Re: Walk through a paradigmatic privacy review in 'public' (TPAC)?

> On May 6, 2017, at 3:46 , Rob van Eijk <> wrote:
> >> is there a ‘paradigmatic review’ which would help educate the community what it’s like to think about privacy issues?
> Obviously, scholars and standardization bodies have been working on this toping since many years.

I think we’re at cross purposes.  I am wondering if there is some value of having a short session at TPAC where we take a recent spec. that’s worked its way through the consortium, and went through PING for privacy review, and explain to the consortium “how did we do the privacy review of this spec.”. Demonstrate how to go about thinking of a privact review, and how ot write a privacy considerations section.  We somehow need to get it to the point that the privacy experts are verifying that the privacy considerations section, and the privacy thought in the specs., are good, not that we’re doing privacy-thinking post-facto.  We have to have ‘good privacy’ part of the design process, not part of the review.

So I would like to work through an example spec. and how the privacy considerations ended up being written, as a way to show/teach people how to fish for themselves.  The model where a small interest group does the privacy review post-facto is unsustainable, IMHO, for two reasons (a) the group is too small and (b) ‘wide review’ stage is waaay too late to be thinking about privacy implications.

Makes sense?

> For instance the work on contextual privacy by Helen Nissenbaum, and the ISO 29100 serie. I believe that a paradigmatic review could include the following activities: 
> - identify privacy risks in the context of the application of the technology 
> - identify actors and their responsibilities, 
> - focus on privacy risks to the users concerned,
> - focus on the risks stemming from the sensitivity of the data in relation to the harm the data may cause to the users concerned, e.g., when data is used outside of the intended context, 
> - identify (potential) adequate controls for each matching risk,
> - make residual risks (identified risks without adequate mitigation) explicit.
> For instance, the review of the RFID [1] is IMHO still an interesting. It was published in 2011. Annex III (pp. 14-16) of the RFID-pia framework [1] contains a list of examples of privacy risks. The examples were identified under the EU 95/46 framework for processing personal data (annex II, p. 13).
> Rob
> [1]
> -----Original message-----
> From: Nat Sakimura
> Sent: Saturday, May 6 2017, 11:36 am
> To: David Singer;
> Subject: Re: Walk through a paradigmatic privacy review in 'public' (TPAC)?
> Sounds like a good idea. In another forum, the privacy committee there is being flooded by the request for privacy reviews now and that is simply not sustainable and started thinking about "teaching how to fish" rather than bring them fish. It would be good to start the effort before it gets too late. 
> Nat
> On Fri, May 5, 2017 at 4:06 AM David Singer <> wrote:
> Hi
> the question has come up whether we should consider ‘teaching the community to fish’ by talking through some horizontal reviews (privacy, security, i18n, accessibility) in TPAC briefly, so as to illuminate how to look at specs and think about the issues.
> would there be interest from PING in doing that?  is there a ‘paradigmatic review’ which would help educate the community what it’s like to think about privacy issues?
> David Singer
> Manager, Software Standards, Apple Inc.
> -- 
> Nat Sakimura
> Chairman of the Board, OpenID Foundation

David Singer
Manager, Software Standards, Apple Inc.

Received on Monday, 8 May 2017 17:31:26 UTC