-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
201 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,201 @@ | ||
| # Privacy TF Call Minutes - Wed, 8 May 2024 | ||
|
|
||
| Present: Dan, Pete, Wendy, Robin, Don, Christine | ||
| Regrets: Amy | ||
|
|
||
| ## Privacy Principles [A11y feedback](https://github.com/w3c/a11y-request/issues/74#issuecomment-2088764802) | ||
|
|
||
| Dan: Discussing APA feedback, in particular thinking about making the doc more accessible to readers. Maybe start with principles then adding depth. (This is feedback we've received a few times, not A11y specific.) | ||
|
|
||
| Dan: They suggest some wordking... | ||
|
|
||
| Jeffrey: we've talked about this... it's in the design principles... (After this piece of the discussion, Jeffrey found ["A web app should not be able to distinguish between the user rejecting permission to use a sensor/capability, and the sensor/capability not being present."](https://w3ctag.github.io/design-principles/#device-ids)) | ||
|
|
||
| Pete: we should be careful - there are places where we want affirmative "no"s for legal purposes. | ||
|
|
||
| Jeffrey: Good point. We don't want the site to [retaliate](https://w3ctag.github.io/privacy-principles/#non-retaliation) against people who said "no". | ||
|
|
||
| Don: trend of plug-ins that will nag you if you DON'T have the privacy settings turned on... we want to make it harder for sites to collect info that will help them put extra work on users. | ||
|
|
||
| Robin: why can't we all just get along? | ||
|
|
||
| Jeffrey: I think there is space to say something to spec authors here. | ||
|
|
||
| Dan: separate principle under non-retaliation? | ||
|
|
||
| *Jeffrey has filed https://github.com/w3ctag/privacy-principles/issues/418* | ||
|
|
||
| Robin: do we want to block on that? | ||
|
|
||
| Jeffrey: I think `back burner` is fine. | ||
|
|
||
| ## Modularity & Compsability | ||
|
|
||
| Wendy: modularity and composability don't appear anywhere in our doc - and these are sometimes in tension with the higher-level protections... Not asking for any changes to the doc. | ||
|
|
||
| ## I18N Feedback | ||
|
|
||
| Dan: i18N feedback: https://github.com/w3c/i18n-actions/issues/85#issuecomment-2081330536 | ||
|
|
||
| Dan: so i18n are looking for a name check... | ||
|
|
||
| ## Re-ordering Sections? | ||
|
|
||
| Robin: we've had this conversation -- half people say one thing half say another... I think we should just go for it? | ||
|
|
||
| Dan: OK | ||
|
|
||
| ## Next steps | ||
|
|
||
| Dan: next step is to ask the team to send a WBS to ask for approval to move to statement. We need to say we've addressed horiz review feedback. I think we have and can show that. | ||
|
|
||
| Robin: I want to ship! Happy to help. | ||
|
|
||
| Robin: triage of the remaining issues... that are not back burnered? | ||
|
|
||
| ## [open and not back burner issues](https://github.com/w3ctag/privacy-principles/issues?q=is%3Aopen+is%3Aissue+-label%3Abackburner) | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/15 | ||
|
|
||
| *we agree to close* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/145 | ||
|
|
||
| *we agree overtaken by events, closing* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/261 | ||
|
|
||
| *it's going to be taken up in societal impacts questionnaire so closing* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/271 | ||
|
|
||
| Jeffrey: still something interesting... interesting tension still exists... applicable to EME as well... on the other hand, we talked about moving UA duties to 2nd doc... happy with either back burner or close. | ||
|
|
||
| *we agree to put in back burner* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/273 | ||
|
|
||
| Pete: i think we discussed this somewhere else... Will review async. | ||
|
|
||
| Robin: close all the copy-edit issues, any objection? We've done lots of copy editing. [no objection] | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/335 | ||
|
|
||
| Christine: don't think this needs to be open | ||
|
|
||
| Robin: agreed | ||
|
|
||
| *no objections, we closed* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/341 | ||
|
|
||
| Robin: i can remove appendix B | ||
|
|
||
| *agreed* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/347 | ||
|
|
||
| Robin: we decided to do more.. can we back burner? | ||
|
|
||
| *agreed* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/373 | ||
|
|
||
| Jeffrey: Don already did a PR for this so going to close. | ||
|
|
||
| *agreed* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/351 | ||
|
|
||
| Robin: 363 has merged | ||
|
|
||
| Jeffrey: I think we can close. | ||
|
|
||
| *agreed* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/362 | ||
|
|
||
| Robin: the PR has landed... | ||
|
|
||
| Pete: fine closing it. | ||
|
|
||
| Jeffrey: we added API designers ... no objection to close | ||
|
|
||
| *agreed* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/374 | ||
|
|
||
| Jeffrey: edited... PR369 ... was merged... marked backburner | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/375 | ||
|
|
||
| Christine: there's no perfect definition | ||
|
|
||
| Jeffrey: works for me | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/388 | ||
|
|
||
| Pete: fine to close, though I still feel it's not useful to say "everything may be sensitive" | ||
|
|
||
| Don: some feedback to this document was yes sensitive info but there is also commercial information that we want to process that isn't sensitive. We say "you can't tell/ predict" whether info is sensitive -- for example we don't know how a future machine learning system will make sensitive inferences from data originally categorized as non-sensitive. From our PoV you have to realize the limits of anyone's ability to detect sensitiveness or vulnerability in advance. | ||
|
|
||
| Pete: I think we should remove sensitive information... | ||
|
|
||
| Jeffrey: the kinds of info people highlight e.g. cc numbers, identifiers... it's a little weird to say that all information is the same and you should treat it all as equally ssensitive. | ||
|
|
||
| Robin: it's valuable to say "system designers should not assume that info isn't sensitive"... | ||
|
|
||
| *some debate* | ||
|
|
||
| Don: example of landlord who wants to use a platform to help them make prejudiced decisions on who to rent to -- if you build in a set of safeguards in advance then a platform will fall back to using alternate data points to enable the prejudiced decision. This info also sensitive because of the anticipated follow-on reactions by the landlord and by the plaform that enables their decision. | ||
|
|
||
| Jeffrey: as way to cut bits out of the document - we should focus on saying surprising things. everyone agrees that CC, geo, are worth protecting... we could not mention it in the document. | ||
|
|
||
| Jeffrey: "Everyone agrees that some information is sensitive but in reality all information is sensitive." | ||
|
|
||
| Pete: i think we should cut the last section. "when considering..." | ||
|
|
||
| Robin: I will write the PR. | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/396 | ||
|
|
||
| Jeffrey: I also added 418 to the backburner... | ||
|
|
||
| Pete: can we short term back burner? | ||
|
|
||
| Christine: is there a simple PR we could make? | ||
|
|
||
| *we agree to just add the TAG for user agents* | ||
|
|
||
| Jeffrey: does a PR | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/397 | ||
|
|
||
| Robin: there is an open PR... PR416... | ||
|
|
||
| Dan: close 397 on that basis? | ||
|
|
||
| *agreed* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/401 | ||
|
|
||
| Christine: could we say "meaningful transparency"...? | ||
|
|
||
| Robin: I think we can back burner and add it to the list of things for when we take the UA related things out of the document after statement. | ||
|
|
||
| *agreed* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/issues/405 | ||
|
|
||
| Robin: I think we have addressed this in the document... as discussed... | ||
|
|
||
| *agreed to close* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/pull/417/files | ||
|
|
||
| *we take a look at it and agree to merge* | ||
|
|
||
| https://github.com/w3ctag/privacy-principles/pulls | ||
|
|
||
| *we agree to back burner* | ||
|
|