- From: Joseph Scheuhammer <clown@alum.mit.edu>
- Date: Wed, 28 Jul 2021 10:28:24 -0400
- To: public-prtbl-prsnl-prefs@w3.org
Hi Nick, On 2021-06-30 3:12 p.m., Nick Doty wrote: > I'm very interested in the topic of user preferences, particularly > around privacy. But the charter and cg announcement were brief. > > Can anyone provide some more context on this proposed work? Was there > new implementer interest in user privacy preferences? > > The group name/acronym and some of the charter language seem > reminiscent of the (now marked obsolete) P3P specs. > > Cheers, > Nick Here is an attempt to provide some context. This is skeletal, but I hope it can act as a spring board for further discussions with the group. I'll unpack the parts of "Portable Personal Data Preferences". "Personal data" is any information about a person; or information that a person considers personal. Examples include an individual's email address, social insurance number, health records, credit card information, or remote profile data stored with a service such as Google. "Preferences" are the degree to which an individual wants to share their personal data. The preferences can be stated with different scopes, or levels of access. For example, an individual might be willing to share their Google email address with everyone, but their full Google profile with only a certain small number of other services. Single sign on is an example of the latter where a individual uses their Google account to log into another online service such as Figma. Continuing with the concept of scope or levels of access: an individual may want to restrict access even more to a very small number of third parties with respect to other pieces of personal data. "Portable" alludes to a formal specification of the preferences such that they are machine readable and can be used by any system that understands the spec. A "radical idea" is that an individual's personal preferences constitute a user-centric privacy policy, and can be used as such with any service. That is, instead of a service asking a user to agree to that service's privacy policy, the user provides their personal data preferences as a statement that informs the service what the individual is willing to share. Related topics include the user interface of an application that acquires a user's preferences, and how to make that easier to understand. This involves the use of plain language and educational material that informs users what is at stake with respect to sharing their personal data. I hope that provides more context than the charter. And, thanks for the pointer to the P3P specification. I was unaware of it. I found this link, which I think is what you are referring to: https://www.w3.org/TR/P3P/ Cheers, -- ;;;;joseph. 'The only reason for time is so that everything doesn't happen all at once.' - B. Banzai -
Received on Wednesday, 28 July 2021 14:28:51 UTC