- From: Joseph Lorenzo Hall <joe@cdt.org>
- Date: Tue, 4 Oct 2016 16:08:39 -0400
- To: Kepeng Li <kepeng.lkp@alibaba-inc.com>
- Cc: KWASNY Sophie <Sophie.KWASNY@coe.int>, John Moehrke <johnmoehrke@gmail.com>, José M. del Álamo <jmdela@dit.upm.es>, Nat Sakimura <sakimura@gmail.com>, Alan Chapell <achapell@chapellassociates.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, "chaals@yandex-team.ru" <chaals@yandex-team.ru>
- Message-ID: <CABtrr-Wd860fTS4pPPgjNiD-hPP0QLsBw51g7NBFF_tqs3aoUA@mail.gmail.com>
Kepeng, something I found helpful at TPAC was your explanation of why you'd like to create something like this now based on various standards you've seen. It would be great to capture that here for PING folks. On Mon, Sep 26, 2016 at 5:55 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote: > Hi Sophie and Jose, > > Thanks for your feedback. > > In the TPAC meeting, the group tends not to define a privacy principles in > W3C, but to find some detailed technologies to achieve the privacy > principles, and provide enhancements to the current privacy questionnaires. > > I will check your materials in the links, and provide further inputs to > the provacy questionnaires. > > Kind Regards > Kepeng > > 发件人: KWASNY Sophie <Sophie.KWASNY@coe.int> > 日期: Monday, 26 September, 2016 2:57 pm > 至: Li Kepeng <kepeng.lkp@alibaba-inc.com> > 抄送: John Moehrke <johnmoehrke@gmail.com>, "José M. del Álamo" < > jmdela@dit.upm.es>, Nat Sakimura <sakimura@gmail.com>, Alan Chapell < > achapell@chapellassociates.com>, "public-privacy (W3C mailing list)" < > public-privacy@w3.org>, "chaals@yandex-team.ru" <chaals@yandex-team.ru> > 主题: RE: Privacy protection principles > > Dear Kepeng, Dear All, > > > > Going down a little bit deeper into the privacy principles and providing a > guidance which is more specific to the web sounds like a great initiative, > > > > My two cents would only consist in recalling that any list of privacy > principles which will serve as a basis for that work, to be exhaustive – > from whichever region of the world it is being looked at - should include a > reference to the sole international instrument in the field which is > legally binding. Convention 108 has been the backbone of the development of > the European Union’s legal framework and development in a number of > countries outside Europe. It now gathers 50 countries, 47 from Europe, 1 > from South America and 2 from Africa, (several other non-European > countries, both from Africa and America, currently interested/being in the > process of accession, no Asian one so far). > > > > The proposed revised Convention is accessible at: > http://www.coe.int/t/dghl/standardsetting/dataprotection/CAHDATA/ > Consolidated%20version%20of%20the%20modernised%20convention%20108%20July% > 202016.pdf > > > > Kind regards, > > Sophie > > Sophie Kwasny > Data Protection Unit > COUNCIL OF EUROPE > www.coe.int/dataprotection > > > > *From:* José M. del Álamo [mailto:jmdela@dit.upm.es <jmdela@dit.upm.es>] > *Sent:* lundi 26 septembre 2016 09:43 > *To:* Kepeng Li > *Cc:* John Moehrke; Nat Sakimura; Alan Chapell; public-privacy (W3C > mailing list); chaals@yandex-team.ru > *Subject:* Re: Privacy protection principles > > > > Dear Kepeng, all, I'll try to summarize below our previous experience on > this matter. > > > > As far as I know there have been some approaches to try to go in more > detail from high-level privacy/data protection principles (OECD, ISO, GDPR, > or other) to lower-detailed requirements closer to the technical domain. > > > > For example, the EU-funded PRIPARE project [1] developed an early > catalogue of requirements from ISO29100 and EU GDPR principles. The idea > was to move from the set of high-level principles into more ellaborated > privacy guidelines and from there into a set of detailed technical > requirements, in a process named as requirements operationalization. You > can see the actual catalogue in the PRIPARE handbook [2], Annex B. Some > other researchers have followed a similar path, and you can find, for > example, a taxonomy of requirements refining the privacy goal > 'transparency'. [5]. > > > > As I said this was an early effort within a somehow small research > project, and thus the catalogue requires further refinement, elaboration > and consensus, but is an early step in our vision on how some of the > privacy principles can be further detailed and how it is aligned with the > risk-driven approaches [3], enabling a systematic approach to engineering > privacy when developing information systems. Indeed, this vision was > inspired by earlier works at W3C, for example, within the Accessibility > domain [4]. > > > > These are my 2 cents. > > > > Regards, > > > > Jose M. del Alamo > > Universidad Politecnica de Madrid > > > > [1] http://pripareproject.eu/ > > [2] http://pripareproject.eu/wp-content/uploads/2013/11/ > PRIPARE-Methodology-Handbook-Final-Feb-24-2016.pdf > > [3] Notario, N. et al., PRIPARE: Integrating Privacy Best Practices into a > Privacy Engineering Methodology, IEEE