Hello all,
Firstly, thanks (Paul Jones I think it was) for inviting me to join,
and apologies for taking a while to write this.
I'm wondering what steps are being taken to explore the privacy
implications of data portability. There are some significant social
and legal concerns that I believe require addressing early on in the
conceptual design.
JP Ragaswami picked up on some of the issues here.
http://confusedofcalcutta.com/2008/01/04/information-ownership-in-an-information-economy-a-sideways-look/
When I posted on Robert Scoble's "scraping" incident in relationship
to the EU data protection directive, I felt I was raising a reasonable
concern, at least from a European legal and cultural position. Many
folks (especially Americans) didn't agree with me, but free speech is
goodness.
Those that didnt see the post,
http://theotherthomasotter.wordpress.com/2008/01/08/facebook-scoble-manifestos-and-european-privacy-law/
I would strongly advise that the data portability group place the
privacy issues at the centre of the design and concept. If not, it is
likely to create significant social and legal backlash at a later
date. It is not easy to retrofit PET (privacy enhancing technology)
concepts.
(Also a minor point, at least in Europe, the abbreviation DP is
commonly used to refer to Data Protection, so perhaps using it for
data portability will create some confusion.)
In terms of my background.
I have a post graduate law degree (LLM) in this field, a number of
years' experience in privacy and enterprise applications, and I'm in
the middle of a PhD looking at privacy and enterprise applications. I
work at SAP as a Chief Business Solution Architect. I work with our
major customers on their SAP related strategies. I will though, be
leaving SAP and heading to Gartner Research from next month.
I would suggest that the group involve some leading heavyweight
privacy expertise. Given Microsoft's membership I'd propose talking
to Kim Cameron, he is one of the world's foremost experts on privacy
and identity. This is a complex field, but there is a lot of good
prior art that can be used.
I'm involved with an academic and EU project which partly looks at
building privacy and other compliance concepts into application
design, so I'm relatively well connected with privacy academics both
in the UK ,Germany and the US. The demands of both my new day job and
academic work mean that I can't really devote significant time to the
workgroup, but I would be more than happy to help make introductions
with the experts, and add my 2 cents' worth where I can. At this
stage it may seem I'm raising issues without suggesting a solution,
but that is not my intention. I simply don't want to set expectations
of my involvement levels that I can't keep.
Personally, I reckon the w3c involvement should be welcomed. We all
owe them a significant debt of gratitude for getting the Internet to
where it is today.