News Release: W3C Issues Report, Recommendations on Web Privacy

Today, W3C released the results of its recent Privacy Workshop which  
recommend next steps for keeping privacy promises when exchanging  
sensitive information on the Web, incorporating feedback from  
international experts in privacy and policy. For more information,  
please contact Janet Daly, Global Communications Officer at +1 617  
253 5884 <janet@w3.org> or the W3C Communications Team representative  
in your region.

W3C Workshop Report: Keeping Privacy Promises
Privacy Experts Suggest Approaches for Managing Personal Information

Web Resources

	This Press release
           http://www.w3.org/2006/12/privacy-workshop-pressrelease

	W3C Privacy Workshop Report
	  http://www.w3.org/2006/07/privacy-ws/report

         W3C Privacy Workshop Minutes
           http://www.w3.org/2006/10/17-privacy-minutes

http://www.w3.org/ -- 14 December 2006 -- Today W3C published a  
Privacy Workshop Report and minutes that recommend next steps for  
keeping privacy promises when exchanging sensitive information on the  
Web. Privacy and access control experts from America, Australia, Asia  
and Europe met in October 2006 in Ispra, Italy to study Web privacy  
issues and solutions. W3C would like to thank the Joint Research  
Center of the European Commission for hosting that Workshop on  
Languages for Privacy Policy Negotiation and Semantics-Driven  
Enforcement.

"The joint effort to organize this event and the active contribution  
of the participants on a high scientific level demonstrated the  
importance of the subject," said Jan Löschner, Head of Cyber Security  
at the European Commission's Joint Research Center. "I appreciated  
the constructive atmosphere of the Workshop to discuss privacy issues  
and wish to see proposed solutions being implemented and used in the  
future."

The Challenges of Online Privacy

On the Web, information collection and transfer are routine, often  
conducted by multiple parties in a manner transparent to the user. As  
more parties are granted access to information, it becomes more  
challenging to track chains of privacy promises and to enforce them.  
Tools can help, but tools require descriptions of access privileges,  
and such descriptions can be hard to formulate when so many parties  
are involved.

Though users may be familiar with scenarios such as a doctor  
exchanging patient information with a laboratory, these issues are  
not limited to large-scale enterprises. More individuals are sharing  
personal information (photos, blog entries, etc.) on the Web. They  
too recognize the need for more effective approaches for managing  
personal information, for describing who can access their  
information, and for learning who is to be held accountable when a  
given service does not respect their privacy preferences.

"This Workshop provided a broad, articulated outline of privacy- 
related challenges in the Information Society," said Professor  
Bonatti of Naples University. "It was an excellent chance to bring  
together the visions and the approaches of institutional, industrial,  
and academic actors, covering not only computer science but also  
economics and other disciplines. The challenges discussed in the  
workshop are definitely going to be hot research topics for the  
coming years."

Towards a Common Framework for Policy Languages

Previous W3C work on Web privacy, the Platform for Privacy  
Preferences Project (P3P), focused on how to express privacy  
preferences in a way that allows software to enforce those  
preferences. The Workshop explored a different set of questions: How  
can privacy promises be maintained as information changes hands? How  
can access control decisions and accountability mechanisms leverage  
the Web to help manage obligations and actions arising from the data  
exchange? How can community and user driven Web sites leverage access  
control and accountability frameworks? Workshop participants  
suggested that W3C charter an Interest Group as a forum for continued  
discussion of these questions.

One common obstacle toward progress on integrated privacy approaches  
for both enterprise processes and the Web is the lack of  
interoperability between different policy languages. Current policy  
mechanisms are tailored to specific use cases and serve those use  
cases well. But today's enterprise and Web environments require a  
tight coupling of different approaches. Participants in the Workshop  
agreed that the community should embrace the reality of policy  
language diversity and work on facilitating connections among these  
multiple languages, rather than trying to create a single combined  
policy language to cover the entire field of personal information  
processing and access control. W3C is participating in the PRIME and  
PAW projects, which promise to provide valuable input into future  
work in this area.

Contact Americas, Australia --
     Janet Daly, <janet@w3.org>, +1.617.253.5884 or +1.617.253.2613
Contact Europe, Africa and the Middle East--
     Marie-Claire Forgue, <mcf@w3.org>, +33.492.38.75.94
Contact Asia --
     Yasuyuki Hirakawa <chibao@w3.org>, +81.466.49.1170

About the World Wide Web Consortium [W3C]

The World Wide Web Consortium (W3C) is an international consortium  
where Member organizations, a full-time staff, and the public work  
together to develop Web standards. W3C primarily pursues its mission  
through the creation of Web standards and guidelines designed to  
ensure long-term growth for the Web. Over 400 organizations are  
Members of the Consortium. W3C is jointly run by the MIT Computer  
Science and Artificial Intelligence Laboratory (MIT CSAIL) in the  
USA, the European Research Consortium for Informatics and Mathematics  
(ERCIM) headquartered in France and Keio University in Japan,and has  
additional Offices worldwide. For more information see http:// 
www.w3.org/

Received on Thursday, 14 December 2006 15:39:40 UTC