Call For Participation
Sensors, devices, and rich Web APIs bring novel and complex threats to user privacy along with their heightened capabilities. Users may have trouble understanding the nature of the information they disclose and the threats presented by those disclosures. Deciding when and how to seek a user’s consent (“permission”) or when that consent can be inferred or bypassed has been challenging, with different APIs, operating systems, and browsers handling things in different ways. Both web applications and native applications face similar challenges in this space, and both are in scope for this workshop.
The W3C Workshop on Permissions and User Consent brings together security and privacy experts, UI/UX researchers, browser vendors, mobile OS developers, API authors, Web publishers and users to address the privacy, security and usability challenges presented by the complex and overlapping variety of permissions and consent systems that are currently presented for hardware sensors, device capabilities and applications on the Web.
The scope includes:
- user consent;
- bundling of permissions;
- lifetime/duration of permissions;
- permission inheritance to iframes and other embedded elements;
- relation to same origin policy;
- UIs and controls;
- interaction with private browsing modes;
- implicit permission grants;
- progressive permission grants;
- cross-stack permissions: how OS, browser, and web app permissions interact;
- permission transparency;
- relation to regulatory requirements;
- special considerations for systems that use the browser as a pass-through (e.g. EME and Web Authentication); and
- permissions/transparency/UI as it relates to display-less devices that connect to the Internet.
We aim to share experiences and user studies, leading to common understanding of when and how to seek user consent for use of various Web platform capabilities. We expect this workshop to lead to concrete and consistent guidance for API authors and implementers and to identify areas for further standardization or research. An important take-away from this workshop should be guidance on how Permissions APIs should be designed, both now and in the future, considering the rapid evolution of the web platform.
This workshop will build on the meeting on trust and permissions for Web applications held in 2014.
The W3C Workshop on Permissions and User Consent is oriented toward applications and how they mediate access to local resources and data. For consent in the sense of the GDPR, the Data Privacy Vocabularies and Controls CG (which was created as an outcome of the W3C Workshop on Privacy and Linked Data) may be of interest. Both initiatives may benefit from each other in the future as GDPR-consent will also need user interaction.
How can I participate?
Attendance is free for all invited participants and is open to the public, whether or not W3C members.
If you wish to express interest in attending, please fill out the application form. The application form asks several questions about your background and ideas; please give these questions serious thought. In addition to the application form, you are encouraged to submit a presentation topic in the form of a position statement.
Because the venue has limited space, you must receive an acceptance email in order to attend. You might wish to defer making non-refundable travel arrangements until you receive an invitation. Be sure to keep an eye on these important dates.
Our aim is to get diverse attendance from a variety of industries and communities, including:
- User and usability researchers;
- Privacy researchers;
- Regulators / policymakers;
- Privacy advocates; and
- Persons with expertise and/or experience related to accessibility, multilingual requirements, low connectivity environments, and the particular privacy needs of vulnerable individuals or communities
How can I suggest a presentation?
This is a workshop, not a conference, and any presentations will be short, with topics suggested by submissions and decided by the chairs and program committee. Our goal is to actively discuss topics, not to watch presentations.
In order to best facilitate informed discussion, we encourage attendees to read the accepted topics prior to attending the workshop.
If you wish to present on a topic, you should submit a position statement by the deadline (see important dates). Our program committee will review the input provided, and select the most relevant topics and perspectives.
A good position statement should be a few paragraphs long and should include:
- Your background in the main topic areas of the workshop.
- Which topic you would like to lead discussion on.
- Links to related supporting resources.
- Any other topics you think the workshop should cover in order to be effective.
- A focus on technical issues, not process or platform preference. We plan to talk about the what, not the how.
- Position statements must be in English, preferably in HTML or plain-text format. You may include multiple topics, but we ask that each person submit only a single coherent position statement. The input provided at registration time (e.g., bio, goals, interests) will be published and linked to from this workshop page.
- Submissions should be between 200 and 1000 words.
Please email statements to the program committee at firstname.lastname@example.org.
The Workshop will be held at Qualcomm’s offices in La Jolla, California. The closest airport is San Diego (SAN).
More details to be announced.
- Marcos Caceres, Mozilla
- Nick Doty, UC Berkeley
- Jo Franchetti, Samsung
- Ilaria Liccardi, MIT
- Joseph Lorenzo Hall, CDT
- Jen King, Stanford University, Center for Internet and Society
- Giridhar Mandyam, Qualcomm
- Jason Novak, Apple
- Lukasz Olejnik, independent researcher, W3C TAG
- Christine Runnegar, Internet Society
- Florian Schaub, University of Michigan
- Katie Shilton, University of Maryland
- Vincent Toubiana, ARCEP
- Jessica Vitak, University of Maryland
- Samuel Weiler, W3C
- Tara Whalen, Google
- Jeffrey Yasskin, Google
Code of Conduct
Participants in this workshop, as in all W3C activities, are expected to follow the W3C code of ethics and professional conduct and treat each other with respect, professionalism, fairness, and sensitivity to our many differences and strengths.
Issues of inappropriate behavior may be raised with the W3C Ombuds (offline), with designated volunteers at the event, or with any member of the Program Committee.
What is W3C?
W3C is a voluntary standards consortium that convenes companies and communities to help structure productive discussions around existing and emerging technologies, and offers a Royalty-Free patent framework for Web Recommendations. W3C develops work based on the priorities of our members and our community.