Privacy on the web: creating a more trustworthy web

Continuing the series that puts the emphasis on the key areas that help ensure that the Web works, for everyone, this month I am diving into Web security. It is one of the key areas that we call “horizontals” and that shape every W3C work package because they involve approaches that are common to all work groups. Our horizontals are Web accessibility, internationalization, security and privacy. 

The imperative

Creating a more trustworthy web and protecting user privacy is fundamental to creating a web that works, for everyone.

Privacy, along with Security, are integral to human rights and civil liberties, and are essential to the success of the web platform. Today, so many of the features of the web and its usage involve information about people and their communications that privacy must be considered consistently across the design of the entire platform. The human factors and the sociotechnical aspects add additional complexity.

To affirmatively realize the privacy of people using the web and address privacy threats that have already arisen requires us to operate in an interdisciplinary and global space, and to develop dedicated privacy features.

How W3C approaches privacy on the web

Following the mid-2000s W3C work on Platform for Privacy Preferences (P3P), the W3C Team in 2011 identified the need to strengthen the foundations of trust on the web for communities large and small to access and share data, and made it an area of focus in 2011. The evolution then trended toward significantly more intense collection, processing, and publication of personal data.

We follow a recipe that is simple but which details are of importance:

• Review the privacy of web standards
• Advise W3C groups developing standards to mitigate privacy issues
• Develop some private technology standards

Horizontal reviews are conducted for privacy of proposals and specifications under development by other W3C Working Groups and Community Groups, and of charters for other W3C groups. Related to that is advising groups developing standards on how to avoid and mitigate privacy issues with web technologies.

The other main component is the standardization of new technical mechanisms that improve privacy on the web, including work moving from incubation when there is a basic technical design, significant implementer interest and activity.

The W3C Privacy Working Group undertakes the former and a lot of the latter. The rest of the privacy-focused features specific to technical work covered by another Working Group are typically best developed in those Working Groups, alongside related technical features.

In focus: Global Privacy Control, Private Advertising

Global Privacy Control (GPC) defines a signal, transmitted over HTTP and through the DOM, that conveys a person's request to websites and services to not sell or share their personal information with third parties. This standard is intended to work with existing and upcoming legal frameworks that render such requests enforceable.

W3C launched the Private Advertising Working Group

in late 2024, motivated by the Ethical Web Principles W3C Statement, to specify web features and APIs that support advertising while acting in the interests of users, in particular providing strong privacy assurances using predominantly technical means.

If you wish to know more about ongoing work, I suggest you take 8 minutes to watch the Privacy talk my colleague Tara Whalen, W3C Privacy Lead, gave early April 2025.

W3C Statement: Privacy Principles

The Privacy Principles were elevated in May 2025 to W3C Statement, which means that although the document is informative and not a formal standard in nature, it creates a stable reference that has received formal review and endorsement from W3C Members.

The document provides definitions for privacy that are applicable worldwide as well as a set of privacy principles that aim to guide the development of the web as a trustworthy platform.

You can read more in Tara Whalen’s blog post on the W3C Statement: New Privacy Principles for a more trustworthy web.