Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Document reference: RW-P3WG-Charter-Rev0.1 Introduction

This document sets out the charter for the (1) WG NAME (and abbreviation):

Privacy and Public Policy Working Work Group (P3WG) of the Kantara organisation. The charter is intended to define the scope, structure and remit of the Working Group, in the context of a set of core aims and values.
The over-arching vision for the P3WG is that it should be the forum which attracts diverse and constructive stakeholder debate, producing outputs which are of value to all participants and which lead to better privacy outcomes for data subjects.
The vision is founded on core goals of:

  • Effective stakeholder engagement
  • Privacy by design
  • Providing advice and guidance on the right blend of technology and policy

Scope and Structure

Direction

The P3WG will operate under the direction of Kantara's Director of Policy and Privacy (DPP), and will have a membership drawn from Kantara participants, supplemented by invited experts where appropriate. This has proved an effective mechanism in the past – for instance, for engaging the participation of Data Protection Authorities who might otherwise be constrained from becoming members of an industry body.

Privacy Steering Group

The work of the P3WG will be informed and guided, in part, by a Privacy Steering Group (PSG) whose membership will be drawn from inside and outside of Kantara's membership. PSG membership will have a particular focus on CPOs, so as to increase the P3WG's relevance to that community, but will also include representatives from academia, the legal profession, privacy advocates etc. so as to ensure diversity.
The Liberty plenary meetings in February 2009 provided an opportunity to start building the Privacy Steering Group, with a round-table meeting of diverse participants many of whom expressed their willingness to remain engaged as Kantara evolves.
The PSG is an advisory body whose purpose is to ensure that external stakeholder input is adequately considered. The PSG may be invited to review and comment on P3WG deliverables before their release, but will not have power of veto over publication. The PSG will be invited to convene either at Kantara's plenary sessions or at other sessions convened at mutual convenience with roughly equivalent frequency, so that it has the opportunity to hear about and comment on the P3WG's activities and offer guidance on future directions.

Editorial Board

...

Remit

The Working Group has an intentionally broad remit, including Privacy, Policy (in the sense of governance) and Public Policy (in the sense of legislation, regulation and compliance). There are two thoughts behind this:

  1. The maximum value to members, adopters and end users is expected to come from a holistic approach which balances technology with the broad range of non-technical privacy- and policy-related measures;
  2. It is hoped that the broad range of topics covered will encourage correspondingly broad participation.

Internal

Internally, the P3WG will interact with other groups such as those working on governance, identity assurance and technology, so ensure that the broad range of requirements (privacy, governance, compliance etc) is factored into Kantara's work appropriately.
For example, one proposal is to define a 'privacy design elements' summary which can be included in technical deliverables, so that potential adopters can make a quick and convenient assessment of the privacy-related factors in any given deliverable.

External

Externally, the P3WG will be the driving body for outreach activities to:

  • Policy-makers and public policy influencers;
  • Privacy stakeholders such as CPOs, privacy advocates and data protection authorities;
  • Privacy stakeholders from other areas such as legal and academic disciplines;

...

  • Industry-specific privacy work such as that on e-health, education;
  • Different industry perspectives such as identity management for enterprise, public sector, social networking and user-centric use-cases.

Unifying Themes and Principles

The remit set out above is clearly broad and diverse. Our aim will be to define and implement a number of principles which establish unifying themes across all of the group's work. For instance:

  • To provide practical guidance which removes obstacles to the adoption and implementation of Kantara's output;
  • To make it easier for potential adopters/users to assess the privacy-related elements of Kantara's deliverables;
  • To make it easier for adopters and users to achieve good privacy outcomes, based on an appropriate balance of technical and non-technical measures.

Privacy and Intellectual Property Regime

In the interest of broad and frank stakeholder discussions, the following defaults are proposed:

  1. The Work Group's mailing list and traffic will not be made public;
  2. Contributions to the mailing list will not be re-published or quoted without the permission of the author in question, and contributors' privacy stipulations will be respected;
  3. Face to face meetings of the Work Group will be held under the Chatham House Rule (that is, participants may make use of what is said, but may not disclose the identity or affiliation of the speaker).

These principles are particularly important to the Work Group's ability to develop and maintain credible and trusted engagement with policy-makers and regulators, whose participation may otherwise be constrained to the point where it is not useful.
Bearing in mind the principles set out above, the default for deliverables produced by the Work Group (as opposed to the Group's discussions) is that they should be freely published as re-usable advice and guidance. Patent concerns and non-assertion convenants are unlikely to be applicable to the P3WG's output; however, an early priority for the Work Group should be to investigate suitable terms of use which set out conditions for attribution and propagation, with a view to formal inclusion in the charter.

(2) PURPOSE:
Privacy, and the policy decisions which affect it, are increasingly a core theme of digital identity-related work. This Work Group is intended to ensure that the Kantara Initiative ("Kantara") contributes to better privacy outcomes for users, data custodians and other stakeholders, by defining privacy-related principles and good practice applicable to a broad range of prevalent technology platforms.

(3) SCOPE AND DEFINITION OF WORK:

  • Become an active convening authority for privacy and public policy work - including productive engagement with the CPO, policymaker, regulatory and adoption communities.
  • Liaise and work with other Kantara groups to represent the privacy and public policy perspective, and to serve as an ongoing point of reference for privacy/policy-related questions. 
  • Lead work to define and develop Privacy Management and Privacy Assurance deliverables which complement Kantara's initiatives in Identity Assurance and Identity Governance.
  • Liaise and work with projects and organisations outside Kantara to further the same objectives.

