W3C Workshop on Permissions and User Consent

September 18-19, 2018; San Diego, California

Call For Participation

Sensors, devices, and rich Web APIs bring novel and complex threats to user privacy along with their heightened capabilities. Users may have trouble understanding the nature of the information they disclose and the threats presented by those disclosures. Deciding when and how to seek a user’s consent (“permission”) or when that consent can be inferred or bypassed has been challenging, with different APIs, operating systems, and browsers handling things in different ways.

This workshop brings together security and privacy experts, UI/UX researchers, browser vendors, mobile OS developers, API authors, Web publishers and users to address the privacy, security and usability challenges presented by the complex and overlapping variety of permissions and consent systems that are currently presented for hardware sensors, device capabilities and applications on the Web.

The scope includes:

We aim to share experiences and user studies, leading to common understanding of when and how to seek user consent for use of various Web platform capabilities. We expect this workshop to lead to concrete and consistent guidance for API authors and implementers and to identify areas for further standardization or research. An important take-away from this workshop should be guidance on how Permissions APIs should be designed, both now and in the future, considering the rapid evolution of the web platform.

This workshop will build on the meeting on trust and permissions for Web applications held in 2014.

How can I participate?

Attendance is free for all invited participants and is open to the public, whether or not W3C members.

If you wish to express interest in attending, please fill out the registration form.

Because the venue has limited space, you must receive an acceptance email in order to attend. Also, be sure to keep an eye on these important dates.

In addition to the registration form, you are encouraged to submit a presentation topic in the form of a position statement.

Our aim is to get diverse attendance from a variety of industries and communities, including:

How can I suggest a presentation?

This is a workshop, not a conference, and any presentations will be short, with topics suggested by submissions and decided by the chairs and program committee. Our goal is to actively discuss topics, not to watch presentations.

In order to best facilitate informed discussion, we encourage attendees to read the accepted topics prior to attending the workshop.

If you wish to present on a topic, you should submit a position statement by the deadline (see important dates). Our program committee will review the input provided, and select the most relevant topics and perspectives.

A good position statement should be a few paragraphs long and should include:

Please email statements to the program committee at group-permissions-ws-pc@w3.org.


The Workshop will be held at Qualcomm’s offices in La Jolla, California. The closest airport is San Diego (SAN).


More details to be announced.

Program Committee

Committee Members

Code of Conduct

Participants in this workshop, as in all W3C activities, are expected to follow the W3C code of ethics and professional conduct and treat each other with respect, professionalism, fairness, and sensitivity to our many differences and strengths.

Issues of inappropriate behavior may be raised with the W3C Ombuds (offline), with designated volunteers at the event, or with any member of the Program Committee.

What is W3C?

W3C is a voluntary standards consortium that convenes companies and communities to help structure productive discussions around existing and emerging technologies, and offers a Royalty-Free patent framework for Web Recommendations. W3C develops work based on the priorities of our members and our community.