From bc13b47d3702ef33218866125db37494681b4295 Mon Sep 17 00:00:00 2001 From: Daniel Appelquist Date: Wed, 13 Dec 2023 16:56:06 +0000 Subject: [PATCH] Create 2023-12-06-minutes.md --- meetings/2023-12-06-minutes.md | 128 +++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 meetings/2023-12-06-minutes.md diff --git a/meetings/2023-12-06-minutes.md b/meetings/2023-12-06-minutes.md new file mode 100644 index 00000000..c1653a07 --- /dev/null +++ b/meetings/2023-12-06-minutes.md @@ -0,0 +1,128 @@ +# TAG Privacy TF - Wed, 6 December 2023 + +Present: Jeffrey, Robin, Amy, Dan, Nick, Pete, Wendy, Sam + +Regrets: Don + +## TAG Call Readout + +Dan: last week, asked TAG to come to consensus on the meat of the privacy principles document, per the text we agreed on last week. not full TAG consensus on the current document. agreed we would shoot for next week; on track. feel like we're getting there. lots of editorial feedback, general support for the substance. noted that the document was long. + +...outlined that we would plan to wind down the activity of this task force over coming months. continue editorial work more asynchronously. next year at some point we can officially wind down the task force. not sure how that fits with the process of moving to W3C Statement. + +Jeffrey: would like issues on words needed to look up. + +Nick: were there no substantive comments? + +Dan: not all reviewed in detail, but generally positive on substance. + +## https://github.com/w3ctag/privacy-principles/pull/369 + +Jeffrey: I checked with people... i think we can merge... + +Pete: the idea of a vulnerable person being almost anyone on the planet waters down what we're trying to say about vulnerable people... + +Jeffrey: i filed [373](https://github.com/w3ctag/privacy-principles/issues/373) to keep thinking about that... + +Peter: fine with merging this and having that conversation. + +Robin: yes I think it's good. + +Dan: +1 + +**merged** + +## https://github.com/w3ctag/privacy-principles/pull/379 + +*lower case web* + +Jeffrey: I think this ready to merge... + +**merged** + +## https://github.com/w3ctag/privacy-principles/pull/380 + +Robin: it's not just about prevention... + +*we agree to take jeffrey's change* + +**merged** + +## https://github.com/w3ctag/privacy-principles/pull/381 + +Nick: *suggests an editorial change*, but it's not necessary. + +Dan: wfm. + +**merged** + +## https://github.com/w3ctag/privacy-principles/pull/382 + +Jeffrey: in response to Yoav's question... felt we should be precise... also noticed that the user agent principle is almost the same... + +Nick: I like the idea of consolidating... I do think this loses the "needed to satisfy goals" or "is aligned with the user's interests"... I think what's necessary to achieve the user's interests is unclear. + +Jeffrey: "either necessary to achieve the user's goals or what aligns with their wishes and interests"... + +Dan: interests has 2 meanings... + +Jeffrey: worth addressing. + +Nick: I think "wishes and interests make it pretty clear"... + +Jeffrey: [suggested change](https://github.com/w3ctag/privacy-principles/pull/382/files#r1417714994) + +Dan: lgtm + +Nick: this removes "loyalty" re-statements and I'm ok with that. + +Pete: is this restricting ... still fine for privacy if UAs are still sending non-private data? + +Jeffrey: could broaden it to "restricted data they transfer"... + +Nick: we do say that minimization applies to all personal data even if it's not identifiable... it could be all the relevant datat that you could transfer... + +Pete: for the sake of brevity just say data rather personal data + +Nick: because personal data has a definition... + +*we agree to say data and it links to the def of personal data* + +**merged** + +## https://github.com/w3ctag/privacy-principles/pull/384 + +Pete: I'm OK although i feel processing time and bandwidth are important... + +Jeffrey: I feel they're only tangentially related to privacy... and it's not clear that these APIs use undue processing time or bandwidth... + +Nick: users might want to configure their agents to save processing time & bandwidth... related to privacy... not sure what's what we're saying here... + +Dan: *example of low bandidth high latency network* + +Jeffrey: the UA often prioritizes these kinds of APIs outside of the critical path... + +Amy: I think all of this is captured by "may know something" therefore the change is fine. + +Nick: I agree about separating the decision... I suggest we remove the text and open a new issue about resource minimization and control. Doesn't need to be in v1. + +**merged** + +## https://github.com/w3ctag/privacy-principles/pull/385/ + +Dan: wfm + +**merged** + +## https://github.com/w3ctag/privacy-principles/issues/377 + +Jeffrey: yoav says the mitigation one webperf api is using is to add noise - it's posssible that they could allow users to turn the knob way up... either backburner or say we're not doing anything about it. + +Robin: fine either way + +Wendy: ...these are considerations having read the principles... + +## https://github.com/w3ctag/privacy-principles/issues/378 + +Jeffrey: I think this is covered by all the caveats in the introduction... +