Skip to contents |
W3C T and S Interface Domain | Privacy home

Privacy Activity Statement

Privacy remains one of the main activities of the Consortium in the area of social responsibility. Privacy has many different aspects in W3C:

  1. It is a horizontal area as most of W3C's technologies also deal with personal data and thus need to take Privacy into account. Some effort therefore goes into helping other Working Groups like e.g. the Geolocation WG to better address Privacy.
  2. The Tracking Protection Working Group is specifying the Do Not Track Mechanism under high public scrutiny. Within a politically difficult environment, the Working Group managed to make progress according to the plans. Additional pressures from outside stem from a timescale set by Neelie Kroes, European Commissioner for Information Society, and the Federal Trade Commission. While the politically simpler Tracking Preference Expression Specification is now very mature, the Specification on Tracking Compliance and Scope is maturing slowly.
  3. It is a technology area by itself. The Platform for Privacy Preferences (P3P) was a foundational step and remains relevant as a basis for many of the current cutting edge privacy enhancing technologies. Currently, the Tracking Protection Working Group is chartered to improve user privacy and user control by defining mechanisms for expressing user preferences around Web tracking and for blocking or allowing Web tracking elements. The group seeks to standardize the technology and meaning of Do Not Track, and of Tracking Selection Lists.
  4. Privacy is an area of intense research: For the past 7 years, W3C has participated in EU FP7 research on Privacy. The last project, PrimeLife, had a budget of €11Mio and ended in 2011. In this project, the W3C Team tried to advance in the area of policy languages and social networking. Dave Raggett programmed the Privacy Dashboard, a Firefox Extension now hosted on W3C infrastructure. W3C Team continues to be an actor in the area of privacy research, actively looking for further research funding opportunities.
  5. Out of the combination of standardization and research, W3C has developed a profile for technology transfer. Members actively engage with privacy advocates and researchers in the public-privacy mailing-list that is run by the Privacy Interest Group.

At least since Alan Westin wrote his famous books Privacy and Freedom (1967) and Databanks in a Free Society (1972), Privacy has been a sustained challenge for computer science. Computing provides powerful tools that can be used for the good and for the bad of humankind. W3C has started work on Privacy with P3P and has continued to explore the Privacy challenges since then. The current highlight is the work on Do Not Track. There is no obvious end to the Privacy challenge on the Web. Nearly 10 Years after the completion of the work on P3P, much of the research in the area of privacy, accountability and data handling is still heavily influenced by the P3P 1.0 Recommendation and the P3P 1.1 Working Group Note. Even the Tracking Protection Working Group regularly addresses issues of transparency of data collection that could be solved by P3P rather than by Do Not Track.

The very successful PrimeLife project allowed to explore new technologies like anonymous credentials, new policy languages and how to integrate the value of privacy into Specifications. With the Project's support, we were able to organize many interesting workshops:

It can be concluded that people need a venue for general privacy discussions related to the Web. All attempts to limit the discussion to a specific policy language or a very narrowly focused interest were rather detrimental to the overall quality of discussion and the success of the venue. This is now addressed by the Privacy Interest Group that runs the public-privacy mailing-list.

Highlights Since the Previous Advisory Committee Meeting

The Privacy Interest Group (PING) has stabilized. It not only serves as a platform for the urgently needed broader Privacy debate and exploration concerning the Web Platform. PING also serves as an excellence center for Privacy review of works of other Working Groups. PING has already worked successfully with the Device API Working Group to help with the Web Application Privacy Best Practices. PING works on the Privacy implications of the Encrypted Media Extensions work and also on privacy considerations for SysApps.

High attention is still given to the Do Not Track header initially promoted by CDT and implemented for the first time by Mozilla. After the Microsoft Web Tracking Protection Member Submission, W3C Staff held a successful Workshop on Web Tracking and User Privacy at Princeton University on 28-29 April 2011 that led to the creation of the W3C Tracking Protection WG that is now scheduled to produce the Tracking Preference Expression Specification to define the header & protocol and the Specification on Tracking Compliance and Scope to define the meaning of this header.

W3C is already looking beyond this first definition of Do Not Track. The W3C Workshop: Do Not Track and Beyond was held In November 2012 in Berkeley, CA. It concluded that we are on Track with Do Not Track, but should remain supportive of the long tail of the Web, including blogs and smaller Web sites. There is a need for standards in further increasing transparency in privacy, such as improving privacy notices with supporting icons or reputation mechanisms.

The discussions around Privacy remain high up on the political agenda on both sides of the Atlantic. While the discussion around Do Not Track in the US matures into a pragmatic compromise, the European debate around the new EU Regulation on data protection is increasing its heat. W3C operates as a focal point of wisdom for the Web in both debates and stands for pragmatic and responsible solutions. This position, in turn, allows W3C to keep out of the confrontation and cater to its role as a platform for compromise and agreement. W3C thus is often cited in the debate by the senate and other governmental bodies in the US. In Europe, W3C congratulated the Rapporteur of the European Parliament for the introduction of Amendment 108 that allows standards to be declared conformant to the future regulation by the Commission upon advice of the data protection board. This could allow Do Not Track to operate in Europe with legal certainty, once the regulation and tracking protection specifications finished, and the recognition procedure accomplished.

Past Achievements of the Activity

The P3P Specification Working Group delivered multiple important milestones for the Web. The most important documents are listed here:

Workshops

  1. Workshop onLanguages for Privacy Policy Negotiation and Semantics-Driven Enforcement (2006)
  2. W3C Workshop on Access Control Application Scenarios (2009)
  3. W3C Workshop on Privacy for Advanced Web APIs (2010)
  4. W3C Workshop on Privacy and data usage control (2010)
  5. Internet Privacy Workshop How can Technology help to improve Privacy on the Internet? (Together with the Internet Architecture Board of the IETF, 2010)
  6. Workshop Privacy on the Federated Social Web (with Böll Foundation, 2011)
  7. Workshop on Web Tracking and User Privacy (2011)
  8. W3C Workshop: Do Not Track and Beyond (2012)

Upcoming Activity Highlights

We hope that the Tracking Protection Working Group will deliver Last Call Drafts on Do Not Track by July. The Privacy Activity has also a horizontal dimension that will be managed by the Privacy Interest Group that coordinates over the public-privacy mailing-list.

Summary of Activity Structure

GroupChairTeam ContactCharter
Tracking Protection Working Group
(participants)
Matthias Schunter, Justin Brookman, Carl CargillNick Doty, Ninja MarnauChartered until 31 December 2015
Privacy Interest Group
(participants)
Christine Runnegar, Tara WhalenNick DotyChartered until 1 December 2014

This Activity Statement was prepared for AC 2014 per section 5 of the W3C Process Document. Generated from group data.

Wendy Seltzer, Privacy Activity Lead

$Id: Activity.html,v 1.379 2014-07-01 14:01:30 sysbot Exp $
Valid XHTML 1.0!