Re: more context on this group? from Joseph Scheuhammer on 2021-07-28 (public-prtbl-prsnl-prefs@w3.org from July 2021)

From: Joseph Scheuhammer <clown@alum.mit.edu>
Date: Wed, 28 Jul 2021 10:28:24 -0400
To: public-prtbl-prsnl-prefs@w3.org
Message-ID: <4e4b9f4f-03ec-6163-3fc5-826af227212b@alum.mit.edu>

Hi Nick,

On 2021-06-30 3:12 p.m., Nick Doty wrote:
> I'm very interested in the topic of user preferences, particularly 
> around privacy. But the charter and cg announcement were brief.
>
> Can anyone provide some more context on this proposed work? Was there 
> new implementer interest in user privacy preferences?
>
> The group name/acronym and some of the charter language seem 
> reminiscent of the (now marked obsolete) P3P specs.
>
> Cheers,
> Nick

Here is an attempt to provide some context.  This is skeletal, but I 
hope it can act as a spring board for further discussions with the group.

I'll unpack the parts of "Portable Personal Data Preferences".

"Personal data" is any information about a person; or information that a 
person considers personal.  Examples include an individual's email 
address, social insurance number, health records, credit card 
information, or  remote profile data stored with a service such as Google.

"Preferences" are the degree to which an individual wants to share their 
personal data.  The preferences can be stated with different scopes, or 
levels of access.  For example, an individual might be willing to share 
their Google email address with everyone, but their full Google profile 
with only a certain small number of other services.  Single sign on is 
an example of the latter where a individual uses their Google account to 
log into another online service such as Figma.  Continuing with the 
concept of scope or levels of access: an individual may want to restrict 
access even more to a very small number of third parties with respect to 
other pieces of personal data.

"Portable" alludes to a formal specification of the preferences such 
that they are machine readable and can be used by any system that 
understands the spec.

A "radical idea" is that an individual's personal preferences constitute 
a user-centric privacy policy, and can be used as such with any 
service.  That is, instead of a service asking a user to agree to that 
service's privacy policy, the user provides their personal data 
preferences as a statement that informs the service what the individual 
is willing to share.

Related topics include the user interface of an application that 
acquires a user's preferences, and how to make that easier to 
understand.  This involves the use of plain language and educational 
material that informs users what is at stake with respect to sharing 
their personal data.

I hope that provides more context than the charter.  And, thanks for the 
pointer to the P3P specification.  I was unaware of it.  I found this 
link, which I think is what you are referring to:
https://www.w3.org/TR/P3P/

Cheers,

-- 
;;;;joseph.

'The only reason for time is so that everything doesn't happen all at once.'
                                - B. Banzai -

Received on Wednesday, 28 July 2021 14:28:51 UTC