over again. Well, it’s not an attempt to make machine-readable policies; the snippets would still be in english (well, if legalese is English). > As we can learn from the many mistakes of the past we'd be in a better position to succeed but it will be a massive undertaking, won't fix every edge case, and therefore may find its way to obsolescence quickly. Yes, there are good reasons why we have not pursued this direction. It’s interesting, but the cost/benefit ratio is likely poor; it would be massive amounts of work, would take significant work to maintain, and would likely get small uptake. But it’s interesting; it heads towards making Privacy Policies more comprehensible by making them shorter in themselves. I won’t ask how many people have read more than one privacy policy… ;-) > > - Shane > > Shane Wiley > VP, Privacy Policy > Yahoo > > > From: David Singer <singer@mac.com> > To: public-privacy (W3C mailing list) <public-privacy@w3.org> > Sent: Monday, April 25, 2016 10:17 AM > Subject: Re: UK’s upper House urges privacy kitemark for online platforms | TechCrunch > > > > On Apr 23, 2016, at 21:55 , Nick Doty <npdoty@ischool.berkeley.edu> wrote: > > > > Thanks for sharing, Dave. > > > > Here is the brief summary from the Parliament report that discusses the privacy seal/kite-mark approach: > > > >> 41.We support provisions within the General Data Protection Regulation to allow organisations to use privacy seals, or kite-marks, to give consumers confidence that they comply with data protection rules. (Paragraph 238) > >> > >> 42.In order to encourage competition on privacy standards, not just compliance with the law, we recommend that the Government and the Information Commissioner’s Office work with the European Commission to develop a kite-mark or privacy seal that incorporates a graded scale or traffic light system, similar to that used in food labelling, which can be used on all websites and applications that collect and process the personal data of EU citizens. (Paragraph 239) > > http://www.publications.parliament.uk/pa/ld201516/ldselect/ldeucom/129/12913.htm > > > > And in more detail, the substantive section on privacy notices is here: > > http://www.publications.parliament.uk/pa/ld201516/ldselect/ldeucom/129/12909.htm#_idTextAnchor113 > > > > We have frequently discussed in this and related fora the possibility of doing work on standardizing some improvement on privacy notices, perhaps through the model of privacy icons. W3C's previous work on P3P could be a useful data model, but the "seal"/"mark" work seems to be more focused on what the standards are for representing certain grades of practices. The more detailed text suggests that the UK ICO is already underway with a program of approving privacy seal schemes that are presented to them, but the recommendation suggests that there would be interest in collaboration, across sectors and across the EU, on developing a more effective seal/transparency system. > > > > I remain interested in some privacy icons standardization work if others are. (I've tried to follow the OpenNotice folks, among others.) In the US, I see both ongoing academic research and commercial tools that work on either improving representation of notices through icons/grades or mechanisms for collecting that data. > > > > —Nick > > At a workshop long ago, we discussed the possibility of building a library of reference-able privacy-policy ‘snippets’, that policies could incorporate by reference. > > For example, we might publish variants of ‘third party disclosure’ (strict/average/lenient) or ‘data retention periods (indefinite/finite/short/none) and then (a) companies could say “our third-party disclosure policy is W3C-Strict”, and get an icon to match. > > But building this library is huge amounts of work. It involves analyzing dozens of policies, splitting them into pieces, sorting the pieces into piles of snippets that are roughly similar, and then crafting a single snippet text to represent each pile. > > ugh > > Then there has to be incentive to lawyers to adopt, rather than write; this legislation, I suppose, and the use of Icons might be that. > > > > Dave Singer > > singer@mac.com > > > Dave Singer singer@mac.com
Received on Monday, 25 April 2016 17:54:48 UTC