W3C Workshop on Privacy and data usage control 04/05 October 2010, Cambridge (MA)
ISBN - 978-88-97253-01-3


Call For Participation


Users trust enormous amounts of personal information to a large variety of online services including social network sites, search engines, photo and video sharing services, and hosted email solutions. As all those services become ever more tightly integrated, it becomes increasingly difficult to control the dispersion of information throughout the Web. It also becomes ever more difficult for services to respect users' privacy while participating in interweaved service networks that the benefit the users. There is a necessity to share data with other services to create better offers, but this does not mean we cannot have privacy as well. What is needed to ensure services respect their users' privacy? There are initiatives to provide users with information on what data is being collected about them and ways to customize what data can be collected. Other techniques focus on enabling services to better control and audit data usage, namely who accessed data and what processing was done. However, this addresses only part of the problem. What happens when personal data that was released for a certain purpose is misused ? What does ensuring privacy on the Web really mean when sensitive information can be easily inferred from publically available sources [ Gaydar, Researchers Expose Security Flaw in Social Security Numbers, Inferring Private Information Using Social Network Data] ?

There have been earlier Workshops on issues related to privacy, however, we see a continuous need for improvement. The 2006 Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement (Report) addressed aspects and resulted in the creation of the Policy Languages Interest Group (PLING). Coordination continued with the Workshop on Access Control Application Scenarios (report) where Access Control scenarios were evaluated and XACML extensions and complements for Privacy suggested. Most of these workshops consider technical approaches to solving the problem of privacy using access control. However, we are interested in broader aspects of privacy including those of usage and handling of personal information especially related to social networking.

Privacy in Social Networking is a big challenge at the moment. Social networking sites currently have their own home-grown privacy features and settings. Those are not interoperable and regularly, news report of privacy breaching incidents caused by a combination of services with social networking. This could be improved if social networks would be enabled to transport the privacy restrictions set by the user to the interlinked services.

Goals and Scope

This workshop will explore solutions to privacy based on controlling data usage and on data handling. We also solicit contributions on techniques for ``sticky policies'' that ensure that policies constantly move along with the related data. While data usage control in a single enterprise can live with ad-hoc defined semantics, dataflows across enterprise borders need agreed upon semantics to avoid very costly and time consuming transformation. Semantic interoperability by an agreed common privacy vocabulary may be a remedy, but this may not be the only one. Digital Right Management (DRM) research might provide some interesting insights on how data usage control could be supported in distributed environments. Regulatory approaches are also of importance as they influence the way technology is used to comply with regulation. We invite position papers on all these aspects of privacy protection on the Web, especially:

The workshop is expected to attract a broad set of stakeholders, including researchers, database manufacturers, CRM-system manufacturers, Social Networking Providers. This workshop will determine whether there is interest in further work on policy languages and data handling/data usage work within W3C.

Participation Requirements

All participants are required to submit a position paper by 10 September 2010. W3C membership is not required to participate in this workshop.

The total number of participants will be limited. To ensure diversity, a limit might be imposed on the maximum number of participants per organization.

Instructions for how to register will be sent to submitters of accepted position papers. These instructions will also indicate a possible limit on the maximum number of participants per organization.

Workshop sessions and documents will be in English. Position papers, presentations, minutes and the workshop report will be public.

There is no fee to participate.

Expression of Interest

To help the organizers plan the workshop: If you wish to participate, please as soon as possible send a message to team-privacyws-submit@w3.org with a short (one paragraph) "expression of interest" stating:

Note: Sending that expression of interest does not mean that you registered for the workshop. It is still necessary to send a position paper (see below), which then must be considered for acceptance by the Program Committee.

Position Papers

Please submit position papers by sending them to team-privacyws-submit@w3.org

You paper must meet the following criteria:

Based on a review of all submitted position papers, the Program Committee will select the most relevant and invite the submitters of those papers to the Workshop. From among all accepted papers, the program committee will choose a small number of papers judged most appropriate for fostering discussion, and ask the authors of those papers to give short presentations about them at the Workshop. After the workshop, those presentations will then be published on the workshop home page.

Important dates

Date Event
27 July 2010 Call for Participation issued
10 September 2010 Deadline for position papers
18 September 2010 Acceptance notification sent
24 September 2010 Program released
04/05 October 2010 Workshop

Workshop Organization

Workshop sessions and documents will be in English



Program Committee


The Workshop will be hosted by the Decentralized Information Group at MIT. More detailed venue information will be made available in due course.


Position papers, agenda, accepted presentations, and report will also be published online.