Security and Privacy Workshops (SPW), > . doi: 10.1109/SPW.2015.22 > > [4] Martin et al., Privacy Requirements Engineering: Valuable Lessons from > Another Realm, 1st International Workshop on Evolving Security and Privacy > Requirements Engineering - ESPRE2014, pp. 19-24. doi: > 10.1109/ESPRE.2014.6890523 > > [5] Meis, R. et al. A Taxonomy of Requirements for the Privacy Goal > Transparency. In International Conference on Trust and Privacy in Digital > Business. Springer International Publishing. > > > > 2016-09-20 3:03 GMT+02:00 Kepeng Li <kepeng.lkp@alibaba-inc.com>: > > I agree that from high level overview, my proposed privacy principles are > quite similar to OECD privacy principles. > > > > I am wondering if we can go down a little bit deeper, and make each > principle in more detail, and also make it specific to web. > > > > The goal is to make it as guidelines or best practices to achieve privacy > principles in the open web environment.. > > > > My document is still in the very early stage. I am just trying to find a > way to move forward, to make it useful in some way.. > > > > Thanks, > > > > Kind Regards > > > > Kepeng Li > > Alibaba > > > > *发件人**: *John Moehrke <johnmoehrke@gmail.com> > *日期**: *Tuesday, 20 September, 2016 1:33 am > *至**: *Li Kepeng <kepeng.lkp@alibaba-inc.com> > *抄送**: *Nat Sakimura <sakimura@gmail.com>, Alan Chapell < > achapell@chapellassociates.com>, "public-privacy (W3C mailing list)" < > public-privacy@w3.org>, <chaals@yandex-team.ru> > *主题**: *Re: Privacy protection principles > *重发发件人**: *<public-privacy@w3.org> > *重发日期**: *Tue, 20 Sep 2016 07:18:07 +0000 > > > > I have a cross-reference between various standards on Privacy Principles. > With linkage to them (where I am allowed) > > https://healthcaresecprivacy.blogspot.com/2015/04/privacy-principles.html > > > > John > > > John Moehrke > Principal Engineering Architect: Standards - Interoperability, Privacy, > and Security > CyberPrivacy – Enabling authorized communications while respecting Privacy > M +1 920-564-2067 > JohnMoehrke@gmail.com > https://www.linkedin.com/in/johnmoehrke > https://healthcaresecprivacy.blogspot.com > "Quis custodiet ipsos custodes?" ("Who watches the watchers?") > > > > On Mon, Sep 19, 2016 at 12:08 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com> > wrote: > > Hi Nat, > > > There are many well respected documents that have something very similar > in them. > > Can you send the links of the mentioned similar documents? > > Thanks, > > Kind Regards > Kepeng > > -------------------------- > > 发件人:Nat Sakimura<sakimura@gmail.com> > *日期:*15:28 > *添加收件人*Alan Chapell<achapell@chapellassociates.com> > *输入主题*Re: Privacy protection principles > > Sorry, I have not been following the list lately so I am probably missing > something, but what is the context around this document? > > There are many well respected documents that have something very similar > in them. What are we creating yet another one? > > Nat > > 2016/09/19 午前3:15 "Alan Chapell" <achapell@chapellassociates.com>: > > > > > > Cheers, > > > > Alan Chapell > > Chapell & Associates > > 917 318 8440 > > > > > > On 9/18/16, 12:49 PM, "Kepeng Li" <kepeng.lkp@alibaba-inc.com> wrote: > > > > > > Hi Chaals, > > Thanks for your edits. It is quite helpful. > > I made some further edits based on your proposed changes. > > About your embedded questions, we can discuss them during the PING meeting > on Tuesday. > > Kind Regards > Kepeng > > ------------------------------------------------------------------ > 发件人:<chaals@yandex-team.ru> > 日 期:2016年09月16日 01:38:52 > 收件人:Kepeng Li<kepeng.lkp@alibaba-inc.com>; public-privacy@w3.org<public- > privacy@w3.org> > 主 题:Re: Privacy protection principles > > - runnegar@, tjwhalen@ > > Hi Kepeng, all, > > I made a few minor edits, mostly shuffling things that seemed to belong in > a different place, or trying to simplify the language. > > One of the things I did is change "privacy information" in some places to > "private information", and in other places to "privacy-sensitive > information". > > "privacy information" sounds wrong to me, but I am not sure what a better > phrase would be. > > Feel free to over-write any of my edits.... > > cheers > > Chaals > > 15.09.2016, 17:11, "Kepeng Li" <kepeng.lkp@alibaba-inc.com>: > > Hi Christine, Tara and all, > > > > I just submitted an initial proposal for privacy protection principles: > > https://www.w3.org/wiki/Privacy/Privacy_protection_principles > > > > I hope we can allocate some time in TPAC PING IG to discuss that, to see > > if it is valuable to continue to work on this subject. > > > > Thanks and see you in TPAC! > > > > Kind Regards > > > > Kepeng Li > > Alibaba > > -- > Charles McCathie Nevile - web standards - CTO Office, Yandex > chaals@yandex-team.ru - - - Find more at http://yandex.com > > > > > > > -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 Tech Prom, CDT's Annual Dinner, is April 20, 2017! https://cdt.org/annual-dinner
Received on Tuesday, 4 October 2016 20:09:31 UTC