(4) DRAFT TECHNICAL SPECIFICATIONS:

  • Draft technical specifications are outside the scope of this WG

(5) OTHER DRAFT RECOMMENDATIONS AND PROJECTED COMPLETION DATES:
The WG will publish and maintain a rolling quarterly plan setting out its planned deliverables and stakeholder engagement programme. The plan will include:

White Papers and Framework Documents such as:

  • Privacy Guidance Document to bridge the gap between CPO, technical and policymaker communities;
  • Privacy Management Framework, as a preparatory step towards
  • Privacy Assurance Framework;
  • Repository of Summit Reports from face-to-face discussion, advisory meetings, etc.

Stakeholder meetings such as:

  • regular advisory event to solicit strategic guidance;
  • face-to-face Work Group meetings;
  • CPO and policymaker workshops.

(6) LEADERSHIP: Proposed WG Chair and Editor(s), subject to confirmation by a vote of the WG Participants.

  • Robin Wilton, Director of Privacy and Public Policy, Liberty Alliance (interim Chair)
  • Community of volunteer reviewers plus the assigned editors of specific deliverables, including but not limited to WG Participants. (For instance, non-member subject-matter experts might be invited to contribute all or part of a document).

(7) AUDIENCE:
The P3WG aims to engage constructively with core constituencies in three principal regions of the privacy landscape:

  1. Adoption: Corporate Chief Privacy Officers (CPOs), technologists, vendor and standards-setting communities
  2. Policy: Policy-makers, policy influencers and regulators
  3. Privacy: Privacy advocates, user communities and related stakeholders

The WG will build and maintain a productive dialogue with and between these three communities so as to build a fertile environment for the development and adoption of privacy-related identity solutions.
This comprehensive outreach approach is based on a recognition that the most visible element - "Privacy Enhancing Technologies" (PETs) - can only succeed if they fit into a healthy ecosystem of other privacy-enhancing disciplines -

  • Privacy-enhancing culture
  • Privacy-enhancing governance (including management and assurance)
  • Privacy-enhancing policies, good practice and processes
  • Privacy-enhancing implementations

with an over-arching goal of improving privacy outcomes.

(8) DURATION:
This proposal is for a standing WG to address the ongoing requirement for thought leadership in identity, privacy and public policy. The best results are likely to arise from a sustained programme of engagement with key stakeholders such as the policy-maker community. However, a published plan of work, events and tangible deliverables will serve to make sure the group remains productive, accountable and focussed on the goal of improved privacy outcomes.

(9) IPR POLICY:
Kantara Initiative IPR Policies: Option Creative Commons Attribution Share-Alike

(10) RELATED WORK AND LIAISONS:
The following shortlist indicates potential liaisons where some degree of discussion/outreach has already taken place. Many other candidates will doubtless emerge, and some degree of qualification will be needed to ensure that the WG does not spend all its time liaising and none on its own work.The P3WG chair or other suitable volunteer Participant(s) will monitor WG charter proposals from the privacy perspective, and position P3WG itself as a 'privacy advisory resource' available for other WGs.Resources permitting, the P3WG will also actively participate in the requirements definition work of other WGs to promote a consistent approach to privacy and policy-related issues.

Potential Kantara WG liaisons

  • User Driven and Volunteered Personal Information Policy WG - liaison sufficient to gauge/inform privacy-related aspects;
  • eGovernment WG - Mutual WG participation. Primary liaison point will be the eGov WG chair;
  • Identity Assurance and Accreditation WG - Mutual WG participation. Primary liaison point will be the Policy chair of the IAAWG;
  • Healthcare Identity Assurance WG - liaison sufficient to gauge/inform privacy-related aspects;
  • Academic Interfederation - possibility of convening existing external groups (e.g. REFEDS, TERENA) individually or collectively in Kantara;
  • Mydex: Proposal for joint research User Driven Volunteered Personal Information
  • Consumer Identity WG - (formerly known as Id-Theft group) liaison sufficient to gauge/inform privacy-related aspects;

External liaisons

  • PrimeLife (EU)
  • STORK (EU/UK)
  • EnCoRe (UK)
  • ANSI Privacy TAG, IDSP, ISO SC27/WG5 ...
  • OECD WISP
  • NSF GENI project

(11) CONTRIBUTIONS: A list of contributions that the proposers anticipate will be made to the WG.

  • Use cases (from prior VPI SIG)
  • Design documentation for personal data store and VPI sharing (Mydex)
  • Reference deployment for personal data store and VPI sharing using ID-WSF, Information Cards, XRI, and OpenID (Mydex)
  • Privacy Summit reports from the Liberty Public Policy EG (Liberty Alliance)

(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG.

This is a 'starter' list of individuals and organizations who have expressed a willingness to support the WG's formation and, as a first step, have been invited to review the draft charter. This 'charter group' will also be invited to nominate other candidate participants from the regulatory and policymaker communities. That will be followed by a broader membership drive once the charter has been accepted.

Name

Email address

Affiliation

R Wilton

mail@futureidentity.eu

Director of Privacy and Public Policy - Liberty Alliance

I Henderson

 

Mydex

Rich Furr

 

Safe BioPharma

Darrell Shull

 

BIPAC

P Lord

 

Oracle Corp

S Landau

 

Sun Microsystems

L Lynch, T Adams

 

Internet Society

P Curry

 

Clarion Identity Ltd

T Stevens

 

Enterprise Privacy Group

G Beuchelt

 

Liberty Alliance

Dr Ben Goold

 

Oxford University Law Faculty




Draft version: P3WG-charter-1.2
Date: 4th June 2009
Author: Robin Wilton