-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #51 from npdoty/summary-202303
principles drafting group and discussion
- Loading branch information
Showing
2 changed files
with
167 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| Some sources to consider in documenting advertising-specific privacy principles: | ||
|
|
||
| [Privacy Principles](https://www.w3.org/TR/privacy-principles/), Draft Note from the W3C TAG, prepared by the Web Privacy Principles Task Force | ||
|
|
||
| [PATCG Security Considerations / Threat Model](https://github.com/patcg/docs-and-reports/tree/main/threat-model) | ||
|
|
||
| [User considerations for private measurement](https://gitlab.com/pitg/private-measurement-user-considerations/-/blob/main/private-measurement-user-considerations.md), some questions/topics regarding private measurement, maintained by Nick Doty | ||
|
|
||
| [Advertising Use Cases | User Needs](https://github.com/w3c/web-advertising/blob/main/support_for_advertising_use_cases.md#user-needs-1), from Improving Web Advertising Business Group | ||
|
|
||
| --- | ||
|
|
||
| Some browser vendors have published policies regarding tracking or privacy models: | ||
|
|
||
| [A Potential Privacy Model for the Web](https://github.com/michaelkleber/privacy-model): Sharding web identity, from Michael Kleber | ||
|
|
||
| [Tor Browser Privacy Requirements](https://2019.www.torproject.org/projects/torbrowser/design/#privacy), different unlinkability criteria | ||
|
|
||
| [Mozilla Anti tracking policy](https://wiki.mozilla.org/Security/Anti_tracking_policy) | ||
|
|
||
| [WebKit Tracking Prevention Policy](https://webkit.org/tracking-prevention-policy/) | ||
|
|
||
| ---- | ||
|
|
||
| Other recommended links, from PATCG discussion: | ||
|
|
||
| https://www.nist.gov/privacy-framework | ||
| https://almanac.httparchive.org/en/2022/privacy | ||
| https://www.w3.org/wiki/Privacy/Privacy_Considerations | ||
| https://darobin.github.io/pup/ | ||
| https://www.w3.org/TR/design-principles/ | ||
| https://www.w3.org/TR/fingerprinting-guidance/ | ||
| https://www.w3.org/blog/2019/06/privacy-anti-patterns-in-standards/ | ||
| https://www.rfc-editor.org/rfc/rfc8890.html | ||
| https://datatracker.ietf.org/doc/html/rfc7258 | ||
|
|
||
| --- | ||
|
|
||
| Legislation, regulation and governmental principles in different jurisdictions may also be relevant inputs for potential areas to look at, although they don't specifically direct our global standards work: | ||
|
|
||
| [EU Digital Services Act](https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-services-act-ensuring-safe-and-accountable-online-environment_en) includes restrictions on targeting online advertising and requirements for transparency and control | ||
|
|
||
| [EU General Data Protection Regulation](https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations_en) includes principles applying to personal data processed by an organization | ||
|
|
||
| [OECD Guidelines Governing The Protection of Privacy and Transborder Flows of Personal Data](https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0188) includes principles | ||
|
|
||
| --- | ||
|
|
||
| Some advertising industry self-regulatory programs may have relevant advertising-specific principles: | ||
|
|
||
| [DAA Self-Regulatory Principles](https://digitaladvertisingalliance.org/principles) includes self-regulatory principles for online behavioral advertising (2009), and applications to some other categories | ||
|
|
||
| [NAI Code of Conduct](https://thenai.org/wp-content/uploads/2021/07/nai_code2020.pdf) includes self-regulatory principles for ad targeting and delivery |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,114 @@ | ||
| # private ad tech privacy principles summary | ||
|
|
||
| ## Areas to cover | ||
|
|
||
| * consent | ||
| * control | ||
| * profiling | ||
| * distress & intrusion | ||
| * relevance | ||
| * reporting and context † | ||
| * transparency | ||
| * security | ||
| * trust model | ||
| * explainability / comprehensibility | ||
| * competition † | ||
| * inferences | ||
| * identifiers | ||
| * accountability † | ||
| * | ||
|
|
||
| ### Some Privacy Principles (W3C TAG Draft Note) to elaborate on | ||
|
|
||
| #### context / identity | ||
|
|
||
| > A user agent should help its user present the identity they want in each context they are in. | ||
| #### minimization | ||
|
|
||
| > Sites, user agents, and other actors should minimize the amount of personal data they transfer between actors on the Web. | ||
