Re: Rotating Privacy Review Responsibilites

Thanks all for the feedback!

Up top, I mean this to be a straw-proposal, to get thought shared; im not trying to defend any particular aspect of it (at the moment at least).

Re: Tess and David
---
I just wanted to highlight that the proposal was to require (or, strongly encourage) each organization to provide a person to do reviews, not for each person in PING to be obligated / expected to do reviews. I wasn’t clear from your remarks if that came across clearly.  If that wasn’t clear, does that change your opinion?

Re: Jeffrey
---
I appreciate your point about larger groups providing more folks.  At least as a first effort though, I’d like to try and see if we can get more voices / perspectives in the reviews, if possible.  (I don’t mean to say that everyone on team-Blink, for example, has the same view points, only that those points-of-view might be more similar than, say, the a Mozilla vs Google point of view).

But, if thats not feasible / there isn’t sufficient volunteers / orgs willing, I think your idea is terrific.  But, my vote is to treat it as plan-B for the moment :)

Pete

> On Dec 20, 2019, at 12:03 PM, Jeffrey Yasskin <jyasskin@google.com> wrote:
> 
> I'd suggest two changes:
> 
> 1) Assign reviews evenly across the individuals who have volunteered, rather than their organizations. This allows larger organizations like Google to contribute more reviews than smaller ones.
> 2) Per the Apple folks' comments, encourage medium-to-large organizations to contribute at least one volunteer, but don't require it.
> 
> The current list of volunteers could be stored in the same repo that holds the review issues. If we assign/claim reviews the same way the TAG does, by using Github's issue assignment system, the chairs will have to make sure everyone in the list is a member of the w3cping org.
> 
> Jeffrey
> 
> On Thu, Dec 19, 2019 at 1:56 PM Pete Snyder <psnyder@brave.com> wrote:
> Hello All,
> 
> As we discussed on the PING call today, there is much interest in having a standing rotation for doing privacy reviews.  We discussed a couple of options for how to organize this on the call, but I wanted to suggest the following, at least to get discussion going.
> 
>  * Organizations with 2 or more members on PING are responsible for performing periodic privacy reviews
>  * Reviews will be assigned as group requests and spec needs dictate
>  * Reviews are expected to be completed w/in 2 weeks of being assigned
>  * A general request for experts / interest in a particular spec will go out before "pulling from the pool”
>  * The pool will be randomized, and no organization would will be assigned a review until every organization has performed a review (e.g. all relevant member orgs will have performed max 1 more review than any other member org)
>  * Reviews will be discussed on a PING call before being formalized into action
>  * Its appreciated but not required to share notes about the review before the relevant PING call
>  * Pete and Nick will be as available as possible to assist with privacy reviews and filing issues
> 
> Under the above criteria, the following member organizations would be responsible for performing reviews (# individuals from that member org in parens).
> 
>  * Apple, Inc. (6)
>  * Brave Software Inc. (3)
>  * CANTON CONSULTING (2)
>  * Center for Democracy and Technology (2)
>  * China Academy of Information and Communications Technology (CAICT) (3)
>  * China Mobile Communications Corporation (2)
>  * Duck Duck Go, Inc. (4)
>  * Google, Inc. (10)
>  * Institut National de Recherche en Informatique et en Automatique (INRIA) (2)
>  * Microsoft Corporation (9)
>  * Nokia Corporation (2)
>  * OpenLink Software Inc. (2)
> 
> If the above looks good, I will take the action item to shuffle and make public the above list, so we can keep track of things and make sure work is fairly shared.
> 
> Open and eager for peoples’ thoughts on this!
> 
> Best,
> Pete

Received on Friday, 20 December 2019 20:24:38 UTC