W3C Council Report on the Formal Objections Against the Privacy Principles as a Statement

Council Report,

Copyright © 2025 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.

1. Introduction

The Web Privacy Principles Task Force, which was convened by the Technical Architecture Group (TAG), developed the Privacy Principles as a Group Note, with the goal to provide definitions for privacy and related concepts that are applicable worldwide as well as a set of privacy principles that should guide the development of the web as a trustworthy platform.

The TAG, judging that the document had sufficiently matured and that it fulfilled the appropriate W3C criteria, requested its publication as a W3C Statement.

Two Members of W3C raised Formal Objections against this publication, citing a variety of arguments. A detailed exposition of this case may be found in the report prepared by the W3C Team.

A Council was then formed to rule on these objections. Subsequently, a third Formal Objection was raised against the same decision, which therefore also came under the scope of this Council. This Council Report documents the conclusions of this Council.

2. Decision

The first Formal Objection was resolved by consensus.

For the second Formal Objection, the Council resolved to overrule the objection.

For the third Formal Objection, the Council also resolved to overrule the objection.

The document may proceed to Statement.

3. Rationale

The first objection was disposed by consensus; the rationale for overruling the second and third are given below.

3.1. Rationale for Addressing First Formal Objection

For the first Formal Objection, the TAG was able to dispose of most of the points by consensus prior to the formation of the Council, leaving two remaining objections for the Council to address: regarding the use of the word “ancillary” and the use of the word “retaliation”. The Council, realizing that the impasse was a result of a lack of clarity in the document, was able to broker consensus on improved wording for both these cases, disposing of this objection entirely.

See PR#459 clarifying “ancillary” and PR#458 clarifying “retaliation” and the resulting 24 March 2025 Privacy Principles Group Note.

3.2. Rationale for Overruling Second Formal Objection

The Council considered that the points raised in the second objection could be organized into 4 main claims, which were rejected for the reasons given below.

3.2.1. Preference for a “challenges and opportunities” document

This document does not claim exclusivity on the topic of privacy. Others are welcome to write a different document, framed as a look into challenges and opportunities if they so desire, and to seek the endorsement of the W3C community. The Council does not consider the fact that other documents could be written to constitute justifiable reason to block or delay publication of these Privacy Principles.

3.2.2. Recommendations in the document being too vague

The document is a principles document, not a technical specification, and as such, does not need the same level of precision. Feedback proposing specific clarifications to specific points is welcome and encouraged, but in the absence of such proposals, the document has been judged useful as it is by a meaningful portion of the W3C community, and the Council does not see any benefit in blocking or delaying its publication.

3.2.3. Privacy Principles being out of scope for a technical standards body

The Council refers to an earlier decision on the Formal Objection Against Ethical Web Principles as a Statement as precedent for this case, and reaffirms that Technology is not ethically or morally neutral. W3C has a long history that embeds its core values and principles in the Web’s architecture.

3.2.4. Privacy Principles interfering with free market competition

The Council judges the arguments about interference with competition to be misguided, for multiple reasons:

3.3. Rationale for Overruling Third Formal Objection

The third Formal Objection had seven sub-points, and the Council rejected all of them as explained below:

3.3.1. Publication of a Document not Endorsed by the Whole W3C

This part of the objection complains about text that is required by the W3C publication rules. This part of the objection is irrelevant because the text won’t be present in the final Statement (which will be endorsed by W3C, in accordance with the Process). The objection is also incorrect about the text as used in Group Notes: all W3C Groups operate inside the W3C and, as subsets of the W3C, always have the possibility of endorsing documents that don’t yet have full W3C endorsement.

3.3.2. Distinguishing Visitor Data and Site Data

It would be a good exercise for a future revision of this document to more explicitly distinguish personal from non-personal data. But even without such editorial improvements, because uses of the term “data” almost always link to the definition of “personal data”, we don’t think the risk of good-faith confusion is high enough to block publication as a Statement.

Principle 2.4, about not all information being sensitive, doesn’t say that non-sensitive data is not personal data. Principle 2.6 discusses data for which there is high confidence that the data can’t be tied to a person, but as many incidents have shown, it’s often possible to re-identify people from data that was thought to be de-identified. Neither of these contradict Section 2.2’s data minimization principles.

This piece of the objection also raises the point that websites deserve to be able to protect themselves from fraud by users. That’s true, given a suitable understanding of “fraud”, but as the How This Document Fits In section describes,

While [the Privacy Principles document] focuses on privacy, this should not be taken as an indication that privacy is always more important than other ethical web principles, and this document doesn’t address how to balance the different ethical web principles if they come into conflict.

Figuring out how to balance privacy against other principles is the domain of the Ethical Web Principles, for example in its issue #71.

3.3.3. User Agents Providing Choices for Users

A statement that user agents should be able to “provide appropriate choices for their users” does not imply that user agents are the only entities that should provide appropriate choices, nor does it conflict with Principle 2.11.2 that more information should be available to help with those choices.

3.3.4. Excluding De-identified Data from Privacy Concerns

Principle 2.6 recommends working with de-identified data. There is a high degree of confidence that de-identified data isn’t personal, but that’s not a guarantee, and there is a long history of incidents in which data thought to be de-identified turned out to be identifiable.

This part of the objection also reiterates the request to distinguish “personal data” from other data, which we address elsewhere.

3.3.5. Surveillance as a Loaded Term

The principle in question is:

User agents should not tell an administrator about user behavior except when that disclosure is necessary to enforce reasonable constraints on use of the device or software. Even when a disclosure is reasonable, user agents must ensure their users know about this surveillance.

Its use of “surveillance” fits exactly with the Wikipedia definition of surveillance:

Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing, or directing.

It’s not evident that this use of “surveillance” is unfair or not neutral. Furthermore, as decided in the Council Report on the Ethical Web Principles, “Technology is not ethically or morally neutral”, and W3C’s documents don’t need to pretend to be neutral either. The principle explicitly admits the existence of “reasonable” surveillance, which further reduces any issues with non-neutral language. It’s possible that a future version of the document could add other exceptions to the principle, but this objection does not describe any such exceptions, and we don’t believe such omissions are problematic enough to block publication of this Statement.

3.3.6. Interruptions as a Privacy Concern

Daniel Solove‘s A Taxonomy of Privacy includes “intrusion” as a privacy violation in section D.1. The Privacy Principles document treats unnecessary interruptions, including consent requests, as a kind of intrusion. See also Principle 2.13.

3.3.7. Manipulation

The referenced principle is fair in saying that “notifications and other interruptive UI ... can be used to manipulate behavior”, because they can, in fact, be used that way, and they sometimes are. Also, this piece of the objection assumes that W3C documents need to use neutral language in all cases, which is incorrect as described above.

4. Recommendations

The Council recommends that the TAG ensure in the next version that each instance of the term “data” whose intended interpretation is not otherwise clear from its context be clarified (without relying on being a link to a definition).

Appendix A: Council Participation

The Council was formed on 2024-12-09 from the members of the TAG and the AB, plus the CEO. No-one renounced their seats on the Council; no-one was dismissed. Therefore, the actual membership of this council was:

Elika Etemad was appointed as chair.

Of those qualified to serve, the following participated in the decision:

Of those qualified to serve, the following failed to respond to the call for consensus:

The decision was made by consensus.