Human rights and technical standard-setting for the Web

Unofficial Draft

More details about this document
Latest published version:
Nick Doty (Center for Democracy & Technology) (co-chair, W3C Privacy Interest Group (PING))
Alissa Cooper (Cisco Systems)
Wendy Seltzer (Tucows)

In response to the call for input from the UN Office of the High Commissioner for Human Rights, this unofficial draft provides context on the human rights impacts of technical standard-setting for the Web, authored by a group of long-time W3C participants. This document has no official standing of any kind and does not represent the support or consensus of any standards organization. The authors do not speak on behalf of the World Wide Web Consortium or the W3C groups in which they participate, but have tailored this draft to focus primarily on W3C processes and standards.

1. Human rights impacts of technical standards

As transformational information communications technologies, the Internet and the Web are essential sites for supporting human rights in the modern world. As the Human Rights Council has noted, “the same rights that people have offline must also be protected online” [UNHRC2018].

Technical standards are ubiquitous and diverse and necessary to define the protocols that make up, among other technologies, the Internet and the Web. While the practices of standard-setting vary, the World Wide Web Consortium (W3C) is a member-driven public interest organization with an open, multistakeholder process that develops voluntary standards through consensus.

Given the vast landscape of technical standards development today, it is critical to assess standards development on a technology-specific basis in order to ensure appropriate consideration and support of human rights within individual standards development processes. For example, free expression, free association, privacy and security, accessibility, and internationalization are key examples of human rights interests where the design of the Web makes a difference for the rights enjoyed by users of technology around the world. As such, the design of the standards that underlie the Web have a bearing on the enjoyment of these rights, and W3C as a standards organization takes responsibility for incorporating human rights considerations into its processes.

1.1 Examples of Web standards and human rights

1.1.1 Free expression, association and assembly

The Internet and Web provide key capabilities for communication, including expression of all kinds including commercial activity and political speech, and organization of various kinds, providing for association and assembly. For example, the Web has made it possible to publish and consume online content in dramatically cheaper and more accessible ways, without relying on traditional forms of book, newspaper and magazine publishing. Standards for real-time communication, including through audio and video, have provided for remote connectivity, especially important during pandemic conditions, and WebRTC standards make such connectivity possible peer-to-peer [webrtc] [rtcweb-overview].

The design of the Internet’s architecture, including design decisions in technical standards, affects both the potential for free assembly and association and the potential harms or limits to association [draft-association].

1.1.2 Accessibility

W3C has lead the way in setting standards for accessibility online: enabling people with disabilities to use services of all kinds on the Web. As noted by the Convention on the Rights of Persons with Disabilities, access to information and communication technologies, including the Internet and new communications technologies, is a basic right of people with disabilities [CRPD]. Web Content Accessibility Guidelines describe how to make Web sites accessible and usable and define success criteria so that conformance at different levels can be consistently evaluated by governments and other organizations [WCAG22].

This work has been developed in a true multistakeholder fashion through the Web Accessibility Initiative, with substantial engagement from a variety of industry sectors, as well as academics, government and civil society. Supporting this basic human right cannot be left to governments or any single stakeholder alone.

1.1.3 Internationalization

Internationalization (i18n) is the practice of designing technology to be used by people of different cultures, regions and languages. For W3C, i18n is an essential part of universal, world-wide access to the Web, especially for those who use different scripts or languages from the developers of popular applications.

By considering different languages, writing systems and cultural expectations in the design of Web standards, internationalization provides better access to and usability of Web applications and enables the creation and consumption of sites and services in a wide range of the world’s languages.

1.1.4 Privacy and security

Surveillance has been a substantial threat, amplified in new and emerging technologies, to the human rights of people on the Internet. And it’s an area where technical standard-setting has been able to respond. Pervasive monitoring was identified as an attack by the Internet standardization community and documented by the Internet Engineering Task Force (IETF), the world’s premier Internet standards organization [RFC7258]. In response, tremendous engineering efforts have been made, including the design of new protocols, to encrypt more online traffic and protect it from active and passive monitoring and tampering. Technical standard-setting has been one venue for the multistakeholder discussion, design and collaboration necessary to respond to expansive, intrusive government surveillance.

W3C-specific standards to enable broader use of encryption include (but are not limited to) the Web Cryptography API for providing fundamental encryption in the browser [WebCryptoAPI], and Secure Contexts to limit dangerous or powerful functionality to cases where encryption is used [secure-contexts]. Broader than just preventing surveillance, privacy has been deeply considered in a wide range of Web standards, including APIs for access to device sensors (geolocation, cameras and microphones, and virtual reality devices), real-time communications, and permissions.

