-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update charter.html to better define privacy #20
Conversation
fixes issue #6
I believe this is mostly aligned with the language discussed earlier today. The only other callout I would make is if we want to use |
Would cross-party and same-party work better? |
I don't think that substituting "party" for "site" would be a good idea. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems fine. A run-on sentence might be improved, but I think we have the high-level definition we need.
This is not all of what "privacy" might mean in this context, but this is probably a worthwhile contribution nonetheless. Ultimately, we'll need to define what we really mean through the documentation of our privacy principles (or guidelines) and this cannot capture all that nuance.
As long as we accept that this is not a comprehensive definition, this is fine.
Co-authored-by: Martin Thomson <mt@lowentropy.net>
Agreed with @martinthomson that we shouldn't use "party". I'm also fine with simply using "site", though I'm curious if there's been any discussion of this distinction at the TAG level (cc @darobin). |
(Changed the title to make this PR a little more legible.) |
Sorry for the late reply, but I find the language somewhat restrictive and would like to propose that:
be changed to:
I think this group ought to consider general advertising use-cases supported by online activity to be in scope and not just web advertising. I also think the focus on cross-site/same-site is too proscriptive for the charter and that we should either leave it out or generalize the language to: "...that do not facilitate unsanctioned cross-context recognition of users." |
If this is not intended to be a comprehensive definition, then we should say so explicitly. For example, we could precede these examples with "For example,". I don't see the need for having these two examples at all, but if they're not explicitly marked as such, then I expect many will be confused as to whether there are other privacy properties of interest to the scope of the Working Group. |
Would this group find it objectionable to change this to refer to understanding privacy as defined in the document on Privacy Purposes that the CG will produce. This will also assure that, should the W3C produce a privacy-defining document (as seems to be in progress) we will not have to make a charter change to be aligned with it, but instead a CG discussion. Thoughts? |
I agree directionally -- the charter and framing of privacy are related but independent and ought to be standalone so each is free to evolve with minimum impact on the other. |
these features is to support web advertising and provide users with | ||
privacy guarantees with a strong technical basis. | ||
privacy guarantees with a strong technical basis. To maintain privacy, new features will not enable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Incorporating @npdoty's feedback, I would suggest we instead say:
The purpose of these features is to support web advertising in private ways. Here "private" refers to appropriate processing of personal information. Examples of ways in which new web platform features might enable inappropriate processing include (but are not limited to):
- enabling cross-site recognition of users
- enabling same-site recognition of users across the clearing of state or data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for explicitly marking these as examples. "appropriate processing of personal information" as a shorthand definition for private is necessarily still incomplete and imperfect, but certainly not the worst definition I've heard. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bslassey Do you object to making the above change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No objection, I think that's a great articulation of what we're trying to get across
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changing site
to context
would make this acceptable under consensus.
I just opened #23, which I hope leaves enough space for us to consider other things, like degradation in autonomy. Given that given the entire point of advertising sits in a place that is somewhat uncomfortable when you talk about autonomy, I don't want to get too far into that discussion, especially in the charter. What is probably best in this context is to let those aspects of the problem fold into discussions. |
fixes issue #6