W3C

DRAFT Privacy Interest Group Charter

This charter has been replaced by a newer version .

The mission of the Privacy Interest Group , part of the Privacy Activity , W3C's PING (PING) is to improve the support of privacy in on the Web standards by monitoring ongoing advising groups developing standards on how to avoid and mitigate privacy issues that affect the Web, investigating potential areas for with their technologies and by incubating new work that reduces privacy work, risks and providing guidelines fingerprinting surface area. PING also suggests changes to existing standards and advice technologies to improve the privacy of existing systems. Finally, PING makes recommendations to the W3C Advisory Committee and the W3C TAG about whether a proposed standard would be beneficial or harmful for addressing privacy in standards development. on the web.

Join the Privacy Interest Group .

Start date TBD
End date 30 September 2019 31 December 2022
Confidentiality Proceedings are public
Chairs Christine Runnegar, Internet Society
Peter Snyder, Brave
Tara Whalen, Google
Initial Team Contact
(FTE %: 10) 30)
Sam Samuel Weiler
Usual Meeting Schedule Teleconferences: Monthly typically 1-2 per month
Face-to-face: Once annually

Scope

In order to improve the support of privacy in Web standards, the The Privacy Interest Group (PING) will broadly investigate ongoing Web privacy issues develops and methods of systematically documents guidelines, patterns, processes and best practices for addressing privacy concerns during the standardization process. considerations in Web standards.

The group will consider and discuss any PING provides " horizontal review " - offering groups developing web standards on-request guidance on privacy issues that affect users of and mitigations specific to their technologies. PING aims to offer this review as early in the Web. This may include, but technology development lifecycle as requested, observing that early feedback is not limited to, issues related to: online tracking; location, health and financial data; eGovernment initiatives; and online social networking often more helpful. PING may also seek out technologies that might benefit from earlier privacy review and identity. Where appropriate, the Interest Group will recommend areas where W3C should begin recommendation-track conduct such reviews on its own initiative.

PING incubates standards work on privacy issues and may prototype or initiate such by collecting requirements, prototyping, and/or initiating the work within the group. Additionally, the Interest Group will develop IG and document recommending that the W3C move the work into other groups when appropriate. For example, PING may incubate work to reconcile differences in browser vendors' approaches to privacy-protecting features, potentially to include guidelines, patterns, processes and best practices practices, and standards work.

PING may recommend mitigations for addressing privacy considerations issues found in existing features of the Web standards. The Interest Group platform, up to and including deprecation of the features.

PING may provide a locus of expertise input to help consider (proactively or reactively) the W3C Process Community Group on process changes that will improve privacy in Web standards, e.g. by establishing particular requirements on the identification and mitigation of privacy issues that arise in other W3C standards work. Recommendations.

PING may make recommendations to the W3C Advisory Committee and the W3C TAG regarding the privacy impact of proposed standards.

Success Criteria

Deliverables

The group may publish documents like the following that are consistent In conjunction with the above scope. The titles of the documents are indicative only. W3C's Technical Architecture Group (TAG) PING maintains a Self-Review Questionnaire for Security and Privacy .

PING maintains a document providing further detail on Mitigating Browser Fingerprinting in Web Specifications .

PING is developing and will maintain A Target Privacy Considerations Threat Model for the Web Standards , Group Note. Other Deliverables to assist developers and implementers to assess the privacy risks of their features.

The Interest Group PING may also publish other documents consistent with the above scope such as analyses of potential privacy issues (to provide greater awareness or architectural suggestions), issues, prototype specifications for new privacy areas, specifications, and guidelines for user interface design or other similar documents. and future standards.

Dependencies and Liaisons

W3C Groups

It is expected that many newly-chartered most Working and Interest Groups will liaise with the Privacy Interest Group ask PING to faciliate privacy reviews of new work. The static list below is, therefore, incomplete. review their specifications.

Device APIs Working Group Access to potentially-sensitive data or control of mobile devices is a particular area

PING will seek horizontal review of privacy concern. Geolocation Working Group The Privacy Interest Group is likely to monitor its own deliverables for accessibility, internationalization, performance, and review security with the privacy outcomes of Geolocation specifications. Tracking Protection relevant Working Group The Privacy Interest Group is likely to monitor and review the privacy outcomes of Tracking Protection specifications. Web Accessibility Initiative Protocols Interest Groups and Formats Working Group Experience from with the Web Accessibility Initiative may be useful for understanding TAG.

