index.html 14.5 KB
<!--?xml version="1.0" encoding="UTF-8"?-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head>
  <meta content="text/html; charset=UTF-8" http-equiv="content-type" />
  <title>Privacy and data usage control - W3C Workshop</title>
  <link media="all" type="text/css" href="http://www.w3.org/2007/08/video/style.css" rel="stylesheet" />
  <link media="print" type="text/css" href="http://www.w3.org/2007/08/video/print.css" rel="stylesheet" />
  <link type="image/png" href="http://www.w3.org/2005/11/MWI-Icons/MWI-favicon" rel="icon" />
  <style media="screen" type="text/css">
/*&lt;![CDATA[*/
    dl.items {margin: 1em 2em;}
    dl.items dt {margin: 1.5em 0 0 1em;}
    dl.items dt a {font-weight: bold;}
    dl.items dd {margin: 0.5em 0 0 1em;}
    acronym { border-bottom: black dashed 1px }
    div#navigation li.current { color: white;
   font-weight: bold;
  }
  div#page { background-image:none;}
  div.submit { 
	text-align: center;
	padding: 15px;
	margin-left: 30%;
	margin-right: 30%;
	border: 1px solid black;
	font-size: small;
   }
   div.submit a.button {
	font-size: large;
   }
   #main {text-align: left;}
  /*]]&gt;*/
  </style>
</head>

<body>

<div id="page">
<h1>W3C Workshop on Privacy and data usage control <span class="baseline">04/05
October 2010, Cambridge (MA)</span></h1>
</div>

<div id="navigation">
<ul>
  <li><a href="http://www.w3.org/Consortium/">About W3C</a></li>
  <li class="current">Call for Participation</li>
  <li><a href="venue.html">Venue</a></li>
<!--                        <li><a href="papers/">Papers</a></li>
                        <li><a href="report">Report</a></li>
                        <li><a href="agenda.html">Agenda</a></li> -->
  <li><a href="papers.html">Papers</a></li>
  <li><a href="report.html">Report</a></li>
  <li><a href="agenda.html">Agenda</a></li>
</ul>
</div>

<div id="main">
<p class="logo"><a href="/"><img width="85" height="43" style="border-left: 0; border-right: 0; border-top: 1px solid black; border-bottom: 1px solid black; padding: 6px; margin: 2px; vertical-align:top" src="../../Mobile/W3C" alt="W3C" /></a> <br />
<a href="http://www.primelife.eu"><img width="145" style="border:0; vertical-align: top; margin-top: 3px; margin-bottom: 3px;" src="http://www.primelife.eu/templates/primelife/images/primelife-logo.jpg" alt="sponsored by PrimeLife" /></a> <br />
04-05 October 2010<br />
Hosted by <br />
<a href="http://dig.csail.mit.edu/"><img width="125" style="border:0;  vertical-align: top; margin-top: 3px; margin-bottom: 3px;" src="http://dig.csail.mit.edu/2010/dig-logo.jpg" alt="hosted by DIG" /></a><br />
MIT, Cambridge (MA) </p>
<!-- content beg -->

<h2 id="call_for_participation">Results</h2>
<ul>
  <li><a href="report.html">Workshop report</a></li>
  <li><a href="minutes.html">Workshop minutes</a><br />
  </li>
</ul>
<br />
<h2 id="call_for_participation">Call For Participation</h2>


<h3 id="cfp_background">Background</h3>

<p>Users trust enormous amounts of personal information to a large variety of
online services including social network sites, search engines, photo and video
sharing services, and hosted email solutions. As all those services become ever
more tightly integrated, it becomes increasingly difficult to control the
dispersion of information throughout the Web. It also becomes ever more
difficult for services to respect users' privacy while participating in
interweaved service networks that the benefit the users. There is a necessity
to share data with other services to create better offers, but this does not
mean we cannot have privacy as well. What is needed to ensure services respect
their users' privacy? There are initiatives to provide users with information
on what data is being collected about them and ways to customize what data can
be collected. Other techniques focus on enabling services to better control and
audit data usage, namely who accessed data and what processing was done.
However, this addresses only part of the problem. What happens when personal
data that was released for a certain purpose is misused ? What does ensuring
privacy on the Web really mean when sensitive information can be easily
inferred from publically available sources [ <a href="http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2611/2302">Gaydar</a>,
<a href="http://www.pcworld.com/article/167975/researchers_expose_security_flaw_in_social_security_numbers.html">Researchers
Expose Security Flaw in Social Security Numbers</a>, <a href="http://data.semanticweb.org/conference/www/2009/paper/153">Inferring
Private Information Using Social Network Data</a>] ? </p>

