Many "privacy" questionaires focus on confidentiality, integrity, and availability. This document aims to provide a series of questions fellow W3C members can use to do an initial privacy review for their standard.

This document is intended to be merged with the TAG's privacy questionaire. Constructive feedback of all kinds is welcomed; feel free to contact the editor directly or send comments to the public-privacy mailing list (public archives).

Privacy Questions

  1. Does this specification have a "Privacy Considerations" section?
  2. Does this specification collect personally derived data?
  3. Does this specification generate personally derived data, and if so how will that data be handled?
  4. Does this specification allow an origin direct access to a user’s location, and if so is that information minimized?
  5. How should this specification work in the context of a user agent’s "incognito" mode?
  6. Is it possible to spoof/fake the data being generated for privacy purposes?
  7. Does the standard utilize data that is personally-derived, i.e. derived from the interaction of a single person, or their device or address?
  8. Does the data record contain elements that would enable re-correlation when combined with other datasets through the property of intersection (commonly known as "fingerprinting")?
  9. Is the user likely to know if information is being collected?
  10. Can the user easily, preferably through an element of the GUI, revoke consent granted to a particular feature?
  11. Once consent has been given, is there a mechanism whereby it can be automatically revoked after a reasonable, or user configurable, period?
  12. Does this standard utilize strong end to end encrption?
  13. Does this standard use the Respec Linter to check for common privacy issues?
    • linter.js will check that the URLs in your `respecConfig` are using TLS, and throw a warning if they are not.
    • linter.js will check that your specification has a privacy and considerations section, and link back to this document if it does not.


Many thanks to Nick Doty for Github advice; to the Privacy Interest Group and the Technical Architecture Group for their continued feedback.