Yes, yes, it’s Global Accessibility Awareness Day. While that’s deservedly today’s focal point, it shouldn’t go unnoticed that the W3C published a set of Privacy Principles as well:
This document is intended to help its audiences address privacy concerns as early as possible in the life cycle of a new web standard or feature, or in the development of web products. Beginning with privacy in mind will help avoid the need to add special cases later to address unforeseen but predictable issues or to build systems that turn out to be unacceptable to users.
There are 30 principles (and sub-principles) in all. A few choice selections, starting with restricting the sort of data that is transferred around to what’s strictly necessary:
- Principle 2.2.1: Sites, user agents, and other actors should restrict the data they transfer to what’s either necessary to achieve their users’ goals or aligns with their users’ wishes and interests.
People have rights when the data is about them:
- Principle 2.5: People have certain rights over data that is about themselves, and these rights should be facilitated by their user agent and the actors that are processing their data.
This one’s particularly damning to browsers and marketers:
Principle 2.9.2: User agents and sites must take steps to protect their users from abusive behaviour, and abuse mitigation must be considered when designing web platform features.
And let’s ditch legal jargon when explaining how data is handled:
Principle 2.11.2: Information about privacy-relevant practices should be provided in both easily accessible plain language form and in machine-readable form.
How many times have you agreed to or confirmed cookie notices? Wouldn’t it be great to have access to your choices after the fact?
Principle 2.12.3: It should be as easy for a person to check what consent they have given, to withdraw consent, or to opt out or object, as to give consent.
Lastly, let’s make sure we don’t punish someone for wanting to protect their privacy:
Principle 2.14: Actors must not retaliate against people who protect their data against non-essential processing or exercise rights over their data.
Leave a Reply