14 Sep 2010


See also: IRC log


+44.122.333.aaaa, spreibus, +358.504.87aabb, Carine, Rigo, Hannes, Ashok_Malhotra, Marco, Pete_Bramhall, David_Chadwick, +1.207.756.aacc, Eric_Brunner_Williams


<renato> Chair will be Marco

Encore Presentation by Pete Bramhall

<scribe> chair: Marco_Cassasa_Mont

<spreibus> ?

<renato> Rigo on the call yet?


<scribe> scribenick: rigo

Pete Bramhall presenting Project Encore


OECD principles, about organizations handing privacy

in EU it is part of human right, a much wider set of thing, remaining in control of who knows what about you

which leads to informational self determination

PB: it is large area, kind of boiling the ocean
... encore is trying to handle trust and consensus on data handling and privacy preservation

slide 4 a couple of examples. Individuals really care and are concerned

slide5: organizations partly care about privacy
... risk of not gaining the economic efficiency (privacy roadblock)
... also a differentiater, better privacy, happier customer
... but most strive for regulation compliance. Increasing awareness that privacy is a liability, cost of remedies
... governments have different view: have strange view of things, sometimes doing it wrong but funding htings like Encore

http://www.privacyinternational.org/article.shtml?cmd%5b347%5d=x-347-559597 for the PI ranking

PB: Law and Regulation => Directive 95/46 translated into UK law
... Information Commissioner, are the regulator, but also making codes of best practices

consent definition

the role of consent is central

The overall vision of this project is to

make giving consent as reliable and

easy as turning on a tap…

scribe: mostly giving consent implicitly, mean consent to be something very specific, precise and limited goes right to the backend of enterprise services that can deal with it
... needs to be easy for the enterprise to respect privacy and cost effective
... make sure that consents that were given will be honored, also revoking should be respect, All has to be reliable and vigurous
... not solved yet, most of the time giving consent is given before you know what will happen, mostly ok
... but e.g. in an ehealth scenario that may be tricky, may be want to come back to the decision to allow
... revokation and change have to be enabled => life cycle management of consent

PB: give enterprises the ability to manage privacy in a convenient and cost effective way
... meaningful information for individuals, restore confidence
... Encore project setup reported
... Partners

slide 16: Overview slide with all flows, very interdisciplinary work. start left bottom

scribe: doing awareness campaigns
... policy regulation, best practices, standards, does not mean necessarily new regulation,
... in order to make all that easy the enablers come into play, fitting those enablers into systems and paradigms


Technical architectures and prototypes

Regulatory recommendations

Proposals for compliance and certification

Taxonomy and requirements formalisation

compliance scheme that measures effectiveness of protections and correctness

Encore has done case study on first three challenges, not on the techno challenges yet

there is no legal right to privacy in UK unless you are a celebrity

consent has to be provided to be able to legally process data, but handy exceptions

limited right to revoke consent, Commissioners finds it ambiguous

there isn't any effective legal codification

no ownership of data

HT: ownership of data, there is no concept of ownership of data in other countries, still under debate within privacy scholars, difficult to claim ownership on data
... typically data relevant to privacy is not only generated by you

PB: what the issue is not the data, but the association of data.

DC: University degree can removed years after, so University can revoke

PB: external stakeholders are businesses and individuals

business challenges:

some buy in, some don't


“I know when I did my training one of the

things I was told was that processing under

consent is what the desperate resort to”

user challenges:

(usability, understandability)

technology challenges:

obligations, e.g. notifications, how to make them personalized

how to make them respected in very large orgs

various degrees of riguor applied adapted to the situation

scribe: cloud computing: in many jurisdictions notion of data controller that makes sure that data processors are complying with the requirements of data protection

is this done in real world? Somewhat

how to keep track of all copies

policy matching and individuals preferences into a single system, how to bring this into machine language, make it executable

how to enforce, to prevent that it can be broken, there is some major crypto needed

linking reputation to the initial consent, how can you revoke back all along the chain

Encore based on three case studies, have nearly finished first one Enhanced employee data sharing

biobanks less actors, better organized, long jeopardy issues at hand

oh zakim, reparse :)

assisted living, share some data not other data

rich area, terms of engagement with external partners

current status:

Case Study 1 complete

<scribe> ongoing:

