Go through list of suggestions from the WebAdv "success criteria" that some had proposed

[darobin]

Sift through it for things that are relevant to privacy.

https://github.com/w3c/web-advertising/blob/main/success-criteria.md#interests-of-society (and following sections).

[darobin]

I have gone through the list, and here is my proposal.

A number of things might be fair values to hold, but are out of scope for privacy principles (eg. interoperable standards of communication). Proposal: simply skip those.

Others are in scope but already included or implied (eg. A right to choose private browsing). Proposal: nothing needs to be done.

A number of the things listed fall under collective issues that could arguably contribute to our section on collective privacy problems (which I find insufficiently fleshed out). For instance, the following topics that they list have been in part caused by unfettered data sharing across contexts or by excessive collection by large platforms and improving privacy on the Web is instrumental in helping solve them:

• Free elections protected against foreign manipulation since targeting people with manipulation has become too easy and unaccountable.
• Low barriers of entry for individuals to start new businesses and compete against existing incumbents since sharing data structurally leads to winner-take-all situations.
• Reducing the quality and quantity of publisher content is caused in part by the fact that publishers can't win if they have to share their audience with other parties.

Proposal: let's discuss if such things would be relevant to include or not. I am ambivalent because they are more about consequences of bad privacy than about privacy directly — but I could be convinced either way.

A number of things could be considered omissions and may usefully be included (listing candidates but not necessarily all):

• Freedom from having to self-censor for fear of content consumption being associated with (…) identity
• Data subject rights (erasure, access, correction, objection). These are in part implied in the tiered model but that should be explicit. We should however tread carefully around the right to be forgotten in search results. (Though I'm serious that the TAG or some other group should develop a view.)
• Algorithmic explainability (though that's a hell of a can of worms).

Proposal: let's discuss which ones belong.

A number of things are known to be problematic or false and don't need to be revisited (eg. transparency works, choice improves autonomy). Proposal: skip.

There is also a set of considerations relating to publishers, advertisers, browsers, and other such constituencies. I do believe that we need to extend the Priority of Constituencies to include more participants and to be clearer about some roles, but 1) that is not for this document to do and 2) that WebAdv proposal is designed to put people at a significant disadvantage with respect to the businesses that they engage with, and is incompatible Web principles (as well as with any consideration that humans are the key driver of ethics).

[dmarti]

The point on free elections might be usefully generalized to deceptive communications in general. The same data practices that enable targeted political content and advertising are also used for run-of-the-mill scams. (For example, offering a counterfeit product only to people who are unlikely to work for or with the makers of the original.)

https://blog.zgp.org/when-can-deceptive-sellers-outbid-honest-sellers-for-ad-impressions/

[darobin]

From @sandandsnow:

• We could have a bit on data portability, in line with pushes to interoperability (and data rights).
• Self-censorship: there are studies, eg. about post-Snowden
• We should think about interfacing to opaque things (rather than algo explainability): EME, EPub, ad bidding… Making things understandable as a privacy design feature. A sentiment we should capture: "Privacy researchers need to be able to see what is going on."

[darobin]

@wseltzer adds "User privacy is enhanced by research being possible into how data is processed. Users rely on external analysis."

This could be collective data rights.

[sandandsnow]

Link to Assuring a Strong and Secure Web Platform - https://www.w3.org/blog/2015/11/strong-web-platform-statement/

[darobin]

I've done the following:

• Punted self-censorship to a future issue (Include discussion of the risks of self-censorship resulting from lack of privacy #104)
• Added a new subsection about the need to enable transparency for research/accountability purposes. That includes mention of access rights as well as algorithmic explainability. I would prefer that this document not have to go into the latter in any detail, if we can.
• Added a section on data rights that is meant to include erasure, access, rectification, and portability but I haven't filled it out yet.