[Wg-p3] privacy commons

Colin Wallis colin_wallis at hotmail.com
Wed Oct 21 05:40:02 EDT 2009

Greetings all

>From a technical perspective this is very close to an extended form of 'ye olde consent service'.

It so happens that eGov is collecting requirements to give to ID-WSF Evo since they think that the ID-WSF Interaction Service does the job. We don't think it does.

Due to our own Privacy legislation in NZ (not too different from many others like DK, US, CA etc), the user has to give consent to any release of PII - be it direct, or to a user agent application where the user can set rules, so the application can handle some tasks on the users behalf.  

It would be great to have P3WG's requirements and we can collectively go talk to the web people - be they ID-WSF Evo WG. Identity Services WG or whomever..

From: info at smartspecies.com
To: futureidentity at fastmail.fm
Date: Wed, 21 Oct 2009 01:01:46 +0100
CC: wg-p3 at kantarainitiative.org
Subject: Re: [Wg-p3] privacy commons

Privacy commons is something I think came out of a discussion on privacy icons from other forums I am apart of a few years ago. Definitely and idea that has been gathering interest for awhile.  These topics has been batted around IGF-Privacy Coalition, and Privacy Open Space (POS) so I have followed up  original emails of interest with an email requesting more information as well as inviting people to take a look at this working group. 
Parts of one email that may be of interest I have pasted in below. (check out icons links) I have more research that I am trying to digg out of backup. One thing for sure, I am interested in knowing why this hasnt already progressed, it is possible that no one group has been strong enough or organised enough to step up to the plate and make this type of effort work. 
Until I get more information I would be hesitant to endorse anything, there is history here. 
*** Some information from an email dated December, 2007 *** 
----Snip ----
Bottom line: I want to be able to tell entities that collect information
about me how long they can keep it. I want to be able to tell them what
they can do with this. And I want the technology that allows me to do this.

This would allow more granularity than the usual opt-in or opt-out, where
the other side basically dictates the terms of use of my date and I can
only agree or not.

Conceptually, these ideas have been around for a while. The best article I
am aware of is by Victor Mayer-Schönberger from Harvard:

The technology for handling this at the back-end is also there,
e.g. EPAL <http://en.wikipedia.org/wiki/Epal>, though there are some
patent issues, as far as I am aware.
This is also called "sticky policy" because meta-information on possible
uses travels with the data.

Recently even an iconography (similar to creative commons) has been suggested:
<http://identityproject.lse.ac.uk/mary.pdf> (from IGF 2006)

Next steps would have to be:
- a good front-end / GUI for this.
- standard applications that incorporate these ideas
- usage of this by many data handlers

Basically, this all would boil down to a DRM for personal data, where it
would be absolutely approporiate
--- SNIP ---
Best, Mark
On 15 Oct 2009, at 18:57, Susan Landau wrote:In principle, I think the idea of endorsing the privacy commons seems 
quite reasonable for us to be doing.  However, in practice, it seems 
there is not a huge amount up on the web site.  I Aaron said there is 
more in the password-protected area, but FTC is unlikely to go looking 
there (as are other people).

I suggest that others take a look before our next call.  I like Aaron's 
approach, but so far there is only an approach, and not much else.


Wg-p3 mailing list
Wg-p3 at kantarainitiative.org

Looking for a place to manage all your online stuff? Download the new Windows Live 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20091021/459f6240/attachment.html 

More information about the Wg-p3 mailing list