Earlier this week, W3C held a workshop on privacy and data usage control. Among the submitted position papers are quite a few interesting thoughts, and though I couldn’t attend the workshop, it will be good to see the eventual report from it.
I did manage to submit a paper that explores the contributions of User-Managed Access (UMA) to letting people control the usage of their personal data. It was a chance to capture an important part of the philosophy we bring to our work, and the challenges that remain. From the paper’s introduction:
…UMA allows a user to make demands of the requesting side in order to test their suitability for receiving authorization. These demands can include requests for information (such as “Who are you?” or “Are you over 18?”) and promises (such as “Do you agree to these non-disclosure terms?” or “Can you confirm that your privacy and data portability policies match my requirements?”).
Some of the challenges are technical, some legal, and some related to business incentives. The paper approaches the discussion with what I hope is a sense of realism, along with some justified optimism about near-term possibilities.
(Speaking of which, I like the realism pervading Ben Laurie’s recent criticism of the EFF’s suggested bill of privacy rights for social network users. He cautions them to stay away from implicitly mandating mechanisms like DRM — and, in focusing on broader aims, to be careful what they wish for.)
If you’re so inclined, I hope you’ll check out the paper and the other workshop inputs and outputs.