Re: PING call - 20 August 2020 UTC 16 - Agenda Request from James Rosewell on 2020-08-19 (public-privacy@w3.org from July to September 2020)

From: James Rosewell <james@51degrees.com>
Date: Wed, 19 Aug 2020 14:56:35 +0000
To: "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <DB7PR02MB47104AA7BB6C2D91695840A2A65D0@DB7PR02MB4710.eurprd02.prod.outlook.com>

Hi Christine, Pete,

I've read the three main documents that the group delivers and the charter. The mission of the group is to "improve privacy". However, the success criteria are incomplete as they focus solely on the provision of feedback and review. The success criteria do not define how improved privacy is actually measured.

The Security and Privacy Questionnaire is widely used across the W3C requiring questions and mitigations to be provided. The absence of policies clearly stating what constitutes acceptable or improved privacy makes the document harder to use. I've proposed some preliminary modifications. This general issue was acknowledged by Pete when commenting on the Privacy Thread Model document edits this week [1]. Pete raises the following excellent points.

"1. Enumerate what privacy protections / properties / boundaries we'd like the web to have, as a way of making our privacy-reviews consistent and easier to understand
2. Provide predictability to spec authors, so they can better anticipate the results of a privacy review
3. Provide consistency across the work PING does, and other privacy-related groups in W3C (TAG, PrivacyCG), so that we can make sure that one group doesn't accidentally undo the work another group is pursuing"

I'm curious to learn if there is work underway to adopt a common privacy policy across the W3C? Such a policy could be short and similar to the antitrust policy.

I have reviewed the Security and Privacy Questionnaire and raised four issues with the document that have now been closed by TAG chairs, in two cases without a logical conclusion or explanation. All these issues would be significantly mitigated with reference to such a common privacy policy. I'd like us to discuss each of these issues during the next meeting.

Regards,

James

[1] https://w3cping.slack.com/archives/CTL6DM6HZ/p1597697711029200
This email and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose, use, store or copy the information contained herein. This is an email from 51Degrees.mobi Limited, 5 Charlotte Close, Reading. RG47BY. T: +44 118 328 7152; E: info@51degrees.com; 51Degrees.mobi Limited t/as 51Degrees.

Received on Wednesday, 19 August 2020 14:56:55 UTC