| > Web APIs should be designed to minimize the amount of data that sites need to request to carry out their users' goals and provide granularity and user controls over personal data that is communicated to sites. | ||
| > In maintaining duties of protection, discretion and loyalty, user agents should share data only when it either is needed to satisfy a user's immediate goals or aligns with the user's wishes and interests. | ||
| #### general preferences | ||
|
|
||
| > Sites and user agents should seek to understand and respect people's goals and preferences about use of data about them. | ||
| > Specifications that define functionality for telemetry and analytics should explicitly note the telemetry and analytics use to facilitate modal or general user choices. | ||
| #### intrusion | ||
|
|
||
| > User agents and other actors should take steps to ensure that their user is not exposed to unwanted information. | ||
| > A user agent should help users control notifications and other interruptive UI that can be used to manipulate behavior. | ||
| > Web sites should use notifications only for information that their users have specifically requested. | ||
| ## How this fits in | ||
|
|
||
| * Helping to guide and evaluate private advertising technology proposals | ||
|
|
||
| > This document elaborates on the W3C TAG's Privacy Principles [Privacy-Principles]. The latter document is intended to describe principles of privacy that apply across the Web, and therefore leaves the door open to a variety of approaches so that different use cases can be approached with some flexibility. This document is therefore more specific in detailing how the Web's broader privacy principles are to be understood in an advertising context. | ||
| * Not every topic should or could be covered here! | ||
|
|
||
| * [some source documents](https://github.com/npdoty/patcg-docs/blob/principles-sources/principles/sources.md) | ||
|
|
||
| ## What's still missing? | ||
|
|
||
| * ... | ||
| * | ||
|
|
||
| ## How to contribute | ||
|
|
||
| * github issues | ||
| * PRs on documents | ||
| * biweekly check-in calls? | ||
|
|
||
| --- | ||
|
|
||
| Suggested topics for principles: | ||
|
|
||
| continuous release of information over time | ||
|
|
||
| whether consent plays into that | ||
|
|
||
| collusion and what is trusted | ||
|
|
||
| aggregation for measurement | ||
|
|
||
| minimize the cross-context data about any user when providing measurement data | ||
|
|
||
| limit the ability of sites to perform cross-context recognition | ||
|
|
||
| separate the context from the user | ||
|
|
||
| privacy definitions (information-theoretic, differential privacy) | ||
|
|
||
|
|
||
| -- | ||
|
|
||
| Some notes on how PATCG would like principles documentation to work, from March 2023 meeting: | ||
|
|
||
| explain how advertising-related topics may be aligned with user interests, or be an area where a user could have a general preference | ||
| shivan: shouldn't be a trade-off or discuss that in *this* doc | ||
| martin: explaining to users and others why we are doing what we are doing | ||
| why, and how we approached the problem | ||
|
|
||
| aram: less privacy principles, and more our principles as a group about how to deal with proposals. like what tradeoffs we can make and why. what makes a healthy web and a functional user experience across the web, how that interacts with how people understand their privacy. | ||
|
|
||
| mt: we ultimately want here is for the people working on the document to say "we think that we have identified a principle based on our engagement with $proposal, we'd like to discuss how we refine and capture that principle so that we can apply it to other work in the group" | ||
|
|
||
| regular checkin with the patcg, and specific to the technology/specifications under development | ||
|
|
||
| where advertising fits into the priority of constituencies | ||
|
|
||
| james aylett: state that trade-off or compromise is going to be necessary, but don't make the trade-offs or balance itself because that's specific to a proposal. risk management in individual proposals. | ||
|
|
||
| well-lit path to mitigate the demand for covert tracking; make it possible to implement stronger mitigations | ||
|
|
||
| charlie: editorial eye towards what belongs or not. maybe collect/save for later topics that could come up but aren't very specific to current proposals in patcg/individual drafts. specific criteria for inclusion. | ||
|
|
||
| charlie: diff view or where we want to refine more general TAG principles |