Position Paper
W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement

Last Changed
$Date: 2006/09/16 14:40:39 $
Thomas Roessler <tlr@w3.org>
Rigo Wenning <rigo@w3.org>

About W3C

The World Wide Web Consortium (W3C) develops interoperable technologies (specifications, guidelines, software, and tools) to lead the Web to its full potential. W3C is a forum for information, commerce, communication, and collective understanding.

Using a rigorous Process, W3C produces specifications, called Recommendations. A W3C Recommendation is a specification or set of guidelines that, after extensive consensus-building, has received the endorsement of W3C Members and the Director. W3C recommends the wide deployment of its Recommendations. W3C Recommendations are similar to the standards published by other organizations.

Before initiating recommendation track work, the W3C Team often organizes Workshops and Symposia to promote early involvement in the development of W3C Activities from Members and the public. The goal of a Workshop is usually either to convene experts and other interested parties for an exchange of ideas about a technology or policy, or to address the pressing concerns of W3C Members.

W3C's Past Privacy Work: P3P

The Platform for Privacy Preferences (P3P) 1.0 Recommendation was issued in April 2002 after five years of intense development. P3P allows people to define and publish their Web site privacy policies, and helps automate how those policies are read. P3P also gives users control over the use of their personal information on Web sites they visit, promoting trust and confidence in the Web. The impact of the transparency established by P3P is already visible as people start to think about privacy while planning their workflow and the usage of cookies.

P3P has laid foundations on which much of the current research about privacy languages, including PRIME, builds.

The Privacy Activity continues to improve existing work and expand the scope of P3P. The P3P Specification Working Group took up the short-term improvements suggested by the W3C Workshop on the Future of P3P. Most prominently, new guidelines for user agents and interfaces were added to the P3P version 1.1 work in progress.

P3P is well established out in the community but it still lacks a decent user agent implementation. While Web sites embraced P3P, user agents still have a rather homegrown cookie management. Solutions are based on first guesses about meaning and impact of the cookie used by a server. Limitations of current implementations may provide new momentum for P3P among browser developers. Initiatives like MozPETs already exist and contact with them has been established.

For those wishing to understand the goals and achievements of P3P 1.1, the position papers and reports from the W3C Workshops in 2002 and 2003 are recommended reading. The P3P Specification Working Group has recently published a Last Call Working Draft of the P3P 1.1 Specification, and has fulfilled all the deliverables from its original charter.

Challenges for Privacy Policy Languages

W3C's 2003 P3P 2.0 Workshop was a first attempt to map the territory of enterprise privacy, and its connection to P3P. Challenges identified at this workshop included:

To address these challenges, user-facing policy languages such as P3P need to be connected to back-end processes: While rules and policies that describe back-end processing operate with much more fine-grained, and sometimes enterprise-specific, vocabularies, they must be connected to P3P-like privacy policies in a way that enables proofs of enforcement relationships. When data and policies cross enterprise boundaries, interoperability of policy languages becomes critical: Policies need to be composed in a way that enables the combined processing to enforce the promises made toward the user. Requirements derived from this use case include the need to compose privacy policies, and the need to describe the relationships between different enterprise-specific vocabluaries in a formal and machine-readable way.

Once we are able to connect privacy metadata to the data infrastructure of the backend, the next challenge is to preserve the metadata if data and personal data is transported across enterprise borders. This will help many services and enterprises to easier share personal information while preserving privacy. This goal is also explicitly mentioned in the OECD Guidelines and the European data protection Directive. Both texts assume that a high level of protection across jurisdictions will contribute to the ease of transfer of personal data that is so vital for commerce and for the economy at large. W3C explores its possibilities to help this goal with technical means, notably privacy enhancing technologies.

Emerging services and technologies on the Web create new and additional challenges: Increasingly, the value of services offered online relates directly to personal or sensitive data that are being processed; be it social networks, photo sharing and annotation services, or mash-ups between these different services; be it that identifiers are shared between search engines and social networking sites. Users may be willing to give up identifying information to a social networking site, but they might be less inclined to permit linking of their social networking information to their search history, their blog reading habits, and their image searches. How can preferences that ultimately concern limits to the linking of data that exists at a single company be expressed? How can policies that describe the linking of data be formulated machine-readably, and how can they be matched to the user's preferences? How does the design of privacy policy languages tie to the observation that, e.g., search terms that are voluntarily entered by users place a lot of personal information in the hands of search engine operators -- even though these operators don't even ask for tha tinformation?

Semantic Web: A tool for data mining and privacy protection alike

The Semantic Web provides a common framework that allows data to be shared and reused across application, enterprise, and community boundaries. It is a collaborative effort led by W3C with participation from a large number of researchers and industrial partners. It is based on the Resource Description Framework (RDF), which integrates a variety of applications using XML for syntax and URIs for naming.

Semantic Web technology delivers increasingly sophisticated tools for aggregating and mining data from heterogeneous sources. Use cases served range from life sciences to intelligence, from mining medical publications to mining social networks. Privacy paradigms for the semantic web are an area of ongoing research. In this context, notions of accountability and transparency are often used to complement more traditional privacy approaches.

At the same time, Semantic Web technologies are a powerful weapon in the hands of those who develop privacy-enhancing technologies: It delivers tools that can be used to bring together privacy policies and data models across enterprises. Ontologies can be used to model policy enforcement relationships, credentials, and regulations, and to support the mixing and matching of privacy policies across services.

The diverse data that the Semantic Web makes available can help support decisions by advanced access control systems, and thereby help to protect the privacy of personal data online.

$Id: Overview.html,v 1.1 2006/09/16 14:40:39 roessler Exp $