W3C has incorporated considerations for human rights into its standards development process, both from an institutional perspective and at the level of individual specification review and design decisions.

In the following sections, we describe: how standards development works, particularly for Web standards at the W3C; how human rights are considered in the Web standardization process; and how standard-setting at W3C can be inclusive and accessible to broad participation.

2. How standards development works

Technical standards are documents that technology designers use to build products and services that interoperate with products and services offered by other organizations. The most important goal of standardization is this interoperability, which allows web browsers to reach websites, laptops to connect to Wi-Fi, and mobile phones to make calls even though the technology that facilitates each of those connections is provided by many different organizations. Products and services that run on different platforms, are written in different programming languages, and operate under different regulatory regimes can all connect and interoperate when they implement the same standards. Without standards, there would be no Web, Internet, or cellular service as we know them today.

Technical standards are ubiquitous and diverse. The act of loading a single web page—for example, by typing into a web browser—may involve hundreds of standards produced by different standards development organizations (SDOs) that cover everything from network connectivity to the routing of Internet traffic to the visual display of the web page in the browser. Viewing the tech sector as a whole, there are thousands of standards development organizations worldwide developing standards with the involvement of tens of thousands of engineers, architects, researchers, and other experts from the private and public sectors.

SDOs vary in terms of their governance, participation, outputs, and decision-making procedures. The W3C’s model relies on key features that have fueled the reach and success of web standards:

These principles largely track those found in widely referenced policies, including from the World Trade Organization Technical Barriers to Trade Committee [wto-international-standards] and the US Office of Management and Budget [omb-a-119].

Not all SDOs rely on these principles. Some are more formal, rely on one-nation-one-vote rules, or are government-driven—all of which can create challenges for the multistakeholder community to contribute, influence outcomes, and be part of the standards decisionmaking process. While the “big three” formal SDOs—the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO), and the International Telecommunication Union (ITU)—often garner attention in standards policy discussions, the vast global ecosystem of open, global SDOs and consortia fuel the bulk of the standards development work happening at the cutting edge of technological innovation today.

Finally, the W3C Patent Policy has been critical to the accessibility and broad reach of the web and web technologies. The policy requires that as a condition of participation in the development of a standard within a W3C working group, all members commit to making their own patented inventions implicated by the standard available on a royalty-free basis [w3c-patent-policy]. The web’s royalty-free foundation has fueled innovation and experimenation, lowering barriers to entry and making the web a platform for all.

3. How human rights are considered in W3C standardization

“Web for All” is one of the foundational design principles guiding W3C’s work, per the W3C Mission:

The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C’s primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.

The social value of the Web and support for human rights are considered in the standardization process through the strategic selection of work, through the principles and guidelines developed to guide Web standards, and through the people, process and tools for wide review of Web standards.

3.1 Principles for standards development

The Web standards community itself has demonstrated a commitment to broadly considering the impact of new technical standards and emerging communication technologies [ethical-web-principles], explicitly centering the Universal Declaration of Human Rights [UDHR].

The Web standards community has also consistently identified the importance of prioritizing the people who use and are impacted by technology in the design of Internet and Web standards. Prioritizing people over the developers of technology, the corporations that buy, sell or operate technology, and the interests of other stakeholders helps to maintain trust and support human rights of people generally. This has been described as the priority of constituencies, and it is cited in the Web Platform Design Principles [design-principles] and the Internet Architecture Board’s statement that the Internet is for End Users [RFC8890].

Considering these ethical principles and priorities among the stakeholders themselves provides an opportunity to identify new areas altogether where human rights are implicated by interoperable technologies: including, for example, the impacts of the climate crisis and of misinformation. These are novel threats and challenges with impacts on human rights and so solutions and mitigations are not yet well established. Setting out principles and goals in a multistakeholder technical standard-setting body provides the starting point for more systematic community-wide consideration.

Even in relatively more established areas, statements of principles are valuable ways to support fundamental human rights in concrete and actionable ways. Privacy, for example, is a human right, but also a complex and contested concept. W3C has a task force of experts in privacy, Web architecture, user agents, and online advertising writing a detailed statement of privacy principles that can then be applied throughout the Web standards process [privacyprinciples].

W3C’s Advisory Board, elected by Member organizations, seeks to set out a fundamental Vision for the Web and its emerging development. The current draft in progress of that W3C Vision statement encodes some similar principles and priorities. The W3C Process provides for developing a community-wide consensus for Statements of this kind [w3c-process], not unlike similar processes at the IETF. Consensus community statements create both the opportunity and the responsibility for the participant stakeholders themselves to agree on principles and vision that consider benefits to society and the human rights of the individuals around the world who will use the resulting interoperable technology.

