diff --git a/index.html b/index.html index 09c230c6..195f6eaa 100644 --- a/index.html +++ b/index.html @@ -49,6 +49,12 @@ } ], localBiblio: { + 'ADDING-PERMISSIONS': { + title: 'Adding another permission? A guide', + authors: ['Nick Doty'], + date: '2018', + href: 'https://github.com/w3cping/adding-permissions' + }, 'Addressing-Cyber-Harassment': { title: 'Addressing cyber harassment: An overview of hate crimes in cyberspace', authors: ['Danielle Keats Citron'], @@ -1743,6 +1749,67 @@ +## Transparency + +
+ + When accessing data or requesting permission, [=sites=] (and other [=actors=]) should provide + [=people=] with relevant explanatory information about the use of data, and [=user agents=] + should help present and consume that information. + +
+ +Transparency is a necessary, but insufficient, condition for [=consent=]. Relevant explanatory +information includes who is accessing data, what data is accessed (including the potential +inferences or combinations of such data) and how data is used. For transparency to be meaningful to +people, explanatory information must be provided in the relevant [=context=]. + +
+ In designing new Web features that may involve permissions, consider whether a permission is + needed and how to make that permission meaningful [[?ADDING-PERMISSIONS]]. + + Past workshops have explored the needs for better permissions on the Web: + +
+ +
+ + Information about privacy-relevant practices should be provided in both easily accessible plain + language form and in machine-readable form. + +
+ +Machine-readable presentation of privacy-relevant practices is necessary for [=user agents=] to be +able to help [=people=] make general decisions, rather than relying falsely on the idea that +[=people=] can or want to read documentation before every visit to a web site. Machine-readable +presentation also facilitates collective governance by making it more +feasible for researchers and regulators to discover, document, and analyze data collection and +processing to identify cases in which it may be harmful. + +Easily accessible, plain language presentation of privacy-relevant practices is necessary for +[=people=] to be able to make informed decisions in specific cases when they choose to do so. +[=Sites=], [=user agents=], and other [=actors=] all may need to present privacy-relevant practices +to [=people=] in accessible forms. + +
+ + Mechanisms that can be used for [=recognize|recognizing=] [=people=] should be designed so that + their operation is visible and distinguishable, to [=user agents=], researchers and regulators. + +
+ +Non-transparent methods of [=recognition=] are harmful in part because they are not visible to the +user, which undermines user control [[?UNSANCTIONED-TRACKING]]. Designing features that minimize +data and make requests for data explicit can enable detectability, a kind of transparency that is an +important mitigation for browser fingerprinting. + ## Consent, Withdrawal of Consent, Opt-Outs, and Objections {#consent-principles}