- From: José M. del Álamo <jmdela@dit.upm.es>
- Date: Mon, 26 Sep 2016 09:43:03 +0200
- To: Kepeng Li <kepeng.lkp@alibaba-inc.com>
- Cc: John Moehrke <johnmoehrke@gmail.com>, Nat Sakimura <sakimura@gmail.com>, Alan Chapell <achapell@chapellassociates.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, chaals@yandex-team.ru
- Message-ID: <CAOTwbsdnoeHVSn11r2D5ixjc+un+he8MrQ43CjM_d+MrYce2Eg@mail.gmail.com>
Dear Kepeng, all, I'll try to summarize below our previous experience on
this matter.
As far as I know there have been some approaches to try to go in more
detail from high-level privacy/data protection principles (OECD, ISO, GDPR,
or other) to lower-detailed requirements closer to the technical domain.
For example, the EU-funded PRIPARE project [1] developed an early catalogue
of requirements from ISO29100 and EU GDPR principles. The idea was to move
from the set of high-level principles into more ellaborated privacy
guidelines and from there into a set of detailed technical requirements, in
a process named as requirements operationalization. You can see the actual
catalogue in the PRIPARE handbook [2], Annex B. Some other researchers have
followed a similar path, and you can find, for example, a taxonomy of
requirements refining the privacy goal 'transparency'. [5].
As I said this was an early effort within a somehow small research project,
and thus the catalogue requires further refinement, elaboration and
consensus, but is an early step in our vision on how some of the privacy
principles can be further detailed and how it is aligned with the
risk-driven approaches [3], enabling a systematic approach to engineering
privacy when developing information systems. Indeed, this vision was
inspired by earlier works at W3C, for example, within the Accessibility
domain [4].
These are my 2 cents.
Regards,
Jose M. del Alamo
Universidad Politecnica de Madrid
[1] http://pripareproject.eu/
[2]
http://pripareproject.eu/wp-content/uploads/2013/11/PRIPARE-Methodology-Handbook-Final-Feb-24-2016.pdf
[3] Notario, N. et al., PRIPARE: Integrating Privacy Best Practices into a
Privacy Engineering Methodology, IEEE Security and Privacy Workshops (SPW),
.. doi: 10.1109/SPW.2015.22
[4] Martin et al., Privacy Requirements Engineering: Valuable Lessons from
Another Realm, 1st International Workshop on Evolving Security and Privacy
Requirements Engineering - ESPRE2014, pp. 19-24. doi:
10.1109/ESPRE.2014.6890523
[5] Meis, R. et al. A Taxonomy of Requirements for the Privacy Goal
Transparency. In International Conference on Trust and Privacy in Digital
Business. Springer International Publishing.
2016-09-20 3:03 GMT+02:00 Kepeng Li <kepeng.lkp@alibaba-inc.com>:
> I agree that from high level overview, my proposed privacy principles are
> quite similar to OECD privacy principles.
>
> I am wondering if we can go down a little bit deeper, and make each
> principle in more detail, and also make it specific to web.
>
> The goal is to make it as guidelines or best practices to achieve privacy
> principles in the open web environment.
>
> My document is still in the very early stage. I am just trying to find a
> way to move forward, to make it useful in some way.
>
> Thanks,
>
> Kind Regards
>
> Kepeng Li
> Alibaba
>
> 发件人: John Moehrke <johnmoehrke@gmail.com>
> 日期: Tuesday, 20 September, 2016 1:33 am
> 至: Li Kepeng <kepeng.lkp@alibaba-inc.com>
> 抄送: Nat Sakimura <sakimura@gmail.com>, Alan Chapell <
> achapell@chapellassociates.com>, "public-privacy (W3C mailing list)" <
> public-privacy@w3.org>, <chaals@yandex-team.ru>
> 主题: Re: Privacy protection principles
> 重发发件人: <public-privacy@w3.org>
> 重发日期: Tue, 20 Sep 2016 07:18:07 +0000
>
> I have a cross-reference between various standards on Privacy Principles.
