- From: Janet Daly <janet@w3.org>
- Date: Thu, 14 Dec 2006 07:39:39 -0800
- To: w3c-news@w3.org
Today, W3C released the results of its recent Privacy Workshop which
recommend next steps for keeping privacy promises when exchanging
sensitive information on the Web, incorporating feedback from
international experts in privacy and policy. For more information,
please contact Janet Daly, Global Communications Officer at +1 617
253 5884 <janet@w3.org> or the W3C Communications Team representative
in your region.
W3C Workshop Report: Keeping Privacy Promises
Privacy Experts Suggest Approaches for Managing Personal Information
Web Resources
This Press release
http://www.w3.org/2006/12/privacy-workshop-pressrelease
W3C Privacy Workshop Report
http://www.w3.org/2006/07/privacy-ws/report
W3C Privacy Workshop Minutes
http://www.w3.org/2006/10/17-privacy-minutes
http://www.w3.org/ -- 14 December 2006 -- Today W3C published a
Privacy Workshop Report and minutes that recommend next steps for
keeping privacy promises when exchanging sensitive information on the
Web. Privacy and access control experts from America, Australia, Asia
and Europe met in October 2006 in Ispra, Italy to study Web privacy
issues and solutions. W3C would like to thank the Joint Research
Center of the European Commission for hosting that Workshop on
Languages for Privacy Policy Negotiation and Semantics-Driven
Enforcement.
"The joint effort to organize this event and the active contribution
of the participants on a high scientific level demonstrated the
importance of the subject," said Jan Löschner, Head of Cyber Security
at the European Commission's Joint Research Center. "I appreciated
the constructive atmosphere of the Workshop to discuss privacy issues
and wish to see proposed solutions being implemented and used in the
future."
The Challenges of Online Privacy
On the Web, information collection and transfer are routine, often
conducted by multiple parties in a manner transparent to the user. As
more parties are granted access to information, it becomes more
challenging to track chains of privacy promises and to enforce them.
Tools can help, but tools require descriptions of access privileges,
and such descriptions can be hard to formulate when so many parties
are involved.
Though users may be familiar with scenarios such as a doctor
exchanging patient information with a laboratory, these issues are
not limited to large-scale enterprises. More individuals are sharing
personal information (photos, blog entries, etc.) on the Web. They
too recognize the need for more effective approaches for managing
personal information, for describing who can access their
information, and for learning who is to be held accountable when a
given service does not respect their privacy preferences.
"This Workshop provided a broad, articulated outline of privacy-
related challenges in the Information Society," said Professor
Bonatti of Naples University. "It was an excellent chance to bring
together the visions and the approaches of institutional, industrial,
and academic actors, covering not only computer science but also
economics and other disciplines. The challenges discussed in the
workshop are definitely going to be hot research topics for the
coming years."
Towards a Common Framework for Policy Languages
Previous W3C work on Web privacy, the Platform for Privacy
Preferences Project (P3P), focused on how to express privacy
preferences in a way that allows software to enforce those
preferences. The Workshop explored a different set of questions: How
can privacy promises be maintained as information changes hands? How
can access control decisions and accountability mechanisms leverage
the Web to help manage obligations and actions arising from the data
exchange? How can community and user driven Web sites leverage access
control and accountability frameworks? Workshop participants
suggested that W3C charter an Interest Group as a forum for continued
discussion of these questions.
One common obstacle toward progress on integrated privacy approaches
for both enterprise processes and the Web is the lack of
interoperability between different policy languages. Current policy
mechanisms are tailored to specific use cases and serve those use
cases well. But today's enterprise and Web environments require a
tight coupling of different approaches. Participants in the Workshop
agreed that the community should embrace the reality of policy
language diversity and work on facilitating connections among these
multiple languages, rather than trying to create a single combined
policy language to cover the entire field of personal information
processing and access control. W3C is participating in the PRIME and
PAW projects, which promise to provide valuable input into future
work in this area.
Contact Americas, Australia --
Janet Daly, <janet@w3.org>, +1.617.253.5884 or +1.617.253.2613
Contact Europe, Africa and the Middle East--
Marie-Claire Forgue, <mcf@w3.org>, +33.492.38.75.94
Contact Asia --
Yasuyuki Hirakawa <chibao@w3.org>, +81.466.49.1170
About the World Wide Web Consortium [W3C]
The World Wide Web Consortium (W3C) is an international consortium
where Member organizations, a full-time staff, and the public work
together to develop Web standards. W3C primarily pursues its mission
through the creation of Web standards and guidelines designed to
ensure long-term growth for the Web. Over 400 organizations are
Members of the Consortium. W3C is jointly run by the MIT Computer
Science and Artificial Intelligence Laboratory (MIT CSAIL) in the
USA, the European Research Consortium for Informatics and Mathematics
(ERCIM) headquartered in France and Keio University in Japan,and has
additional Offices worldwide. For more information see http://
www.w3.org/
Received on Thursday, 14 December 2006 15:39:40 UTC