04-05 October 2010
Hosted by
MIT, Cambridge (MA)
Results
Call For Participation
Background
Users trust enormous amounts of personal information to a large variety of online services including social network sites, search engines, photo and video sharing services, and hosted email solutions. As all those services become ever more tightly integrated, it becomes increasingly difficult to control the dispersion of information throughout the Web. It also becomes ever more difficult for services to respect users' privacy while participating in interweaved service networks that the benefit the users. There is a necessity to share data with other services to create better offers, but this does not mean we cannot have privacy as well. What is needed to ensure services respect their users' privacy? There are initiatives to provide users with information on what data is being collected about them and ways to customize what data can be collected. Other techniques focus on enabling services to better control and audit data usage, namely who accessed data and what processing was done. However, this addresses only part of the problem. What happens when personal data that was released for a certain purpose is misused ? What does ensuring privacy on the Web really mean when sensitive information can be easily inferred from publically available sources [ Gaydar, Researchers Expose Security Flaw in Social Security Numbers, Inferring Private Information Using Social Network Data] ?
There have been earlier Workshops on issues related to privacy, however, we see a continuous need for improvement. The 2006 Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement (Report) addressed aspects and resulted in the creation of the Policy Languages Interest Group (PLING). Coordination continued with the Workshop on Access Control Application Scenarios (report) where Access Control scenarios were evaluated and XACML extensions and complements for Privacy suggested. Most of these workshops consider technical approaches to solving the problem of privacy using access control. However, we are interested in broader aspects of privacy including those of usage and handling of personal information especially related to social networking.
Privacy in Social Networking is a big challenge at the moment. Social networking sites currently have their own home-grown privacy features and settings. Those are not interoperable and regularly, news report of privacy breaching incidents caused by a combination of services with social networking. This could be improved if social networks would be enabled to transport the privacy restrictions set by the user to the interlinked services.
Goals and Scope
This workshop will explore solutions to privacy based on controlling data usage and on data handling. We also solicit contributions on techniques for ``sticky policies'' that ensure that policies constantly move along with the related data. While data usage control in a single enterprise can live with ad-hoc defined semantics, dataflows across enterprise borders need agreed upon semantics to avoid very costly and time consuming transformation. Semantic interoperability by an agreed common privacy vocabulary may be a remedy, but this may not be the only one. Digital Right Management (DRM) research might provide some interesting insights on how data usage control could be supported in distributed environments. Regulatory approaches are also of importance as they influence the way technology is used to comply with regulation. We invite position papers on all these aspects of privacy protection on the Web, especially:
- What role have the semantic technologies in tackling the issue of privacy oriented data usage control? Are there other, better technologies?
- What is the role for commonly agreed privacy semantics? Which rights and/or obligations can be expressed in the policy, and are there any relations among them? Do ontologies help?
- What are the limitations of standardising privacy semantics for the use in the relation user/service and service-to-service?
- How to do data mining while respecting users' privacy?
- How can users can identify errors and request corrections to their personal information?
- What is the role of the rules community for privacy? Can this new technology be leveraged?
- What are the limitations of those semantic technologies. Where are they seen not to work.
- Who sets the policy Does the user impose her privacy policy on the third-party service, does the service propose a policy that the user can choose to take or leave? Can negotiation work, or is it still too complex?
- What are obligations on the service towards the user and how to fulfill them?
- Integration of privacy enhancements into existing data handling tools
- implementation and deployment experience with data management tools from a public policy and privacy perspective;
- policy considerations for the future development of the Web platform in general, and advanced data management on the Web in particular;
- user experience and service design issues and approaches related to security and privacy technologies for the Web;
- Social or regulatory issues relating to privacy as they potentially impact any of the above.
The workshop is expected to attract a broad set of stakeholders, including researchers, database manufacturers, CRM-system manufacturers, Social Networking Providers. This workshop will determine whether there is interest in further work on policy languages and data handling/data usage work within W3C.
Participation Requirements
All participants are required to submit a position paper by 10 September 2010. W3C membership is not required to participate in this workshop.
The total number of participants will be limited. To ensure diversity, a limit might be imposed on the maximum number of participants per organization.
Instructions for how to register will be sent to submitters of accepted position papers. These instructions will also indicate a possible limit on the maximum number of participants per organization.
Workshop sessions and documents will be in English. Position papers, presentations, minutes and the workshop report will be public.
There is no fee to participate.
Expression of Interest
To help the organizers plan the workshop: If you wish to participate, please as soon as possible send a message to team-privacyws-submit@w3.org with a short (one paragraph) "expression of interest" stating:
- that a representative from your organization plans to submit a position paper
- whether you want to send one or two participants
- whether or not you wish to make a presentation
Note: Sending that expression of interest does not mean that you registered for the workshop. It is still necessary to send a position paper (see below), which then must be considered for acceptance by the Program Committee.
Position Papers
Please submit position papers by sending them to team-privacyws-submit@w3.org
You paper must meet the following criteria:
- explains your interest in the Workshop
- aligned with the Workshop's stated goals as outlined above.
- 1 to 5 pages long
- formatted in (valid) HTML/XHTML, PDF, or plain text
Based on a review of all submitted position papers, the Program Committee will select the most relevant and invite the submitters of those papers to the Workshop. From among all accepted papers, the program committee will choose a small number of papers judged most appropriate for fostering discussion, and ask the authors of those papers to give short presentations about them at the Workshop. After the workshop, those presentations will then be published on the workshop home page.
Important dates
| Date | Event |
|---|---|
| 27 July 2010 | Call for Participation issued |
| 10 September 2010 | Deadline for position papers |
| 18 September 2010 | Acceptance notification sent |
| 24 September 2010 | Program released |
| 04/05 October 2010 | Workshop |
Workshop Organization
Workshop sessions and documents will be in English
Keynotes
- Jacques Bus (Digitrust)
- Ken Anderson (Office of the Information and Privacy Commissioner of Ontario)
Chairs
- Lalana Kagal, MIT
- Rigo Wenning, W3C
Program Committee
- Hal Abelson (MIT)
- David Basin (ETH Zürich)
- Gunter Bitz (SAP)
- Jacques Bus (Digitrust)
- David Chadwick (Kent University)
- Malcolm Crompton (Information Integrity Solutions)
- Jean-Marc Dinant (Centre de recherche informatique et droit, Université Namur)
- Sandro Etalle (University of Twente)
- Renato Iannella (Semantic Identity)
- Volkmar Lotz (SAP)
- Eve Maler (PayPal)
- Ashok Malhotra (Oracle)
- John Morris (CDT)
- Alexander Pretschner (Fraunhofer)
- Marc Rotenberg (EPIC)
- Norman Sadeh (Carnegie Mellon University)
- Ravi S. Sandhu (University of Texas at San Antonio, ICS)
- Mischa Tuffield (Garlik)
Venue
The Workshop will be hosted by the Decentralized Information Group at MIT. More detailed venue information will be made available in due course.
Deliverables
Position papers, agenda, accepted presentations, and report will also be published online.