The best introduction is a presentation. This is fantastic presentation, very detailed. I would love to present these slides as there is so much depth on each page.
They have a set of Questions that each W3C specification writing team must consider. These questions are not intended to short-circuit a real Privacy Impact, but rather to focus on some of the obvious top issues. Here is an excerpt:
- can the information be used (alone or in combination with other APIs / sources of information) to fingerprint a device or user?
- may I access to the information I created?
- may I record it myself (locally)?
- am I able to have actions on this personal record?
- may I block partly or totally the record of the information?
- may I fake it? (think about fuzzy geolocation or voluntary fake location)
- Is the data personally-derived, i.e. derived from the interaction of a single person, or their device or address? (If so, even if anonymous, it might be re-correlated)
- Does the data record contain elements that would enable such re-correlation? (examples include an IP address, and so on)
- What other data could this record be correlated with? (e.g. the ISP)
- If you had large amounts of this data about one person, what conclusions would it enable you to draw? (e.g. maybe you could estimate location from many ambient light events by estimating latitude and longitude from the times of sunrise and sunset)
- Am I likely to know if information is being collected?
- How visible is its collection and or use?
- Do I get feedback on the patterns that the information could reveal (at any instant, over time) so I can adjust behaviors?
- if a background event about the device is fired in all browsing contexts, does it allow correlation of a user across contexts?
- can code on a page send signals that can be received by device sensors on nearby devices?
You can see that W3C considers all of the Privacy Principles, not just confidentiality.
- Best Practice 1: Follow “Privacy By Design” principles
- Best Practice 2: Enable the user to make informed decisions about sharing their personal information with a service.
- Best Practice 3: Enable the user to make decisions at the appropriate time with the correct contextual information.
- Best Practice 4: When learning user privacy decisions and providing defaults, allow the user to easily view and change their previous decisions.
- Best Practice 5: Focus on usability and avoid needless prompting.
- Best Practice 6: Active consent should be freely given, for specific data, and be informed.
- Best Practice 7: Be clear and transparent to users regarding potential privacy concerns.
- Best Practice 8: Be clear as to whether information is needed on a one-time basis or is necessary for a period of time and for how long.
- Best Practice 9: Request the minimum number of data items at the minimum level of detail needed to provide a service.
- Best Practice 10: Retain the minimum amount of data at the minimum level of detail for the minimum amount of time needed. Consider potential misuses of retained data and possible countermeasures.
- Best Practice 11: Maintain the confidentiality of user data in transmission, for example using
HTTPSfor transport rather than
- Best Practice 12: Maintain the confidentiality of user data in storage.
- Best Practice 13: Control and log access to data.