Re: WS Privacy [Was RE: Status of D-AG006] from Tim Coote on 2002-03-20 (www-ws-arch@w3.org from March 2002)

From: Tim Coote <tim@coote.org>
Date: Wed, 20 Mar 2002 22:52:33 -0000
To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Cc: "Rigo Wenning" <rigo@w3.org>
Message-ID: <013501c1d061$eca6bd00$801fa8c0@homebox>

Hullo

I'm not a lawyer, but for what it's worth, I'd get this reviewed by lawyers
before setting it in stone. What I don't understand is which lawyers. I
think that the UK Data Protection Act (the basis of EU legislation, I think)
is quite good, but I have also heard of some draconian data
protection/privacy issues in Germany. It would be daft to produce a standard
that was immediately outlawed in key parts of the world.

tc
----- Original Message -----
From: "Hugo Haas" <hugo@w3.org>
To: <www-ws-arch@w3.org>
Cc: "Rigo Wenning" <rigo@w3.org>
Sent: Wednesday, March 20, 2002 7:07 PM
Subject: Re: WS Privacy [Was RE: Status of D-AG006]


> Hi Joe.
>
> * Joseph Hui <jhui@digisle.net> [2002-03-20 10:33-0800]
> [..]
> > On the new goal you're proposing -- protecting comsumers' private data
> > from exploitation, I tend to think legislative bodies (instead of
technological
> > standard bodies) can be much much more effective in privacy areas.
> > E.g. I don't know of any effective technical mechanism that can prevent
> > a merchant from whom a consumer has purchased goods from using the
> > consumer's shipping address for promotional mails.  But if the laws
> > says the merchant must provide a checkbox for consumers to
> > exclude themselves from potential spams, then the problem (which is
> > only one of many privacy problems) is pretty solved, as it's
technologically
> > trivial to add such anti-spam feature (i.e. stopping spams at their
sources).
>
> Privacy can be protected by, for example:
> - minimalizing the amount of data collected to what is necessary only.
> - limit the period such data is held.
>
> I don't think we can prevent data collection, but we can have services
> advertize what they are doing, e.g. by using P3P, which was developed
> at W3C[1], and plan for such things in the architecture.
>
> > I'd also suggest that as we're starting to deliberate Privacy, we need
to
> > *define* (de Javu?) what Privacy means in the WSAWG context,
> > so we know what we're getting ourselves into.
>
> Even though I have been the one advocating for privacy, I am no
> privacy expert and am copying Rigo Wenning on this in case he wants to
> add something.
>
> To me, privacy in the Web services architecture context is about
> collection of data by service providers about the service consumers;
> the tricky part is that there could be several parties involved for
> providing a complex service, which could each have different policies.
>
> The data could be tied to your name, address, or maybe simply a user
> identifier, for marketing purposes or maybe just for statistical
> analyses, it could be shared among providers or kept to one provider,
> etc.
>
> Regards,
>
> Hugo
>
>   1. http://www.w3.org/P3P/
> --
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
>
>

Received on Wednesday, 20 March 2002 17:52:43 UTC