> With linkage to them (where I am allowed)
> https://healthcaresecprivacy.blogspot.com/2015/04/privacy-principles.html
>
> John
>
> John Moehrke
> Principal Engineering Architect: Standards - Interoperability, Privacy,
> and Security
> CyberPrivacy – Enabling authorized communications while respecting Privacy
> M +1 920-564-2067
> JohnMoehrke@gmail.com
> https://www.linkedin.com/in/johnmoehrke
> https://healthcaresecprivacy.blogspot.com
> "Quis custodiet ipsos custodes?" ("Who watches the watchers?")
>
> On Mon, Sep 19, 2016 at 12:08 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com>
> wrote:
>
>> Hi Nat,
>>
>> > There are many well respected documents that have something very
>> similar in them.
>>
>> Can you send the links of the mentioned similar documents?
>>
>> Thanks,
>>
>> Kind Regards
>> Kepeng
>>
>> --------------------------
>>
>> 发件人:Nat Sakimura<sakimura@gmail.com>
>> *日期:*15:28
>> *添加收件人*Alan Chapell<achapell@chapellassociates.com>
>> *输入主题*Re: Privacy protection principles
>>
>> Sorry, I have not been following the list lately so I am probably missing
>> something, but what is the context around this document?
>>
>> There are many well respected documents that have something very similar
>> in them. What are we creating yet another one?
>>
>> Nat
>>
>> 2016/09/19 午前3:15 "Alan Chapell" <achapell@chapellassociates.com>:
>>
>>
>>
>>
>>
>> Cheers,
>>
>>
>>
>> Alan Chapell
>>
>> Chapell & Associates
>>
>> 917 318 8440
>>
>>
>>
>>
>>
>> On 9/18/16, 12:49 PM, "Kepeng Li" <kepeng.lkp@alibaba-inc.com> wrote:
>>
>>
>>
>>
>>
>> Hi Chaals,
>>
>> Thanks for your edits. It is quite helpful.
>>
>> I made some further edits based on your proposed changes.
>>
>> About your embedded questions, we can discuss them during the PING
>> meeting on Tuesday.
>>
>> Kind Regards
>> Kepeng
>>
>> ------------------------------------------------------------------
>> 发件人:<chaals@yandex-team.ru>
>> 日 期:2016年09月16日 01:38:52
>> 收件人:Kepeng Li<kepeng.lkp@alibaba-inc.com>; public-privacy@w3.org<public-p
>> rivacy@w3.org>
>> 主 题:Re: Privacy protection principles
>>
>> - runnegar@, tjwhalen@
>>
>> Hi Kepeng, all,
>>
>> I made a few minor edits, mostly shuffling things that seemed to belong
>> in a different place, or trying to simplify the language.
>>
>> One of the things I did is change "privacy information" in some places to
>> "private information", and in other places to "privacy-sensitive
>> information".
>>
>> "privacy information" sounds wrong to me, but I am not sure what a better
>> phrase would be.
>>
>> Feel free to over-write any of my edits...
>>
>> cheers
>>
>> Chaals
>>
>> 15.09.2016, 17:11, "Kepeng Li" <kepeng.lkp@alibaba-inc.com>:
>> > Hi Christine, Tara and all,
>> >
>> > I just submitted an initial proposal for privacy protection principles:
>> > https://www.w3.org/wiki/Privacy/Privacy_protection_principles
>> >
>> > I hope we can allocate some time in TPAC PING IG to discuss that, to see
>> > if it is valuable to continue to work on this subject.
>> >
>> > Thanks and see you in TPAC!
>> >
>> > Kind Regards
>> >
>> > Kepeng Li
>> > Alibaba
>>
>> --
>> Charles McCathie Nevile - web standards - CTO Office, Yandex
>> chaals@yandex-team.ru - - - Find more at http://yandex.com
>>
>>
>>
>
Received on Monday, 26 September 2016 07:46:18 UTC