<p>There have been earlier Workshops on issues related to privacy, however, we
see a continuous need for improvement. The 2006 <a href="../../2006/07/privacy-ws/Overview.html">Workshop on Languages for Privacy
Policy Negotiation and Semantics-Driven Enforcement</a> (<a href="../../2006/07/privacy-ws/report.html">Report</a>) addressed aspects and
resulted in the creation of the Policy Languages Interest Group (<a href="http://www.w3.org/Policy/pling/">PLING</a>). Coordination continued with
the <a href="../../2009/policy-ws/Overview.html">Workshop on Access Control
Application Scenarios</a> (<a href="../../2009/policy-ws/report.html">report</a>) where Access Control
scenarios were evaluated and XACML extensions and complements for Privacy
suggested. Most of these workshops consider technical approaches to solving the
problem of privacy using access control. However, we are interested in broader
aspects of privacy including those of usage and handling of personal
information especially related to social networking. </p>

<p>Privacy in Social Networking is a big challenge at the moment. Social
networking sites currently have their own home-grown privacy features and
settings. Those are not interoperable and regularly, news report of privacy
breaching incidents caused by a combination of services with social networking.
This could be improved if social networks would be enabled to transport the
privacy restrictions set by the user to the interlinked services.</p>

<h3 id="cfp_goalsAndScope">Goals and Scope</h3>

<p>This workshop will explore solutions to privacy based on controlling data
usage and on data handling. We also solicit contributions on techniques for
``sticky policies'' that ensure that policies constantly move along with the
related data. While data usage control in a single enterprise can live with
ad-hoc defined semantics, dataflows across enterprise borders need agreed upon
semantics to avoid very costly and time consuming transformation. Semantic
interoperability by an agreed common privacy vocabulary may be a remedy, but
this may not be the only one. Digital Right Management (DRM) research might
provide some interesting insights on how data usage control could be supported
in distributed environments. Regulatory approaches are also of importance as
they influence the way technology is used to comply with regulation. We invite
position papers on all these aspects of privacy protection on the Web,
especially:</p>
<ul>
  <li>What role have the semantic technologies in tackling the issue of privacy
    oriented data usage control? Are there other, better technologies?</li>
  <li>What is the role for commonly agreed privacy semantics? Which rights
    and/or obligations can be expressed in the policy, and are there any
    relations among them? Do ontologies help?</li>
  <li>What are the limitations of standardising privacy semantics for the use
    in the relation user/service and service-to-service? </li>
  <li>How to do data mining while respecting users' privacy?</li>
  <li>How can users can identify errors and request corrections to their
    personal information?</li>
  <li>What is the role of the rules community for privacy? Can this new
    technology be leveraged?</li>
  <li>What are the limitations of those semantic technologies. Where are they
    seen not to work.</li>
  <li>Who sets the policy Does the user impose her privacy policy on the
    third-party service, does the service propose a policy that the user can
    choose to take or leave? Can negotiation work, or is it still too
  complex?</li>
  <li>What are obligations on the service towards the user and how to fulfill
    them?</li>
</ul>
<ul>
  <li>Integration of privacy enhancements into existing data handling tools</li>
  <li>implementation and deployment experience with data management tools from
    a public policy and privacy perspective;</li>
  <li>policy considerations for the future development of the Web platform in
    general, and advanced data management on the Web in particular;</li>
  <li>user experience and service design issues and approaches related to
    security and privacy technologies for the Web;</li>
  <li>Social or regulatory issues relating to privacy as they potentially
    impact any of the above.</li>
</ul>

<p>The workshop is expected to attract a broad set of stakeholders, including
researchers, database manufacturers, CRM-system manufacturers, Social
Networking Providers. This workshop will determine whether there is interest in
further work on policy languages and data handling/data usage work within
W3C.</p>

<h3 id="cfp_participationRequirements">Participation Requirements</h3>

<p>All participants are required to <a href="#paper">submit a position
paper</a> by <strong>10 September 2010</strong>. W3C membership is not required
to participate in this workshop.</p>

<p>The total number of participants will be limited. To ensure diversity, a
limit might be imposed on the maximum number of participants per
organization.</p>

<p>Instructions for how to register will be sent to submitters of accepted
position papers. These instructions will also indicate a possible limit on the
maximum number of participants per organization.</p>

<p>Workshop sessions and documents will be in English. Position papers,
presentations, minutes and the workshop report will be public.</p>

<p>There is no fee to participate.</p>

<h3 id="eoi">Expression of Interest</h3>

<p>To help the organizers plan the workshop: If you wish to participate, please
<b>as soon as possible</b> send a message to <a href="mailto:team-privacyws-submit@w3.org">team-privacyws-submit@w3.org</a>
with a short (one paragraph) "expression of interest" stating:</p>
<ul>
  <li>that a representative from your organization plans to submit a position
    paper</li>
  <li>whether you want to send one or two participants</li>
  <li>whether or not you wish to make a presentation</li>
</ul>

