Auto-generated description: Three pigeons are perched on a building, with one sitting on a security camera.

This W3C Privacy Principles statement is really interesting. I don’t know of its origins, but it can’t be coincidental that it’s published a few months after a second Trump administration. It’s only since the rise of the GDPR and similar legislation, that anything other than Silicon Valley norms have been applied to the web.

Yesterday, at the Thinking Digital conference someone introduced a service that uses AI in the tools an organisation is already using to help them attain ISO 9001 compliance. It made me realise that principles such as the ones included in this statement, can be used to help provide guidelines and guardrails for LLMs as they increasingly shape our software — and our world.

As an example, I asked Perplexity to redesign Mastodon based on these principles. Here’s the result. While I’m not saying that an LLM is ‘correct’, product managers, developers, and designers having access to something that can quickly give feedback based on a document like this is, I think, incredibly useful.

Privacy on the web is primarily regulated by two forces: the architectural capabilities that the web platform exposes (or does not expose), and laws in the various jurisdictions where the web is used… These regulatory mechanisms are separate; a law in one country does not (and should not) change the architecture of the whole web, and likewise web specifications cannot override any given law (although they can affect how easy it is to create and enforce law). The web is not merely an implementation of a particular legal privacy regime; it has distinct features and guarantees driven by shared values that often exceed legal requirements for privacy.

However, the overall goal of privacy on the web is served best when technology and law complement each other. This document seeks to establish shared concepts as an aid to technical efforts to regulate privacy on the web. It may also be useful in pursuing alignment with and between legal regulatory regimes.

Our goal for this document is not to cover all possible privacy issues, but rather to provide enough background to support the web community in making informed decisions about privacy and in weaving privacy into the architecture of the web.

Few architectural principles are absolute, and privacy is no exception: privacy can come into tension with other desirable properties of an ethical architecture, including accessibility or internationalization, and when that happens the web community will have to work together to strike the right balance.

Source: W3C

Image: Kaspars Eglitis