|
755 | 755 | and choice</i>", which, in today's digital environment, is often an indication that |
756 | 756 | [=inappropriate=] [=processing=] is being described. |
757 | 757 |
|
| 758 | +## Vulnerability {#vulnerability} |
| 759 | + |
| 760 | +Sometimes particular groups are classed as “vulnerable” (e.g. children, or the |
| 761 | +elderly), but anyone could become privacy vulnerable in a given context. |
| 762 | +A [=person=] may not realise when they disclose personal data that |
| 763 | +they are vulnerable or could become vulnerable. |
| 764 | + |
| 765 | +Some individuals may be more vulnerable to privacy risks or harm as a result of |
| 766 | +collection, misuse, loss or theft of personal data because: |
| 767 | + |
| 768 | +* of their attributes, interests, opinions or behaviour; |
| 769 | +* of the situation or setting (e.g. where there is information asymmetry or other |
| 770 | +power imbalances); |
| 771 | +* they lack the capacity to fully assess the risks; |
| 772 | +* choices are not presented in an easy-to-understand meaningful way (e.g. [=deceptive |
| 773 | +patterns=]); |
| 774 | +* they have not been consulted about their privacy needs and expectations; |
| 775 | +* they have not been considered in the decisions about the design of the |
| 776 | +product or service. |
| 777 | + |
| 778 | +Additional privacy protections may be needed for personal data of vulnerable |
| 779 | +people or [sensitive information](#hl-sensitive-information) which could cause |
| 780 | +someone to become vulnerable if their personal data is collected, used or |
| 781 | +shared (e.g. blocking tracking elements, sensor data or information about |
| 782 | +installed software or connected devices). |
| 783 | + |
| 784 | +While sometimes others can help vulnerable people assess privacy risks and |
| 785 | +make decisions about privacy (such as parents, [=guardians=] and peers), everyone |
| 786 | +has their own right to privacy. |
| 787 | + |
| 788 | +### Guardians {#guardians} |
| 789 | + |
| 790 | +Some [vulnerable people](#vulnerability) need a <dfn>guardian</dfn> to help them make good |
| 791 | +decisions about their own web use (e.g. children, with their parents often |
| 792 | +acting as their [=guardians=]). A person with a [=guardian=] is known as |
| 793 | +a <dfn>ward</dfn>. |
| 794 | + |
| 795 | +The [=ward=] has a right to make informed decisions and exercise their |
| 796 | +autonomy regarding their right to privacy. Their [=guardian=] has an |
| 797 | +_obligation_ to help their [=ward=] do so when the [=ward=]'s abilities aren't |
| 798 | +sufficient, even if that conflicts with the [=guardian=]'s desires. In |
| 799 | +practice, many [=guardians=] do not make decisions in their [=ward=]'s best |
| 800 | +interest, and it's critical that web platform technologies do not exacerbate |
| 801 | +the risks inherant in this situation. |
| 802 | + |
| 803 | +[=User agents=] should balance a benevolent [=guardian=]'s need to protect |
| 804 | +their [=ward=] from dangers, against a [=ward=]'s need to protect themself |
| 805 | +if they have a malicious [=guardian=]. |
| 806 | + |
| 807 | +[=User agents=] can protect vulnerable [=wards=] by complying with the principles in |
| 808 | +[[[#device-administrators]]], and may only provide information about a [=ward=] |
| 809 | +to a [=guardian=] for the purpose of helping that [=guardian=] uphold their |
| 810 | +responsibilities to their [=ward=]. The mechanism for doing so must include |
| 811 | +measures to help [=wards=] who realize that their [=guardian=] isn't acting in |
| 812 | +the [=ward=]'s interest. |
| 813 | + |
| 814 | +<aside class="example" id="example-protective-parent" title="Protective parents"> |
| 815 | + |
| 816 | +A parent might configure a small child's [=user agent=] to block access to violent content until the |
| 817 | +child is old enough to make their own decisions about it. |
| 818 | + |
| 819 | +</aside> |
| 820 | + |
| 821 | +<aside class="example" id="example-lgbt-kid" title="An LGBT child"> |
| 822 | + |
| 823 | +A child may discover that they're LGBT and need to find supportive resources online. If they have a |
| 824 | +homophobic or transphobic parent, that parent might have configured their [=user agent=] to either |
| 825 | +block or inform the parent when the child visits web pages about LGBT-related subjects. The [=user |
| 826 | +agent=] needs to warn the child about how it's configured so that the child can know to ask a better |
| 827 | +[=guardian=] for access to the help they need. |
| 828 | + |
| 829 | +</aside> |
758 | 830 |
|
759 | 831 | ## Collective Governance {#collective} |
760 | 832 |
|
|
1669 | 1741 | * Enabling users to filter out or hide information or media based on tags or content warnings. |
1670 | 1742 | </aside> |
1671 | 1743 |
|
1672 | | -## Vulnerability {#vulnerability} |
1673 | | - |
1674 | | -<div class="issue">This section is still being refined. We expect additional principles to be added.</div> |
1675 | | - |
1676 | | -<div class="practice" data-audiences="websites user-agents api-designers"> |
