W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2016

Re: UK’s upper House urges privacy kitemark for online platforms | TechCrunch

From: Peter Schoo <peter.schoo@gmx.de>
Date: Mon, 25 Apr 2016 21:21:32 +0200
To: Shane M Wiley <wileys@yahoo-inc.com>, David Singer <singer@mac.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <571E6E3C.8090200@gmx.de>
>From what I've observed remotely, how the EuroPrise certification has
developed and evolved, it has been initiated and driven by folk that
were also involved in and learned from P3P and associated European
projects ... they learned ... and improved privacy validations, I'd say.

The basic processes are defined and what privacy actually means in the
individual certification cases needs then to be fixed by two persons.
One with technical background, one with legal background. All based on
EU regulations, documented. Downside: time and money.

It's not a fast process. Nevertheless a number of larger companies go
this way, especially for the European market.

NB: I'm not having shares in EuroPrise. Just my observations

Peter Schoo, peter.schoo@gmx.de

Am 25.04.16 um 19:44 schrieb Shane M Wiley:
> Sounds like P3P all over again.  As we can learn from the many mistakes
> of the past we'd be in a better position to succeed but it will be a
> massive undertaking, won't fix every edge case, and therefore may find
> its way to obsolescence quickly.
> - Shane
> Shane Wiley
> VP, Privacy Policy
> Yahoo
> ------------------------------------------------------------------------
> *From:* David Singer <singer@mac.com>
> *To:* public-privacy (W3C mailing list) <public-privacy@w3.org>
> *Sent:* Monday, April 25, 2016 10:17 AM
> *Subject:* Re: UK’s upper House urges privacy kitemark for online
> platforms | TechCrunch
>> On Apr 23, 2016, at 21:55 , Nick Doty <npdoty@ischool.berkeley.edu
> <mailto:npdoty@ischool.berkeley.edu>> wrote:
>> Thanks for sharing, Dave.
>> Here is the brief summary from the Parliament report that discusses
> the privacy seal/kite-mark approach:
>>> 41.We support provisions within the General Data Protection
> Regulation to allow organisations to use privacy seals, or kite-marks,
> to give consumers confidence that they comply with data protection
> rules. (Paragraph 238)
>>> 42.In order to encourage competition on privacy standards, not just
> compliance with the law, we recommend that the Government and the
> Information Commissioner’s Office work with the European Commission to
> develop a kite-mark or privacy seal that incorporates a graded scale or
> traffic light system, similar to that used in food labelling, which can
> be used on all websites and applications that collect and process the
> personal data of EU citizens. (Paragraph 239)
> http://www.publications.parliament.uk/pa/ld201516/ldselect/ldeucom/129/12913.htm
>> And in more detail, the substantive section on privacy notices is here:
> http://www.publications.parliament.uk/pa/ld201516/ldselect/ldeucom/129/12909.htm#_idTextAnchor113
>> We have frequently discussed in this and related fora the possibility
> of doing work on standardizing some improvement on privacy notices,
> perhaps through the model of privacy icons. W3C's previous work on P3P
> could be a useful data model, but the "seal"/"mark" work seems to be
> more focused on what the standards are for representing certain grades
> of practices. The more detailed text suggests that the UK ICO is already
> underway with a program of approving privacy seal schemes that are
> presented to them, but the recommendation suggests that there would be
> interest in collaboration, across sectors and across the EU, on
> developing a more effective seal/transparency system.
>> I remain interested in some privacy icons standardization work if
> others are. (I've tried to follow the OpenNotice folks, among others.)
> In the US, I see both ongoing academic research and commercial tools
> that work on either improving representation of notices through
> icons/grades or mechanisms for collecting that data.
>> —Nick
> At a workshop long ago, we discussed the possibility of building a
> library of reference-able privacy-policy ‘snippets’, that policies could
> incorporate by reference.
> For example, we might publish variants of ‘third party disclosure’
> (strict/average/lenient) or ‘data retention periods
> (indefinite/finite/short/none) and then (a) companies could say “our
> third-party disclosure policy is W3C-Strict”, and get an icon to match.
> But building this library is huge amounts of work. It involves analyzing
> dozens of policies, splitting them into pieces, sorting the pieces into
> piles of snippets that are roughly similar, and then crafting a single
> snippet text to represent each pile.
> ugh
> Then there has to be incentive to lawyers to adopt, rather than write;
> this legislation, I suppose, and the use of Icons might be that.
> Dave Singer
> singer@mac.com <mailto:singer@mac.com>
Received on Monday, 25 April 2016 19:22:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:33 UTC