<p>Note: Sending that expression of interest does not mean that you registered
for the workshop. It is still necessary to send a <b>position paper</b> (see
below), which then must be considered for acceptance by the Program
Committee.</p>

<h2 id="paper">Position Papers</h2>

<div class="submit">
<p>Please submit position papers by sending them to <a href="mailto:team-privacyws-submit@w3.org">team-privacyws-submit@w3.org</a> </p>
</div>

<p>You paper must meet the following criteria:</p>
<ul>
  <li>explains your interest in the Workshop</li>
  <li>aligned with the Workshop's stated <a href="#scope">goals</a> as outlined
    above.</li>
  <li>1 to 5 pages long</li>
  <li>formatted in (valid) HTML/XHTML, PDF, or plain text</li>
</ul>

<p>Based on a review of all submitted position papers, the Program Committee
will select the most relevant and invite the submitters of those papers to the
Workshop. From among all accepted papers, the program committee will choose a
small number of papers judged most appropriate for fostering discussion, and
ask the authors of those papers to give short presentations about them at the
Workshop. After the workshop, those presentations will then be published on the
<a href="./">workshop home page</a>.</p>

<h2 id="dates">Important dates</h2>

<table width="60%" border="1" align="center">
  <tbody>
    <tr valign="top">
      <th>Date</th>
      <th>Event</th>
    </tr>
    <tr valign="top">
      <td>27 July 2010</td>
      <td>Call for Participation issued</td>
    </tr>
    <tr valign="top">
      <td>10 September 2010</td>
      <td>Deadline for <a href="#paper">position papers</a></td>
    </tr>
    <tr valign="top">
      <td>18 September 2010</td>
      <td>Acceptance notification sent</td>
    </tr>
    <tr valign="top">
      <td>24 September 2010</td>
      <td>Program released</td>
    </tr>
    <!--        <tr valign="top">
                                                      <td>@@</td>

                                                      <td>Deadline for Registration</td>
                                                    </tr> -->
    <tr valign="top">
      <td>04/05 October 2010</td>
      <td>Workshop</td>
    </tr>
  </tbody>
</table>

<h2 id="Organization" class="break">Workshop Organization</h2>

<p>Workshop sessions and documents will be in English</p>

<p></p>

<h3>Keynotes</h3>
<ul>
  <li>Jacques Bus (Digitrust)</li>
  <li>Ken Anderson (Office of the Information and Privacy Commissioner of
    Ontario)</li>
</ul>

<p></p>

<h3>Chairs</h3>
<ul>
  <li>Lalana Kagal, MIT</li>
  <li>Rigo Wenning, W3C</li>
</ul>

<h3><a name="Prog_chair" id="Prog_chair">Program Committee</a></h3>
<ul>
  <li>Hal Abelson (MIT)</li>
  <li>David Basin (ETH Zürich)</li>
  <li>Gunter Bitz (SAP)</li>
  <li>Jacques Bus (Digitrust)</li>
  <li>David Chadwick (Kent University)</li>
  <li>Malcolm Crompton (Information Integrity Solutions)</li>
  <li>Jean-Marc Dinant (Centre de recherche informatique et droit, Université
    Namur)</li>
  <li>Sandro Etalle (University of Twente)</li>
  <li>Renato Iannella (Semantic Identity)</li>
  <li>Volkmar Lotz (SAP)</li>
  <li>Eve Maler (PayPal)</li>
  <li>Ashok Malhotra (Oracle)</li>
  <li>John Morris (CDT)</li>
  <li>Alexander Pretschner (Fraunhofer)</li>
  <li>Marc Rotenberg (EPIC)</li>
  <li>Norman Sadeh (Carnegie Mellon University)</li>
  <li>Ravi S. Sandhu (University of Texas at San Antonio, ICS)</li>
  <li>Mischa Tuffield (Garlik)</li>
</ul>

<p></p>

<h3>Venue</h3>

<p>The Workshop will be hosted by the <a href="http://dig.csail.mit.edu">Decentralized Information Group</a> at MIT.
More detailed venue information will be made available in due course.</p>

<h2>Deliverables</h2>

<p>Position <a href="papers">papers</a>, <a href="agenda.html">agenda</a>,
accepted presentations, and <a href="report.html">report</a> will also be
published online.</p>

<p></p>

<div id="footer">
<address>
  For more information, contact <a href="mailto:rigo@w3.org">Rigo
  Wenning</a>.<br />
  <small>$Date: 2010/12/06 18:19:13 $</small> 
</address>
</div>
<!-- footer end -->
</div>


</body></html>