Skip to end of metadata
  • Created by Former user, last modified by Former user on Apr 17, 2009
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »
















Kantara
Privacy and Public Policy Working Group
DRAFT CHARTER
April 2009


Robin Wilton
Director of Privacy and Policy

futureidentity@fastmail.fm
*+44 705 005 2931 Table of Contents*Introduction3
Scope and Structure3
Direction3
Privacy Steering Group3
Editorial Board3
Remit5
Internal 5
External5
Unifying Themes and Principles6
Privacy and Intellectual Property Regime6

Document reference: RW-P3WG-Charter-Rev0.1 Introduction

This document sets out the charter for the Privacy and Public Policy Working Group (P3WG) of the Kantara organisation. The charter is intended to define the scope, structure and remit of the Working Group, in the context of a set of core aims and values.
The over-arching vision for the P3WG is that it should be the forum which attracts diverse and constructive stakeholder debate, producing outputs which are of value to all participants and which lead to better privacy outcomes for data subjects.
The vision is founded on core goals of:

  • Effective stakeholder engagement
  • Privacy by design
  • Providing advice and guidance on the right blend of technology and policy


Scope and Structure

Direction

The P3WG will operate under the direction of Kantara's Director of Policy and Privacy (DPP), and will have a membership drawn from Kantara participants, supplemented by invited experts where appropriate. This has proved an effective mechanism in the past – for instance, for engaging the participation of Data Protection Authorities who might otherwise be constrained from becoming members of an industry body.

Privacy Steering Group

The work of the P3WG will be informed and guided, in part, by a Privacy Steering Group (PSG) whose membership will be drawn from inside and outside of Kantara's membership. PSG membership will have a particular focus on CPOs, so as to increase the P3WG's relevance to that community, but will also include representatives from academia, the legal profession, privacy advocates etc. so as to ensure diversity.
The Liberty plenary meetings in February 2009 provided an opportunity to start building the Privacy Steering Group, with a round-table meeting of diverse participants many of whom expressed their willingness to remain engaged as Kantara evolves.
The PSG is an advisory body whose purpose is to ensure that external stakeholder input is adequately considered. The PSG may be invited to review and comment on P3WG deliverables before their release, but will not have power of veto over publication. The PSG will be invited to convene either at Kantara's plenary sessions or at other sessions convened at mutual convenience with roughly equivalent frequency, so that it has the opportunity to hear about and comment on the P3WG's activities and offer guidance on future directions.

Editorial Board

Members of Kantara and the P3WG will be invited to form an Editorial Board responsible for reviewing the Work Group's deliverables to ensure that they are of value to the membership and adopters, and reflect the guidance of the PSG and the strategic objectives of the Working Group. One important aim of having an Editorial Board is to offer a clear and simple way for Kantara members to contribute and to participate in the WG's activities. The DPP will also be a member of the Editorial Board.
As part of its review activities, the Editorial Board should expect to qualify any P3WG deliverables with one of the following remarks: Approved, Approved (With Comments), Not Approved (With Comments). "Not Approved" deliverables may still be published provided that status and associated comments are incorporated in the deliverable.
The diagram below illustrates the proposed structure and the relation between the different elements of the P3WG.
Illustration 1: P3WG structure


Remit

The Working Group has an intentionally broad remit, including Privacy, Policy (in the sense of governance) and Public Policy (in the sense of legislation, regulation and compliance). There are two thoughts behind this:

  1. The maximum value to members, adopters and end users is expected to come from a holistic approach which balances technology with the broad range of non-technical privacy- and policy-related measures;
  2. It is hoped that the broad range of topics covered will encourage correspondingly broad participation.

Internal

Internally, the P3WG will interact with other groups such as those working on governance, identity assurance and technology, so ensure that the broad range of requirements (privacy, governance, compliance etc) is factored into Kantara's work appropriately.
For example, one proposal is to define a 'privacy design elements' summary which can be included in technical deliverables, so that potential adopters can make a quick and convenient assessment of the privacy-related factors in any given deliverable.

External

Externally, the P3WG will be the driving body for outreach activities to:

  • Policy-makers and public policy influencers;
  • Privacy stakeholders such as CPOs, privacy advocates and data protection authorities;
  • Privacy stakeholders from other areas such as legal and academic disciplines;


The P3WG will also aim to provide a forum for constructive work on privacy and policy across different domains and industry perspectives. For example:

  • Industry-specific privacy work such as that on e-health, education;
  • Different industry perspectives such as identity management for enterprise, public sector, social networking and user-centric use-cases.


Unifying Themes and Principles

The remit set out above is clearly broad and diverse. Our aim will be to define and implement a number of principles which establish unifying themes across all of the group's work. For instance:

  • To provide practical guidance which removes obstacles to the adoption and implementation of Kantara's output;
  • To make it easier for potential adopters/users to assess the privacy-related elements of Kantara's deliverables;
  • To make it easier for adopters and users to achieve good privacy outcomes, based on an appropriate balance of technical and non-technical measures.


Privacy and Intellectual Property Regime

In the interest of broad and frank stakeholder discussions, the following defaults are proposed:

  1. The Work Group's mailing list and traffic will not be made public;
  2. Contributions to the mailing list will not be re-published or quoted without the permission of the author in question, and contributors' privacy stipulations will be respected;
  3. Face to face meetings of the Work Group will be held under the Chatham House Rule (that is, participants may make use of what is said, but may not disclose the identity or affiliation of the speaker).

These principles are particularly important to the Work Group's ability to develop and maintain credible and trusted engagement with policy-makers and regulators, whose participation may otherwise be constrained to the point where it is not useful.
Bearing in mind the principles set out above, the default for deliverables produced by the Work Group (as opposed to the Group's discussions) is that they should be freely published as re-usable advice and guidance. Patent concerns and non-assertion convenants are unlikely to be applicable to the P3WG's output; however, an early priority for the Work Group should be to investigate suitable terms of use which set out conditions for attribution and propagation, with a view to formal inclusion in the charter.

  • No labels