Appendix: Interview Guide
Interview Guide – Privacy in Technical Standard-Setting
Your role and privacy
- What is your role at X?
- (only if it comes up) what background led you to this role?
- How do you think about privacy in your work?
- Can you tell me about a time when privacy came up in a product discussion?
- When does it get discussed among your colleagues?
- What types of privacy threats do you consider?
- Do you distinguish between privacy and security?
- privacy from-whom, attacker, collection/aggregation/use
Personal views of privacy
- Do you consider yourself a private person? When was a time you remember worrying about your own privacy? [you can tell me in general terms or of course leave out details if you like] Why was it a concern?
- Online? Offline?
- [pick up on words used and ask more]
- [if only one is mentioned] Do you worry about privacy from the government? From your family and friends? From corporations? From strangers?
- When you’re designing software or debating standards, how do you imagine that users of the Web think about privacy?
- Do you agree with them? Why or why not?
Technical standards and privacy
- And how did you first get involved in technical standards?
- How does your role interact with standards work? (What other roles in your organization are involved?)
- Can you tell me about a time you remember that privacy came up in a standards group you were part of?
- How did it play out?
- What was your role?
- Was there a debate? What were the sides? What was the outcome?
- … Can you remember a time where you supported a different side? Or where there was a different outcome?
- How did you make your decision about the privacy debate?
- Are you representing your company? The user? The best technical solution?
- Did this debate belong in standardization? Why or why not?
- What is the role/purpose of standards here? [interoperability; designing better technology; consistency; fundamental values?]
- Can you tell me about a time you remember that legal considerations came up in a standards group?
- Does this happen frequently? What about within your company?
- What about accessibility? Security?
- Are you satisfied with how privacy has been handled in standards discussions? Why or why not? What counts as successful or not?
- What would you do differently? What would improve it? How would that have helped?
optional: Do Not Track process
For participants or non-participant stakeholders in the W3C Tracking Protection Working Group.
- How would you summarize your experience with (or impressions of) the Do Not Track standardization process?
- How did you see the role of W3C standardization in the larger privacy debate?
- What were your goals for the process?
- to what extent were they met? what counts as successful for you?
- what would you have preferred was done differently? How would that have helped?
- Do you think the process was fair? Why or why not?
- Do you think the process produced a good outcome? Why or why not?
- Do you recall a particular debate in the Working Group that involved you?
- how did it play out?
- what was your role?
- How did the involvement of some other participants affect the process?
- [suggest categories of advertisers, browser vendors, advocates, regulators, etc.]
- [prompt about press/publicity if it doesn’t come up]
- how have views of participants changed from before the process started?
- How do you expect your working relationship will continue with the other participants in the group?
Would you strongly agree, agree, disagree or strongly disagree with the following?
- Consumers have lost all control over how personal information is collected and used by companies.
- Most businesses handle the personal information they collect about consumers in a proper and confidential way.
- Existing laws and organizational practices provide a reasonable level of protection for consumer privacy today.
- Who else should I talk to? Were there particular people you recall holding particular positions in privacy debates?