CfP: W3C Workshop on Privacy and User–Centric Controls 20–21 November 2014

The CfP:

Important dates

31 October 2014:
Deadline for expressions of interest or position papers (via email)
and registration (form available soon)
Within the limit of room capacity, people that have submitted a position paper and registered can attend

7 November 2014:
Program and position papers posted on the workshop website

20-21 November 2014:

Expressions of interest and position papers are due 10 October. Participation is free and open to all. Learn more about how to participate.

We are currently facing the transformation of the Web towards a more mobile use. These days, more users access the internet using their mobile devices than using conventional computers (notebooks, desktops, etc). It can be observed that web based services are used on mobile devices more often and more intensely. Mobile devices tend to be always on. At the same time these mobile devices are extremely personal devices: we carry them with us almost constantly, and we use them as personal assistants, trainers, banking terminals, memory-extenders and more. Smartphones know many details about our life: They know our location, carry a unique number, pictures and other very private information. They have a microphone and a camera.

As a result, privacy is a common concern with mobile devices and the mobile Web. A recent documentary from ARTE in cooperation with the CNIL and INRIA showed how apps acquire, consume and distribute user data. Often, not all the data gathered is really needed for the functioning of the application.

As a result, the user’s trust will evolve with the issues on privacy and security in the Open Web Platform. A great potential is wasted because the lacking trust leads to collection restrictions in various forms, being it ad blockers, stickers on cameras, metallic cases, removable batteries or just regulation. Instead, we should give users more tools to allow them to feel confident and in control. One the one hand, rigid restriction will also spoil opportunities including location based services, predictive agents, statistics for better product planning, the Internet of things or big data. On the other hand, services have to take the user’s fear seriously and communicate their intentions in a comprehensive way. There will be an ever more increased need to be transparent about what happens to the users’ data.

The Workshop on trust and permissions for Web applications, that was held in Paris on 3-4 September 2014 has provided insights on a way for a roadmap towards a broad consensus on trust and permission handling for the Open Web Platform. There was agreement, that browsers are in a position to examine the APIs used by a given app and apply heuristics to determine signs of attempts to “finger print” the device. This could be flagged to the user as well as to potential reviewers. Already in March, the STRINT workshop addressed issues of pervasive monitoring.

User studies have shown that users are more interested in what sites plan to do with the data they collect rather than with the full space of possibilities arising from the use of APIs. It is unreasonable to expect end users to understand lengthy terms of conditions and privacy policies. While the Paris Workshop explored models how to delegate trust decisions, this Workshop will explore ways to directly help the user understand what is going on. This includes appropriate ways of translating complex issues involving fine grained permissions in APIs into something that users understand.
Workshop Goals & Topics

The Workshop on User Centric App Controls intents to further the discussion among stakeholders of the mobile web platform, including researchers, developers and service providers. This workshop serves to investigate strategies toward better privacy protection on the Web that are effective and lead to benefits in the near term. This includes discussing basic privacy UI features that will, on the long run, create a user experience that loops with user expectations. We expect certain controls and dashboards in a car. Perhaps we can create a similar clarity for the privacy dashboard of our devices.

The Workshop is user centric as it will also look at user experience, user behavior and how we can offer controls that provide the necessary transparency of privacy-affecting interactions. But it also addresses app developers and the need for usable and implementable APIs to address privacy protection within the Open Web Platform that allow developers to address user’s privacy needs.

State management

Improving the UI for stateful services, overview of states
Defaults for expiration of stateful situations
How to convey state information to the User
How to deal with logging and how to provide interfaces for logged data?

Mobile Interfaces

Requirements for private browsing on mobile
A privacy ontology for mobile apps and their use of personal data
The value of privacy in paradigms for mobile UI
Helpers to understand the privacy impact or a privacy policy
Machine assisted lying to counter unfair data requests


Selective release of personal information to apps
Controlling the geo-location interfaces, including UI challenges
enforcing data expiry
What data should remain on the device, what can be stored into the cloud?

Who Should Attend?

Researchers with an interest in mobile privacy
UI and UX experts interested in privacy interfaces
Browser makers
App developers
Device vendors
Network operators
Cloud platform vendors with an interest in mobile interfaces to their services
Governments and regulatory agencies interested in evolving the regulatory framework for privacy to respond to mobile challenges

Questions? Rigo Wenning <[email protected]>