Update charter.html to better define privacy

[bslassey]

fixes issue #6

[eriktaubeneck]

I believe this is mostly aligned with the language discussed earlier today. The only other callout I would make is if we want to use cross-site/app and same-site/app, instead of only cross-site and same-site.

[bslassey]

Would cross-party and same-party work better?

[martinthomson]

I don't think that substituting "party" for "site" would be a good idea.

[martinthomson]

This seems fine. A run-on sentence might be improved, but I think we have the high-level definition we need.

This is not all of what "privacy" might mean in this context, but this is probably a worthwhile contribution nonetheless. Ultimately, we'll need to define what we really mean through the documentation of our privacy principles (or guidelines) and this cannot capture all that nuance.

As long as we accept that this is not a comprehensive definition, this is fine.

[eriktaubeneck]

Agreed with @martinthomson that we shouldn't use "party". I'm also fine with simply using "site", though I'm curious if there's been any discussion of this distinction at the TAG level (cc @darobin).

[AramZS]

(Changed the title to make this PR a little more legible.)

[bmayd]

Sorry for the late reply, but I find the language somewhat restrictive and would like to propose that:

The purpose of these features is to support web advertising and provide users with privacy guarantees with a strong technical basis that do not enable cross-site recognition of users as well as not allowing for the same-site recognition of users across the clearing of state or data.

be changed to:

The purpose of these features is to support advertising while providing users with clearly articulated privacy guarantees with a strong technical basis.

I think this group ought to consider general advertising use-cases supported by online activity to be in scope and not just web advertising.

I also think the focus on cross-site/same-site is too proscriptive for the charter and that we should either leave it out or generalize the language to: "...that do not facilitate unsanctioned cross-context recognition of users."

[npdoty]

As long as we accept that this is not a comprehensive definition, this is fine.

If this is not intended to be a comprehensive definition, then we should say so explicitly. For example, we could precede these examples with "For example,".

I don't see the need for having these two examples at all, but if they're not explicitly marked as such, then I expect many will be confused as to whether there are other privacy properties of interest to the scope of the Working Group.

[AramZS]

Would this group find it objectionable to change this to refer to understanding privacy as defined in the document on Privacy Purposes that the CG will produce. This will also assure that, should the W3C produce a privacy-defining document (as seems to be in progress) we will not have to make a charter change to be aligned with it, but instead a CG discussion.

Thoughts?

[bmayd]

...change this to refer to understanding privacy as defined in the document on Privacy Purposes that the CG will produce.

I agree directionally -- the charter and framing of privacy are related but independent and ought to be standalone so each is free to evolve with minimum impact on the other.

[benjaminsavage]

Incorporating @npdoty's feedback, I would suggest we instead say:

The purpose of these features is to support web advertising in private ways. Here "private" refers to appropriate processing of personal information. Examples of ways in which new web platform features might enable inappropriate processing include (but are not limited to):

• enabling cross-site recognition of users
• enabling same-site recognition of users across the clearing of state or data.

[npdoty]

+1 for explicitly marking these as examples. "appropriate processing of personal information" as a shorthand definition for private is necessarily still incomplete and imperfect, but certainly not the worst definition I've heard. :)

[AramZS]

@bslassey Do you object to making the above change?

[bslassey]

No objection, I think that's a great articulation of what we're trying to get across

[AramZS]

Changing site to context would make this acceptable under consensus.

[martinthomson]

I just opened #23, which I hope leaves enough space for us to consider other things, like degradation in autonomy. Given that given the entire point of advertising sits in a place that is somewhat uncomfortable when you talk about autonomy, I don't want to get too far into that discussion, especially in the charter. What is probably best in this context is to let those aspects of the problem fold into discussions.