PING should collaborate with the best way WICG and TAG to address cross-cutting values throughout many specifications. Web Applications Working Group The Privacy Interest Group may review or provide advice on coordinate privacy issues in Web Applications specifications. Web Notification Working Group The Privacy Interest Group may review or provide advice on privacy issues of specifications early in Web Notification specifications. Web Security Interest Group The Privacy Interest Group their development lifecycle.

PING may work collaborate with the W3C Web Security Interest Group on guidance on privacy and security issues and coordination of reviews of specifications. Web Application Security Working Group The Privacy Interest Group may consult with, or review the work of, the Web Application Security Working Advertising Business Group on privacy and security issues, particularly with cross-site communications. Technical Architecture Group The Privacy Interest Group may consult with the Technical Architecture Group WICG on privacy issues common across Web architecture. External Groups Internet Architecture Board Privacy and Security Program The Interest Group will share experiences with the IAB Privacy and Security Program which is considering systematic improvements related to privacy and security in IETF standards. advertising.

Participation

Participation in the Privacy Interest Group PING is open to the public. Participants who do not represent a W3C Member should join as Invited Experts . Invited Experts in this group are not granted access to Member-only information.

Anyone (participating in the group or not) may subscribe to the group's public mailing list and engage in discussion. Those who intend to contribute to deliverables will be asked to join the group.

The Chairs may call occasional meetings consistent with the W3C Process requirements for meetings .

Communication

This group primarily conducts its work on the public mailing list public-privacy . and in periodic teleconferences, typically 1-2 times per month. Additionally, the group meets face to face at TPAC . PING is experimenting with using a free Slack workspace - interesting discussions from Slack will be called out to the mailing list, and decisions will not be finalized based solely on Slack discussions.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Privacy Activity PING home page .

Decision Policy

As explained in the Process Document ( section 3.3 ), this group will seek to make decisions when there is by consensus. When the Chairs put a question and observe dissent, after due consideration of different opinions, the Chairs should record a decision (possibly after a formal vote) and any objections, and move on.

Patent Disclosures

The Privacy Interest Group provides an opportunity to share perspectives on the topic addressed by this charter. W3C reminds Interest Group participants of their have an obligation to comply with patent disclosure obligations as set out in Section 6 of the W3C Patent Policy. While These obligations apply both to Recommendation-track work incubated in the Interest Group does not produce Recommendation-track documents, as well as to feedback offered to Working Groups when Interest Group participants review reviewing their Recommendation-track specifications from Working Groups, the patent disclosure obligations do apply. specifications.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation .

About this Charter

This charter for the Privacy Interest Group has been created according to section 6.2 of the Process Document . In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

Charter History

On 28 June 2019, this charter was extended The following table lists details of all changes from the initial charter, per the W3C Process Document (section 5.2.3) :

Charter Period Start Date End Date Changes
Initial Charter until 30 8 September 2019. On 21 December 2018, this charter was extended 2011 15 August 2013 Charter announcement until 30 June 2019. On
Launch announcement
Charter Extension 18 December 2013 1 March, 2018, this charter was extended to 31 December 2018 with an update 2014

Tara Whalen's affiliation updated. Team contact time commitment reduced from .15 to the team contact. .10 FTE. Dependency on Provenance Working Group dropped since group closed.

On
Charter Extension 3 December 2014, this charter was extended to 2014 1 December 2016, with the following adjustments: 2016

Chair affiliation updated. Note about liaisons with newly-created groups. Update Updates to liaisons: include Web Security Interest Group, Web Application Security Working Group and Technical Architecture Group; remove Government Linked Data Working Group (closed). On 18 December 2013, this charter was extended to

Charter Extension 1 March 2018 31 December 2014, with the following additional adjustments: Tara Whalen affiliation updated 2018 Team contact reduced from .15 to .10 FTE Dependency on Provenance Working Group dropped updated.
Charter Extension 21 December 2018 30 June 2019 No changes.
Charter Extension 28 June 2019 30 September 2019 Pete Snyder added as chair.
Rechartered [dd monthname yyyy] 31 December 2022

Highlighted PING's role in horizontal review. Removed IAB Security and Privacy program liaison, since group program closed. Removed list of specific WG liaisons, since PING expects to work with all of them now. Listing TAG, WICG, and Web Advertising BG for liaison. Increased team contact time commitment to .3 FTE.


Sam Samuel Weiler, W3C