3.2 Review of new and emerging technologies

Seeing the Web as a connection among humans drives the focus of several “horizontal” areas of work and review: accessibility, internationalization, privacy, and security, that support the exercise of fundamental human rights. The W3C Process requires wide review and response to issues raised by reviewers [w3c-process].

W3C’s wide review process is a foundational piece of a strategy to consistently and systematically support human rights in Web standards. Wide review involves actively soliciting feedback from a range of stakeholders, implementers, subject matter experts and the general public. Most notably, it incorporates “horizontal review”: reviews of areas that cut across (hence, horizontal) the many different Working Groups and technical standards. Horizontal review is widely used to identify, review for and address issues of accessibility, internationalization, privacy and architectural design, and has also been considered for security, sustainability, equity and other topics.

Because new and emerging technologies are developed by deep subject matter experts in a particular area, the stakeholders developing new protocols and implementations of communication technology cannot also have a perfect view of all the other technology being developed for the Internet and the Web and are unlikely to be expert in all the areas of accessibility, internationalization, privacy, security or other cross-cutting areas. To provide support, horizontal review groups review specifications, develop guidance for self-review and consult with groups on technical areas and how to address potential concerns systematically and proactively.

Self-review lets groups working on a new technology to spot issues and consider mitigations even prior to an external horizontal review, without needing that prior expertise. Questionnaires, checklists and documentation more generally have proved useful in identifying common issues that arise in Web standards; those tools should be regularly reviewed and updated to cover new classes of issues and to clarify recommended mitigations.

  • Self-Review Questionnaire: Security and Privacy [security-privacy-questionnaire] is used for self-review in identifying security and privacy issues.
  • The Framework for Accessible Specification of Technologies [FAST] provides advice for specification designers to make technologies that will be generally accessible. A quick checklist is also available.
  • For internationalization, both a short self-review checklist and a longer note of best practices [international-specs] is available.

Consistent review across many areas is especially important where the contribution to human rights impacts may be diverse in any one case but accumulate to significant constraints to rights. Browser fingerprinting, for example, is possible through the cumulative analysis of different configuration characteristics, each of which may be minimal and non-identifying on its own. But combined together, those characteristics are often used to re-identify people, correlate their online activities and undermine the ability to control one’s identity or the data collected about oneself. Reviewing for browser fingerprinting across all new Web technologies in a consistent way makes it more feasible to address this threat to privacy [fingerprinting-guidance].

The Technical Architecture Group (TAG) also provides design reviews of all specifications as part of the wide review process, and often provides input early in the specification process because of a Google Chrome policy to seek TAG review and because of interest from browser implementers. The TAG applies reviews to make consistent architectural decisions across different specifications [design-principles], but also considers privacy and security issues (including the answers to the privacy and security self-review questionnaire) and may provide feedback on other ethical or rights concepts that arise [ethical-web-principles].

Wide review at W3C is especially focused on horizontal review and review by W3C Member organizations, in order to coordinate standardization activity across the Consortium. But review and input is explicitly not limited to W3C Member organizations and feedback from the general public is welcomed. The Process requires considering comments and addressing any objections from the public as they would from W3C Members. Availability of published standards, drafts in progress and working conversations is an important, though incomplete, part of providing open access to participation, as discussed below.

4. Access and participation

A key factor for the efficacy and legitimacy of W3C’s multistakeholder standard-setting model and its consideration of human rights is the capacity to provide access and participation to all those stakeholders who wish to engage in the standardization process.

As described above, W3C’s standardization process follows a model of openness to participation, transparency of discussion, due process of decision-making done typically by consensus.

This openness of participation means that standardization work, and increasingly also the practice of incubation of pre-standardization work, is done and intensively documented for any interested party or member of the public. Emails, text proposals, decisions, meeting minutes and the like are made publicly available. All standards documents are freely available to all, from initial drafts through final Recommendation.

This rich public corpus also makes academic research and external oversight of the standard-setting process more feasible. Ongoing research can provide empirical analysis of how human rights are considered in open standard-setting bodies and patterns of participation, among other topics. See, for example, the Research and Analysis of Standard-Setting Processes Research Group at the Internet Research Task Force.

Public input is also welcomed and a formal part of the standardization process. Individuals can be invited into Working Groups, without paying the membership dues typically expected of organizations, as Invited Experts. But the process also solicits and considers input from interested parties that are not formally engaged in Working Groups.

With these formal and practical preferences for openness and transparency, W3C has been able to welcome a diversity of participants and incorporate them throughout the activities and leadership of the Consortium’s work.

With that experience, W3C participants have also identified barriers to effective participation.