Taxonomy and Formalisation work

Compliance process

Technical Architecture D2.1

picture with lots of arrows and pipes

already simplified

going for another 18 month

more information on


<spreibus> thanks, Pete, very interesting presentation


SP: working on similar projects: technical insights, what language using

PB: looking into extending XACML framework, incorporate a number of extension
... whatever the outcome is, to be useful, we need agreement what we want to solve, and what is the best way

we hope to contribute to that discussion

DC: nobody owns personal: but there are artefacts in real world, and those are owned by institutions, University, driving license
... some aspects of PII that have an owner issue

PB: legal problem is larger than that,
... good example is IP personal data?

some people think it is others think it is not, IP addresses should be randomly generated and assigned

<spreibus> to complement my earlier question: I'm currently investigating the ability to enforce data protection with information flow control -- very deeply down on the rechnical side

<spreibus> some thoughts into how technical approaches into enforcing consent needs combining with empirical evidence what users actually want to see enforced: http://www.cl.cam.ac.uk/research/dtg/privacy-calculus/

other end of the spectrum is that IP is unique identifier

PB: is an ocean boiling problem
... ownership rather on a right to use data

DC: types of data and ontology to classify them

PB: may be a way forward

<spreibus> imho, taxonomies are a good idea, but not close enough to the data handling processes to have some real impact

PB: if you try to produce categories it will be out of date before you can publish

<spreibus> are IP addresses personal data? even the P3P spec did acknowledge they are

<spreibus> that was more than three years ago

<spreibus> at the W3C Privacy Workshop in Summer at Vodafone, the privacy implications of IPv6 were mentioned

RW: Ontology may have a core

SP: ontologies and taxonomies and academic stuff is far too high level to have imipact in reality

for the decision of data is processed or not

scribe: must be drilled down deeply into the technical level, control of information flow, but this may be too complex, it has to fit business
... good to have enforcement, but have to think about what people want to have enforced

health data vs other data, security of data

DC: slide 28 using XACML for enforcement, but all goes into a single decision point. How is all merged, how are all systems are using the same language, user using the same language

<spreibus> I second that -- combining policies is a very tricky thing. And I have the feeling there are many instances we need merging of policies

PB: on merging: Suggest download the document and discuss deeply, How assume all systems use the same language. Are more interested in process compatibilities than in the overlap of technology itself

only going to work if trust is sufficiently transitive is going through the system

scribe: would be ideal to have vigurous enforcement, but this is holy gral
... business process, certification research
... how outcome has been reached rather than how to achieve the outcome

is not as ambitious, trying to produce something that is reasonably usable in a reasonable amount of time

have explored definition of Encore compliant systems. All other system dealing with PII should also be encore compliant, not necesarily absolutely equal

DC: TAS3 also interested in measuring compliance, have to cooperate

SP: we can't achieve everything at a time, What is your feeling, how fast can we see something in the wild

PB: the best is a feeling: If we can ?? they and their customers will get the benefit in a year or so, the patients and also the clinical researchers that are using the system

the secondary it is rather in the assisted living area, in UK major transition in health care sector. Moving more into independent care service providers

lead to a complex informatics environment, coming 3 categories

local authorities, team looking more generally into informatics models. standards procurement templates, These kind of things iwll find their way into procurement specifications

scribe: more widely, businesses that want an encore logo, will take a while

SP: on the web?

<david> Although we cannot do everything at once, TAS3 plans to have open source code that will enforce multiple policies in different languages and resolve conflicts between them

PB: industrial companies, the first of those have large consultancies that will use the knwoledge
... could well be that it is taken up this way

I suggest to hear the SWIFTS project next

<renato> URL for SWIFTS?

<spreibus> bye

renato, will provide on hte mailing list

<renato> ok

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2010/09/14 13:15:29 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.135  of Date: 2009/03/02 03:52:20  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Found ScribeNick: rigo
Inferring Scribes: rigo
Default Present: +44.122.333.aaaa, spreibus, +358.504.87aabb, Carine, Rigo, Hannes, Ashok_Malhotra, Marco, Pete_Bramhall, David_Chadwick, +1.207.756.aacc, Eric_Brunner_Williams
Present: +44.122.333.aaaa spreibus +358.504.87aabb Carine Rigo Hannes Ashok_Malhotra Marco Pete_Bramhall David_Chadwick +1.207.756.aacc Eric_Brunner_Williams

WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

Agenda: http://www.w3.org/Policy/pling/wiki/2010-09-14
Got date from IRC log name: 14 Sep 2010
Guessing minutes URL: http://www.w3.org/2010/09/14-pling-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]