Purposeful Permissions - Adding data use information to permission prompts

[alexandrareimers]

Session description

Today’s web users often encounter permission prompts that lack context about why a website needs specific permissions and how the data will be used. While developers strive to provide context, the current approach lacks structure and consistency across websites. This session will explore options to add purpose declarations or other trustworthy, explainable contextual information to a permission request to bridge this gap and bring users greater transparency on how their data is used.

The discussion will focus on:

• Use cases that might benefit or provide particular requirements for declarative contextual information, including access to information from government-issued credentials.
• The potential roles of different stakeholders, including browser vendors, developers, and standardization bodies, in driving such an initiative forward.
• Possible declaration options with various granularity levels spanning from links to the privacy policy to a fully fledged label system for data types and purposes of use.
• Key challenges and opportunities in implementing purpose declarations for permission-gated capabilities.

Session goal

• Foster discussion and gather insights from various stakeholders on the development and implementation of permission purpose declarations.
• Describe promising methods to provide purpose declarations and context for permission requests and identify volunteers who want to explore them, for future incubation and research, in credentials and other APIs.

Additional session chairs (Optional)

@npdoty, Serge Egelman

Who can attend

Anyone may attend (Default)

IRC channel (Optional)

#purposeful-permissions

Other sessions where we should avoid scheduling conflicts (Optional)

#8, #18

Instructions for meeting planners (Optional)

This session should ideally happen after #8 and #18.

Agenda for the meeting.

No response

Links to calendar

• 2024-09-25, 11:15 - 12:15

Meeting materials

• Slides
• Minutes

[tpac-breakout-bot]

Thank you for proposing a session!

You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions.

Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting.

[alexandrareimers]

Minutes available at: https://github.com/mikewest/purposeful-permissions/blob/main/2024-09-25-TPAC-minutes.md

[alexandrareimers]

Slides we used for starting the discussion: Purposeful_permissions_@_TPAC_2024.pdf