Privacy

[jorydotcom]

User and Data Privacy design need more discussion and broad industry input; at the same time there are tactical components of the Privacy focus we can address.

Potential Topic Areas:

• Make privacy features easier to enable in AMP
• Thinking of amp-consent scalability as more countries expand privacy laws
  • Review how amp-consent can be adapted ‘on the edge’ to accomodate for geo-specific consent requirements.
• Perhaps a component which wraps AMP consent with AMP geo, without headaches?
• Can AMP become the de-facto mechanism for ‘getting privacy right’?
• More concrete actions
  • Lack of flexibility of AMP in the privacy realm
  • How to improve these issues?
  • Privacy by design vs. reactive approach
    • Are we missing a ‘privacy by design’ concept, where individual components / scenarios can declare their privacy/consent/storage scenarios (e.g., “Don’t render this component for users without X consent”).
  • Build privacy into AMP design features
• What types and examples of ‘consent’ and privacy models (and resultant business/site logic) exist, and where does AMP struggle to solve for those? Can we get/create/define a bunch of these scenarios, and assess our fit?
• Related issues from 2020:

  • 121 - Blog post on the CCPA outcome

  • 122 - Privacy Policy on AMP Caches

  • 123 - Privacy Messaging

  • 142 - LGPD: Brazil's GDPR

[tobie]

• Build privacy in to the process like what we have tried to do with accessibility.
• Audit of privacy concerns.
• Reach out to people who haven't adopted AMP because of those issues (e.g. publishers, but could be broader)

Guest? (let's ask Kelsey/ask on twitter/blog?)