Information

Purposeful Permissions - Adding data use information to permission prompts
  • Past
  • Confirmed
  • Breakout Sessions

Meeting

Event details

Date:
Pacific Daylight Time
Status:
Confirmed
Location:
4 Concourse Level - Oceanside
Participants:
David Baron, Christian Biesinger, Tim Cappalli, Ari Chivukula, Alexander Cooper, Brian Daugherty, Guohui Deng, Nick Doty, Serge Egelman, Balazs Engedy, Mark Foltz, Sam Goto, Lu Huang, Eric Kinnear, Mirja Kühlewind, Minh Anh Le, Don Marti, Penelope McLachlan, Theodore Olsauskas-Warren, Simon Pieters, Alexandra Reimers, Vincent Scheib, Wendy Seltzer, Zacharias Törnblom, Mike West, Noreen Whysel, Michael Wilson, Emma Zuehlcke
Big meeting:
TPAC 2024 (Calendar)

Today’s web users often encounter permission prompts that lack context about why a website needs specific permissions and how the data will be used. While developers strive to provide context, the current approach lacks structure and consistency across websites. This session will explore options to add purpose declarations or other trustworthy, explainable contextual information to a permission request to bridge this gap and bring users greater transparency on how their data is used.

The discussion will focus on:

  • Use cases that might benefit or provide particular requirements for declarative contextual information, including access to information from government-issued credentials.
  • The potential roles of different stakeholders, including browser vendors, developers, and standardization bodies, in driving such an initiative forward.
  • Possible declaration options with various granularity levels spanning from links to the privacy policy to a fully fledged label system for data types and purposes of use.
  • Key challenges and opportunities in implementing purpose declarations for permission-gated capabilities.

Agenda

Chairs:
Alexandra Reimers, Nick Doty, Serge Egelman

Description:
Today’s web users often encounter permission prompts that lack context about why a website needs specific permissions and how the data will be used. While developers strive to provide context, the current approach lacks structure and consistency across websites. This session will explore options to add purpose declarations or other trustworthy, explainable contextual information to a permission request to bridge this gap and bring users greater transparency on how their data is used.

The discussion will focus on:

  • Use cases that might benefit or provide particular requirements for declarative contextual information, including access to information from government-issued credentials.
  • The potential roles of different stakeholders, including browser vendors, developers, and standardization bodies, in driving such an initiative forward.
  • Possible declaration options with various granularity levels spanning from links to the privacy policy to a fully fledged label system for data types and purposes of use.
  • Key challenges and opportunities in implementing purpose declarations for permission-gated capabilities.

Goal(s):

  • Foster discussion and gather insights from various stakeholders on the development and implementation of permission purpose declarations.
  • Describe promising methods to provide purpose declarations and context for permission requests and identify volunteers who want to explore them, for future incubation and research, in credentials and other APIs.

Materials:

Track(s):

  • Permissions

Minutes

 Read minutes

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.