1677 | | -<p> |
1678 | | - <span class="practicelab" id="principle-vulnerability"> |
1679 | | -[=User agents=] and [=sites=] should continue working if a user chooses |
1680 | | -stronger privacy protections, to help to protect vulnerable people. |
1681 | | -Specifications, implementations, and sites should allow for graceful |
1682 | | -degradation of features which may be incompatible with stronger |
1683 | | -privacy protections. |
1684 | | - </span> |
1685 | | -</p> |
1686 | | -</div> |
1687 | | - |
1688 | | -Sometimes particular groups are classed as “vulnerable” (e.g. children, or the |
1689 | | -elderly), but anyone could become privacy vulnerable in a given context. |
1690 | | -A [=person=] may not realise when they disclose personal data that |
1691 | | -they are vulnerable or could become vulnerable. |
1692 | | - |
1693 | | -Some individuals may be more vulnerable to privacy risks or harm as a result of |
1694 | | -collection, misuse, loss or theft of personal data because: |
1695 | | - |
1696 | | -* of their attributes, interests, opinions or behaviour; |
1697 | | -* of the situation or setting (e.g. where there is information asymmetry or other |
1698 | | -power imbalances); |
1699 | | -* they lack the capacity to fully assess the risks; |
1700 | | -* choices are not presented in an easy-to-understand meaningful way (e.g. [=deceptive |
1701 | | -patterns=]); |
1702 | | -* they have not been consulted about their privacy needs and expectations; |
1703 | | -* they have not been considered in the decisions about the design of the |
1704 | | -product or service. |
1705 | | - |
1706 | | -Additional privacy protections may be needed for personal data of vulnerable |
1707 | | -people or [sensitive information](#hl-sensitive-information) which could cause |
1708 | | -someone to become vulnerable if their personal data is collected, used or |
1709 | | -shared (e.g. blocking tracking elements, sensor data or information about |
1710 | | -installed software or connected devices). |
1711 | | - |
1712 | | -While sometimes others can help vulnerable people assess privacy risks and |
1713 | | -make decisions about privacy (such as parents, [=guardians=] and peers), everyone |
1714 | | -has their own right to privacy. |
1715 | | - |
1716 | | -### Guardians {#guardians} |
1717 | | - |
1718 | | -Some [vulnerable people](#vulnerability) need a <dfn>guardian</dfn> to help them make good |
1719 | | -decisions about their own web use (e.g. children, with their parents often |
1720 | | -acting as their [=guardians=]). A person with a [=guardian=] is known as |
1721 | | -a <dfn>ward</dfn>. |
1722 | | - |
1723 | | -The [=ward=] has a right to make informed decisions and exercise their |
1724 | | -autonomy regarding their right to privacy. Their [=guardian=] has an |
1725 | | -_obligation_ to help their [=ward=] do so when the [=ward=]'s abilities aren't |
1726 | | -sufficient, even if that conflicts with the [=guardian=]'s desires. In |
1727 | | -practice, many [=guardians=] do not make decisions in their [=ward=]'s best |
1728 | | -interest, and it's critical that web platform technologies do not exacerbate |
1729 | | -the risks inherant in this situation. |
1730 | | - |
1731 | | -[=User agents=] should balance a benevolent [=guardian=]'s need to protect |
1732 | | -their [=ward=] from dangers, against a [=wards=]' need to protect themselves |
1733 | | -if they have a malicious [=guardian=]. |
1734 | | - |
1735 | | -[=User agents=] can protect vulnerable [=wards=] by complying with the principles in |
1736 | | -[[[#device-administrators]]], and may only provide information about a [=ward=] |
1737 | | -to a [=guardian=] for the purpose of helping that [=guardian=] uphold their |
1738 | | -responsibilities to their [=ward=]. The mechanism for doing so must include |
1739 | | -measures to help [=wards=] who realize that their [=guardian=] isn't acting in |
1740 | | -the [=ward=]'s interest. |
1741 | | - |
1742 | | -<aside class="example" id="example-protective-parent" title="Protective parents"> |
1743 | | - |
1744 | | -A parent might configure a small child's [=user agent=] to block access to violent content until the |
1745 | | -child is old enough to make their own decisions about it. |
1746 | | - |
1747 | | -</aside> |
1748 | | - |
1749 | | -<aside class="example" id="example-lgbt-kid" title="An LGBT child"> |
1750 | | - |
1751 | | -A child may discover that they're LGBT and need to find supportive resources online. If they have a |
1752 | | -homophobic or transphobic parent, that parent might have configured their [=user agent=] to either |
1753 | | -block or inform the parent when the child visits web pages about LGBT-related subjects. The [=user |
1754 | | -agent=] needs to warn the child about how it's configured so that the child can know to ask a better |
1755 | | -[=guardian=] for access to the help they need. |
1756 | | - |
1757 | | -</aside> |
1758 | | - |
1759 | 1744 | ## Purpose limitation |
1760 | 1745 |
|
1761 | 1746 | <div class="practice" data-audiences="websites user-agents"> |
|
0 commit comments