Purposeful Permissions - Adding data use information to permission prompts
- Past
- Confirmed
- Breakout Sessions
- Past
- Confirmed
- Breakout Sessions
Meeting
Today’s web users often encounter permission prompts that lack context about why a website needs specific permissions and how the data will be used. While developers strive to provide context, the current approach lacks structure and consistency across websites. This session will explore options to add purpose declarations or other trustworthy, explainable contextual information to a permission request to bridge this gap and bring users greater transparency on how their data is used.
The discussion will focus on:
- Use cases that might benefit or provide particular requirements for declarative contextual information, including access to information from government-issued credentials.
- The potential roles of different stakeholders, including browser vendors, developers, and standardization bodies, in driving such an initiative forward.
- Possible declaration options with various granularity levels spanning from links to the privacy policy to a fully fledged label system for data types and purposes of use.
- Key challenges and opportunities in implementing purpose declarations for permission-gated capabilities.
Agenda
Chairs:
Alexandra Reimers, Nick Doty, Serge Egelman
Description:
Today’s web users often encounter permission prompts that lack context about why a website needs specific permissions and how the data will be used. While developers strive to provide context, the current approach lacks structure and consistency across websites. This session will explore options to add purpose declarations or other trustworthy, explainable contextual information to a permission request to bridge this gap and bring users greater transparency on how their data is used.
The discussion will focus on:
- Use cases that might benefit or provide particular requirements for declarative contextual information, including access to information from government-issued credentials.
- The potential roles of different stakeholders, including browser vendors, developers, and standardization bodies, in driving such an initiative forward.
- Possible declaration options with various granularity levels spanning from links to the privacy policy to a fully fledged label system for data types and purposes of use.
- Key challenges and opportunities in implementing purpose declarations for permission-gated capabilities.
Goal(s):
- Foster discussion and gather insights from various stakeholders on the development and implementation of permission purpose declarations.
- Describe promising methods to provide purpose declarations and context for permission requests and identify volunteers who want to explore them, for future incubation and research, in credentials and other APIs.
Materials:
Track(s):
- Permissions
Minutes
Read minutesExport options
Personal Links
Please log in to export this event with all the information you have access to.
Public Links
The following links do not contain any sensitive information and can be shared publicly.