Re: Rotating Privacy Review Responsibilites

> On Dec 20, 2019, at 12:24 PM, Pete Snyder <psnyder@brave.com> wrote:
> 
> Thanks all for the feedback!
> 
> Up top, I mean this to be a straw-proposal, to get thought shared; im not trying to defend any particular aspect of it (at the moment at least).
> 
> Re: Tess and David
> ---
> I just wanted to highlight that the proposal was to require (or, strongly encourage) each organization to provide a person to do reviews, not for each person in PING to be obligated / expected to do reviews. I wasn’t clear from your remarks if that came across clearly.  If that wasn’t clear, does that change your opinion?

It would be highly unusual (perhaps unprecedented) for an Interest Group to mandate contribution of work product, even if it’s per-organization rather than per-individual. I don’t think it's a good idea. Specifically considering this particular proposal:

- Organizations should not be given an incentive to have fewer than two participants.
- Organizations that want to monitor the discussions but which do not have a participant who is qualified to perform a privacy review of a web standard should not be forced to provide one anyway; it’s not obvious that a low-quality review would be better than a later review.

Encouragement seems better than a mandate with respect to these two factors.

(Even Working Groups do not require actual Work, except from volunteers.)

Regards,
Maciej


> Re: Jeffrey
> ---
> I appreciate your point about larger groups providing more folks.  At least as a first effort though, I’d like to try and see if we can get more voices / perspectives in the reviews, if possible.  (I don’t mean to say that everyone on team-Blink, for example, has the same view points, only that those points-of-view might be more similar than, say, the a Mozilla vs Google point of view).
> 
> But, if thats not feasible / there isn’t sufficient volunteers / orgs willing, I think your idea is terrific.  But, my vote is to treat it as plan-B for the moment :)
> 
> Pete
> 
>> On Dec 20, 2019, at 12:03 PM, Jeffrey Yasskin <jyasskin@google.com> wrote:
>> 
>> I'd suggest two changes:
>> 
>> 1) Assign reviews evenly across the individuals who have volunteered, rather than their organizations. This allows larger organizations like Google to contribute more reviews than smaller ones.
>> 2) Per the Apple folks' comments, encourage medium-to-large organizations to contribute at least one volunteer, but don't require it.
>> 
>> The current list of volunteers could be stored in the same repo that holds the review issues. If we assign/claim reviews the same way the TAG does, by using Github's issue assignment system, the chairs will have to make sure everyone in the list is a member of the w3cping org.
>> 
>> Jeffrey
>> 
>> On Thu, Dec 19, 2019 at 1:56 PM Pete Snyder <psnyder@brave.com> wrote:
>> Hello All,
>> 
>> As we discussed on the PING call today, there is much interest in having a standing rotation for doing privacy reviews.  We discussed a couple of options for how to organize this on the call, but I wanted to suggest the following, at least to get discussion going.
>> 
>> * Organizations with 2 or more members on PING are responsible for performing periodic privacy reviews
>> * Reviews will be assigned as group requests and spec needs dictate
>> * Reviews are expected to be completed w/in 2 weeks of being assigned
>> * A general request for experts / interest in a particular spec will go out before "pulling from the pool”
>> * The pool will be randomized, and no organization would will be assigned a review until every organization has performed a review (e.g. all relevant member orgs will have performed max 1 more review than any other member org)
>> * Reviews will be discussed on a PING call before being formalized into action
>> * Its appreciated but not required to share notes about the review before the relevant PING call
>> * Pete and Nick will be as available as possible to assist with privacy reviews and filing issues
>> 
>> Under the above criteria, the following member organizations would be responsible for performing reviews (# individuals from that member org in parens).
>> 
>> * Apple, Inc. (6)
>> * Brave Software Inc. (3)
>> * CANTON CONSULTING (2)
>> * Center for Democracy and Technology (2)
>> * China Academy of Information and Communications Technology (CAICT) (3)
>> * China Mobile Communications Corporation (2)
>> * Duck Duck Go, Inc. (4)
>> * Google, Inc. (10)
>> * Institut National de Recherche en Informatique et en Automatique (INRIA) (2)
>> * Microsoft Corporation (9)
>> * Nokia Corporation (2)
>> * OpenLink Software Inc. (2)
>> 
>> If the above looks good, I will take the action item to shuffle and make public the above list, so we can keep track of things and make sure work is fairly shared.
>> 
>> Open and eager for peoples’ thoughts on this!
>> 
>> Best,
>> Pete
> 
>

Received on Sunday, 22 December 2019 10:23:00 UTC