Re: WS Privacy [Was RE: Status of D-AG006]

Hullo
I don't think that this is how privacy is regarded everywhere. Speaking as a
non-lawyer, in the UK, I have a right not to have information about me
captured, to see what information on me any company has and to have it
corrected, or destroyed if there is no legitimate reason for the company
holding it. And there are limitations on what companies who hold data about
me are allowed to do with it (eg they can't move it to a country with lower
privacy standards).  I've seen several US companies fall over on this.

tc
----- Original Message -----
From: "Edgar, Gerald" <gerald.edgar@boeing.com>
To: <www-ws-arch@w3.org>
Sent: Wednesday, March 20, 2002 8:20 PM
Subject: RE: WS Privacy [Was RE: Status of D-AG006]


> I can not address legal issues, since governing law varies from place to
> place. I see privacy as a subclass of confidentiality- protection from
> unauthorized attempts to read data.
>
> Privacy consists of the right of an entity, normally a person, acting in
> their own behalf, and how much it will interact with its environment. The
> entity determines how much information to share.
>
> This also has implications for web services in how to keep web services
> confidential, this should be part of security. How the data is treated in
> the application using web services is I think beyond the scope of the
> architecture group
>
> Gerald W. Edgar <gerald.edgar@boeing.com>
> Architecture support, BCA Architecture and e-business
> 425-234-1422
>
> Mailing address:
> The Boeing Company, M/S 6H-WW
> PO Box 3707, Seattle, WA 98124-2207
> USA
>
>
>
> -----Original Message-----
> From: Hugo Haas [mailto:hugo@w3.org]
> Sent: Wednesday, March 20, 2002 11:07
> To: www-ws-arch@w3.org
> Cc: Rigo Wenning
> Subject: Re: WS Privacy [Was RE: Status of D-AG006]
>
>
> Hi Joe.
>
> * Joseph Hui <jhui@digisle.net> [2002-03-20 10:33-0800]
> [..]
> > On the new goal you're proposing -- protecting comsumers' private data
> > from exploitation, I tend to think legislative bodies (instead of
> technological
> > standard bodies) can be much much more effective in privacy areas.
> > E.g. I don't know of any effective technical mechanism that can prevent
> > a merchant from whom a consumer has purchased goods from using the
> > consumer's shipping address for promotional mails.  But if the laws
> > says the merchant must provide a checkbox for consumers to
> > exclude themselves from potential spams, then the problem (which is
> > only one of many privacy problems) is pretty solved, as it's
> technologically
> > trivial to add such anti-spam feature (i.e. stopping spams at their
> sources).
>
> Privacy can be protected by, for example:
> - minimalizing the amount of data collected to what is necessary only.
> - limit the period such data is held.
>
> I don't think we can prevent data collection, but we can have services
> advertize what they are doing, e.g. by using P3P, which was developed
> at W3C[1], and plan for such things in the architecture.
>
> > I'd also suggest that as we're starting to deliberate Privacy, we need
to
> > *define* (de Javu?) what Privacy means in the WSAWG context,
> > so we know what we're getting ourselves into.
>
> Even though I have been the one advocating for privacy, I am no
> privacy expert and am copying Rigo Wenning on this in case he wants to
> add something.
>
> To me, privacy in the Web services architecture context is about
> collection of data by service providers about the service consumers;
> the tricky part is that there could be several parties involved for
> providing a complex service, which could each have different policies.
>
> The data could be tied to your name, address, or maybe simply a user
> identifier, for marketing purposes or maybe just for statistical
> analyses, it could be shared among providers or kept to one provider,
> etc.
>
> Regards,
>
> Hugo
>
>   1. http://www.w3.org/P3P/
> --
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
>
>

Received on Wednesday, 20 March 2002 17:57:34 UTC