Interview Guide – Privacy in Technical Standard-Setting

Nick Doty

UC Berkeley, School of Information

December 4, 2020

Also available as: pdf

Status of This Document

This is an appendix of a published dissertation: Enacting Privacy in Internet Standards.

Appendix: Interview Guide

Interview Guide – Privacy in Technical Standard-Setting

Your role and privacy

  • What is your role at X?
    • (only if it comes up) what background led you to this role?
  • How do you think about privacy in your work?
    • Can you tell me about a time when privacy came up in a product discussion?
    • When does it get discussed among your colleagues?
  • What types of privacy threats do you consider?
    • Do you distinguish between privacy and security?
    • privacy from-whom, attacker, collection/aggregation/use

Personal views of privacy

  • Do you consider yourself a private person? When was a time you remember worrying about your own privacy? [you can tell me in general terms or of course leave out details if you like] Why was it a concern?
    • Online? Offline?
    • [pick up on words used and ask more]
    • [if only one is mentioned] Do you worry about privacy from the government? From your family and friends? From corporations? From strangers?
  • When you’re designing software or debating standards, how do you imagine that users of the Web think about privacy?
    • Do you agree with them? Why or why not?

Technical standards and privacy

  • And how did you first get involved in technical standards?
    • How does your role interact with standards work? (What other roles in your organization are involved?)
  • Can you tell me about a time you remember that privacy came up in a standards group you were part of?
    • How did it play out?
    • What was your role?
    • Was there a debate? What were the sides? What was the outcome?
    • … Can you remember a time where you supported a different side? Or where there was a different outcome?
  • How did you make your decision about the privacy debate?
    • Are you representing your company? The user? The best technical solution?
    • Did this debate belong in standardization? Why or why not?
    • What is the role/purpose of standards here? [interoperability; designing better technology; consistency; fundamental values?]
  • Can you tell me about a time you remember that legal considerations came up in a standards group?
    • Does this happen frequently? What about within your company?
    • What about accessibility? Security?
  • Are you satisfied with how privacy has been handled in standards discussions? Why or why not? What counts as successful or not?
    • What would you do differently? What would improve it? How would that have helped?

optional: Do Not Track process

For participants or non-participant stakeholders in the W3C Tracking Protection Working Group.

  • How would you summarize your experience with (or impressions of) the Do Not Track standardization process?
  • How did you see the role of W3C standardization in the larger privacy debate?
  • What were your goals for the process?
    • to what extent were they met? what counts as successful for you?
    • what would you have preferred was done differently? How would that have helped?
  • Do you think the process was fair? Why or why not?
  • Do you think the process produced a good outcome? Why or why not?
  • Do you recall a particular debate in the Working Group that involved you?
    • how did it play out?
    • what was your role?
  • How did the involvement of some other participants affect the process?
    • [suggest categories of advertisers, browser vendors, advocates, regulators, etc.]
    • [prompt about press/publicity if it doesn’t come up]
    • how have views of participants changed from before the process started?
  • How do you expect your working relationship will continue with the other participants in the group?

Westin index

Would you strongly agree, agree, disagree or strongly disagree with the following?

  1. Consumers have lost all control over how personal information is collected and used by companies.
  2. Most businesses handle the personal information they collect about consumers in a proper and confidential way.
  3. Existing laws and organizational practices provide a reasonable level of protection for consumer privacy today.


  • Who else should I talk to? Were there particular people you recall holding particular positions in privacy debates?