W3C Workshop on Permissions and User Consent

September 26-27, 2018; San Diego, California

Call For Participation

Sensors, devices, and rich Web APIs bring novel and complex threats to user privacy along with their heightened capabilities. Users may have trouble understanding the nature of the information they disclose and the threats presented by those disclosures. Deciding when and how to seek a user’s consent (“permission”) or when that consent can be inferred or bypassed has been challenging, with different APIs, operating systems, and browsers handling things in different ways. Both web applications and native applications face similar challenges in this space, and both are in scope for this workshop.

The W3C Workshop on Permissions and User Consent brings together security and privacy experts, UI/UX researchers, browser vendors, mobile OS developers, API authors, Web publishers and users to address the privacy, security and usability challenges presented by the complex and overlapping variety of permissions and consent systems that are currently presented for hardware sensors, device capabilities and applications on the Web.

The scope includes:

We aim to share experiences and user studies, leading to common understanding of when and how to seek user consent for use of various Web platform capabilities. We expect this workshop to lead to concrete and consistent guidance for API authors and implementers and to identify areas for further standardization or research. An important take-away from this workshop should be guidance on how Permissions APIs should be designed, both now and in the future, considering the rapid evolution of the web platform.

This workshop will build on the meeting on trust and permissions for Web applications held in 2014.

The W3C Workshop on Permissions and User Consent is oriented toward applications and how they mediate access to local resources and data. For consent in the sense of the GDPR, the Data Privacy Vocabularies and Controls CG (which was created as an outcome of the W3C Workshop on Privacy and Linked Data) may be of interest. Both initiatives may benefit from each other in the future as GDPR-consent will also need user interaction.

How can I participate?

Attendance is free for all invited participants and is open to the public, whether or not W3C members.

If you wish to express interest in attending, please fill out the application form. The application form asks several questions about your background and ideas; please give these questions serious thought. In addition to the application form, you are encouraged to submit a presentation topic in the form of a position statement.

Because the venue has limited space, you must receive an acceptance email in order to attend. You might wish to defer making non-refundable travel arrangements until you receive an invitation. Be sure to keep an eye on these important dates.

Our aim is to get diverse attendance from a variety of industries and communities, including:

How can I suggest a presentation?

This is a workshop, not a conference, and any presentations will be short, with topics suggested by submissions and decided by the chairs and program committee. Our goal is to actively discuss topics, not to watch presentations.

In order to best facilitate informed discussion, we encourage attendees to read the accepted topics prior to attending the workshop.

If you wish to present on a topic, you should submit a position statement by the deadline (see important dates). Our program committee will review the input provided, and select the most relevant topics and perspectives.

A good position statement should be a few paragraphs long and should include:

Please email statements to the program committee at group-permissions-ws-pc@w3.org.


The Workshop will be held at Qualcomm’s offices in La Jolla, California. The closest airport is San Diego (SAN).


More details to be announced.

Program Committee

Committee Members

Code of Conduct

Participants in this workshop, as in all W3C activities, are expected to follow the W3C code of ethics and professional conduct and treat each other with respect, professionalism, fairness, and sensitivity to our many differences and strengths.

Issues of inappropriate behavior may be raised with the W3C Ombuds (offline), with designated volunteers at the event, or with any member of the Program Committee.

What is W3C?

W3C is a voluntary standards consortium that convenes companies and communities to help structure productive discussions around existing and emerging technologies, and offers a Royalty-Free patent framework for Web Recommendations. W3C develops work based on the priorities of our members and our community.