Privacy/Privacy protection principles
Abstract
This document offers principle and guidance for privacy protection in the web environment. It aims to make designers, implementers, and those who deploy W3C specifications aware of privacy protection principles and help them put these principles into practice effectively.
Privacy protection principles
Clear purpose principle
The purpose of collecting and processing private information should be clear, specific and reasonable.
Determine the purpose
Risk assessment
Purpose change handling
Fake name processing
Agreement principle
The purpose, method and scope of collecting and processing private information should be noticed and agreed by the information owner beforehand.
Notice beforehand and provide selection option
Get agreement from information owner
Anonymous processing
Minimum usage principle
Only the minimum information should be collected and processed to achieve the usage purpose. After the usage purpose is achieved, private information should be deleted as soon as possible. The usage scope should be limited and the purpose should not be changed without noticing the information owner. [I think this sentence belongs under usage: --Charles McCathie Nevile (talk) 17:36, 15 September 2016 (UTC)]
Question: What if the purpose is to collect, and hold long-term, information about the user?
Question: What if the purpose is to monetise information about the user in order to fund a service?
Define the minimum elements
Minimize accessing privacy information
Privacy information preserving limitation
Clear communication principle
The information owner should be told, in clear and easy to understand language.
- What information will be collected, and how.
- How it will be used, when it will be combined with other information or shared with others, and when it will be deleted
Notice methods
Notice time
Notice before disclosure
Exceptions without notice
Accident notice
Quality guarantee principle
During the collecting and processing of privacy-sensitive information, the quality should be guaranteed to assure integrity, usability and timeliness.
Guarantee the quality of privacy-sensitive information
Verify the modification request from information owner
Security assurance principle
Management measures and technical methods adapted to the security risks should be adopted to protect private information. Private information should be protected against unauthorized disclosure.
Security rules
Privacy protection strategies and processes
Security protection measures
Incident disposition and incident response
Security auditing
Individual participation principle
Simple and convenient mechanisms should be provided to the information owner to query, update and delete his/her private information.
Individual participation mechanisms
Query mechanism
Update mechanism
Delete mechanism
Retrieval mechanism
Clear responsibility principle
The responsibility should be made clear during the collecting and processing private information. And corresponding measures should be taken for the responsibilities.
Legal verification
Security incident notice
Security incident report
Disclosure limitation principle
When the information is disclosed, the agreement from information owner should be obtained, or the information should be anonymized.
Disclosure condition
Delegation handling
Third party disclosure
Author
Edited by Kepeng Li, kepeng.lkp@alibaba-inc.com some comments and edits by Chaals McCathie Nevile, Yandex