Expression of Interest:

Jan Schallaböck — iRights

For a privacy researcher also involved with researching transparency, consent and control, this workshop raises numerous relevant questions in the field.

One of the core questions of interest would be, how to ensure that only the information needed is provided by a device. One of the possible approaches to support this, might be agreeing on an architecture, where the part in charge of the actual transmission of the information between apps, and/or the cloud/internet must be open sourced, and fulfill certain auditing capabilities.

Privacy policies should reflect the exact types of data, which collected, stored, processed and - where applicable - transferred, amongst other things. A predefined structure for such policy statements, with partial machine readability would facilitate user transparency. Although many users may not be inclined to read such comprehensive statements, they still must be available, for those that are. Such demand may also arise, ex post, i.e. after subscribing to a service/installing an app. To facilitate comprehension, a multi-layer approach should be developed and standardized. Besides the comprehensive policy, a more legible, easier form of the policy should represent the core aspects.

The results of this workshop could also be fed into the preliminary work on a potential standard within ISO/IEC, where its JTC 1/SC 27/WG 5 on privacy technologies is currently considering a study period on consent and privacy policies.

---

Created from email by Rigo: $Id: schallaboeck.html,v 1.2 2014/11/11 20:47:45 rigo Exp $