Greetings, I'm Wendy Seltzer, Strategy Lead, Counsel, and relevant to this discussion, chair of the Improving Web Advertising Business Group.

I'm here to share a few recent updates from our privacy-related work, and most importantly, invite you to help.

, why do we care about privacy?

For a variety of interconnected reasons.

Our mission, our users, and sound business.

Privacy is baked into W3C's mission of leading the web to its full potential.

It's one of the areas of horizontal review referenced in charters in the chairs' guide and considered at REC Track transitions.

It's necessary to ensure that we truly have a web for all.

The TAG's Ethical Web Principles deem privacy and security essential and their responsibility to users, enabling them to protect themselves in personal lives, relationships and economic transactions.

Finally, those whose business depends on the web need a trustworthy platform.

Otherwise users, customers, and potential partners will leave for other platforms or decrease their web activities.

Eight in ten Americans told Pew Research Center last year that they think the potential risks of data collection outweigh the benefits.

For the web to succeed, we need to reverse that perception.

We work through voluntary consensus standards.

So we're asking, what can we do such that everyone in the ecosystem, everyone necessary to making the change stick, agrees the change is in their interest.

These principles have animated our work for a long time.

But recent changes put them into the spotlight.

First, there's legal and regulatory demand.

In Europe, the GDPR, the General Data Protection Regulation, introduced new limits on collection and processing of personal data, with new attention to consent.

The California Consumer Privacy Act, CCPA, includes a “Do not sell” provision, amendable to technical signals.

Each of these has people looking for standardized solutions that can enable commerce worldwide.

Browsers, seeking to fulfill their role as user agents, are implementing policies against individually identified cross-site or web-wide tracking.

Linked on this slide, policy statements from Apple WebKit, Google Chromium, Microsoft Edge, Mozilla Firefox, and Brave.

While they differ in detail, each indicates plans to restrict what has been an accidental feature of the web.

That brings new attention to storage that may be long lived or accessible across sites, including cookies and fingerprinting, exposed features or parameters that enable parties to identify the browser uniquely and to share that identification across sites, linking the activity.

The community at large recognizes the impact that privacy changes may have on the web's operation and has gathered in several groups to discuss and plan for the future.

Several groups address privacy specifically at W3C.

I'm going to focus on three with new or renewed activity, the Privacy CG, Improving Web Advertising BG, and PING, the Privacy Interest Group.

I'll also note that our security groups work on specs that support privacy guarantees: WebAppSec and WebAuthn.

The TAG, as mentioned, includes privacy among its Ethical Web Principles and the reviews that it does of work in progress.

And all of our groups participate in security and privacy self-reviews and consider, in conjunction with us, the privacy implications of their specs.

The Privacy Community Group has set as its mission to incubate privacy-focused web features and APIs to improve user privacy on the web through enhanced browser behavior.

Since its beginning at the beginning of this year, 2020, it's attracted 264 participants in a hundred organizations as of the beginning of October.

Privacy CG accepts proposals for new browser features or behavior, explainers describing a user-facing problem that needs to be solved and how the authors propose to solve it.

It seeks demonstrations that they're likely to lead to independent interoperable implementations, at which point they can be adopted as Community Group work items.

In early October, there are 14 open proposals, and five work items under discussion.

Client side storage partitioning, first-party sets, the IsloggedIn API, private click measurement, and the storage access API.

The group has had two virtual face-to-face meetings with robust discussion of proposals and work items, as well as the privacy principles underlying them.

When ready for migration, work items would head to an existing or new W3C working group or to another standards group, for example, to the WHAT Working Group for updates to the HTML specification.

The Privacy CG takes browser behavior as its starting point.

The Improving Web Advertising Business Group starts from the advertising ecosystem.

But that's much bigger than advertisers.

In early October we have 257 participants and 93 organizations, and that includes browsers, publishers, advertisers, Ad tech, privacy organizations, and researchers.

The Open Web depends on ways for creators and publishers, small and large, to support their work,

to monetize it without siloing into subscription walls.

Advertising has evolved along with the commercial web and it's been increasingly reliant on tracking cookies and fingerprint.

As we see browsers reducing unwanted cross-site tracking, we're looking for privacy-preserving monetization alternatives

by reaching back to use cases such as reporting, conversion measurement, optimization, and ad auctions, and then building new primitives specifically to serve them,

we can offer better measurement and advertising support with tools that users are less likely to reject because these tools respect users' privacy demands.

The Business Group helps to develop use cases and review proposals for spec work that might then incubate in the Privacy CG or Web Platform Incubator CG, or the WICG.

[The Privacy Interest Group's review work is discussed in a separate presentation on Horizontal Review.]

[PING maintains, with TAG, the privacy and security self-review; and is developing additional guidance such as the target privacy threat model.]

As we move forward where will new privacy work go?

Look for it headed-to discussion in the Web Advertising Business Group, potential new Interest Groups, including one under advance notice now.

A discussion also takes place in the TAG, the Advisory Board and the AC.

Feel free to use AC-Forum to share thoughts.

Incubation: the Web Platform Incubator Community Group and Privacy Community Group are both homes for new privacy specs in development.

When things are ready to migrate from incubation to spec work, they might fit into the charter of the existing Web Application Security Working Group.

Or we might find that we need a new group and you'd see advance notice and proposed draft charters for new Working Groups.

I hope you'll comment on those as they come through.

Sometimes we also send privacy work through external liaisons, with the WHAT Working Group, with IETF, and IAB Tech Lab is participating in the Web Advertising Business Group.

Leading up to our interactive session I want to share some of the open questions facing the Team, the Consortium and the community.

For example, how do we manage the trade-off among stakeholders and interests?

How do we help the web ecosystem inter-operate across differing timelines and product plans?

How do we address fundamental differences of opinion and priorities?

How do we bring together similar proposals with different threat models?

If you have thoughts on these questions or other questions you'd like us to be asking and answering, please bring those to the interactive session on October 20th, the Advisory Committee meeting, Shared them in GitHub, share them in the strategy funnel, or in AC-Forum.

Finally, some requests from you.

If you're an Advisory Committee member please help us review new work proposals as they come forward.

When you see an advance notice of work in progress, that's our signal we're considering an area and we'd love to hear from the community whether this fits your needs.

Is it something you'd like to participate in?

Is it something you're uninterested in, but don't mind if somebody else works on?

Is it something you think would be bad for the web?

Do you understand the proposal?

Or do we need to clarify to help you understand better, so that you can make an informed choice when it comes up for AC review?

And when it comes for AC review, we'd love to hear from you, even if it's just an abstention to say you read it, but don't have anything to say in this particular review request.

Of course the work depends tremendously on the community participation.

So we're also asking when you see new work that's relevant to you, please send us participants, chair candidates, editors if you have people who are available to do the work.

And consider looking deep within your company to see who might you send, who isn't ordinarily represented in W3C.

We want to hear all perspectives and all experiences in our work.

And we really value the opportunity to bring new participants in.

Team is here to help all of the participants do their most effective work here.

To chairs, we remind you, as you're working with groups that are producing documents or guidelines or specification recommendations, consider the privacy implications of all of this work.

The security and privacy self-review is one place to start.

And that includes a question to you: What did this guide miss that you'd like to see next time that could have made your work easier?

So help us improve the document by telling us what you've learned from it and what you wish you'd seen there to help the next groups coming through.

Ask PING early and often for input because that group of participants is eager to help improve all of our spec development as well.

And finally, thank you very much.

We look forward to the interactive discussion.