There are substantial costs to effective engagement in technical standard-setting. Those may include fees for membership or meeting registration, but much more significant are the costs of travel to attend meetings and even more so the cost of hiring experts and dedicating their time to the intensive process of following detailed standards processes often over a period of years. Those costs can be significant for non-industry participants (like civil society) or for organizations in lower-income countries, even when sliding scale fees are available.

Language barriers have made it more challenging for active partcipation for those who do not speak English or don’t speak it as a first language. W3C activities are typically conducted primarily in English, without real-time translation. Participation from around the world can also create conflicts in cultural expectations. Engineering and technical communities can have habits and practices of conversation that are unusual or exclusionary for those with different backgrounds, and we have found that negative or antagonistic environments can discourage those who would otherwise provide important contributions.

W3C has made some progress in addressing aspects of these barriers and looks forward to continued consultation and advice to be more inclusive and effective in including a broader range of the world’s stakeholders in the Web standardization process. With the support of some donors, an inclusion fund has been developed to provide financial support to underrepresented communities that might not otherwise be able to attend W3C meetings. The Consortium has adopted a Code of Ethics and Professional Conduct [CEPC], and the Positive Work Environment Community Group progressively considers the processes, practices and training necessary to welcome participants and enable consensus finding among people of various backgrounds. Offices with local staff in different countries and directed global recruiting have shown some success in engaging companies and organizations outside of the West.

Making Web standardization more inclusive and more representative is of regular discussion at W3C, not only for questions of legitimacy and support of human rights, but also for the general success of developing standards and technology for global adoption. We welcome further work and learning on how to include more of the world in the technical standard-setting process, and expect that the vast majority of W3C members would as well.

A. Acknowledgements

Special thanks to reviewers of these comments and to all the W3C participants who have engaged in support for human rights in Web standards.

B. References

B.1 Informative references

Positive Work Environment at W3C: Code of Ethics and Professional Conduct. Tzviya Siegman; An Qi Li; Ada Rose Cannon. W3C. 16 July 2020. URL:
Convention on the Rights of Persons with Disabilities. United Nations. 2006. URL:
Web Platform Design Principles. Sangwhan Moon. W3C. 24 February 2023. W3C Working Group Note. URL:
Internet Protocols and the Human Rights to Freedom of Association and Assembly. Niels ten Oever; Stéphane Couture; Mallory Knodel. Internet Engineering Task Force. 2022. Internet-Draft. URL:
W3C TAG Ethical Web Principles. Daniel Appelquist; Hadley Beeman; Amy Guy. W3C. 7 December 2022. W3C Working Group Note. URL:
Framework for Accessible Specification of Technologies. Michael Cooper. Accessible Platform Architectures Working Group. 4 November 2021. W3C Editor's Draft. URL:
Mitigating Browser Fingerprinting in Web Specifications. Nick Doty. W3C. 28 March 2019. W3C Working Group Note. URL:
Internationalization Best Practices for Spec Developers. Richard Ishida; Addison Phillips. W3C. 23 September 2022. W3C Working Group Note. URL:
Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities. United States Office of Management and Budget. January 27, 2016. URL:
Privacy Principles. Robin Berjon; Jeffrey Yasskin. W3C. DNOTE. URL:
Pervasive Monitoring Is an Attack. S. Farrell; H. Tschofenig. IETF. May 2014. Best Current Practice. URL:
The Internet is for End Users. M. Nottingham. IETF. August 2020. Informational. URL:
Overview: Real-Time Protocols for Browser-Based Applications. H. Alvestrand. IETF. January 2021. Proposed Standard. URL:
Secure Contexts. Mike West. W3C. 18 September 2021. W3C Candidate Recommendation. URL:
Self-Review Questionnaire: Security and Privacy. Theresa O'Connor; Peter Snyder. W3C. 16 December 2021. W3C Working Group Note. URL:
Universal Declaration of Human Rights. United Nations. 10 December 1948. URL:
The promotion, protection and enjoyment of human rights on the Internet. United Nations Human Rights Council. 2018. URL:
W3C Patent Policy. Wendy Seltzer. W3C. 15 September 2020. URL:
W3C Process Document. Elika J. Etemad (fantasai); Florian Rivoal. W3C. 2 November 2021. URL:
Web Content Accessibility Guidelines (WCAG) 2.2. Charles Adams; Alastair Campbell; Rachael Bradley Montgomery; Michael Cooper; Andrew Kirkpatrick. W3C. 25 January 2023. W3C Candidate Recommendation. URL:
Web Cryptography API. Mark Watson. W3C. 26 January 2017. W3C Recommendation. URL:
WebRTC: Real-Time Communication in Browsers. Cullen Jennings; Florent Castelli; Henrik Boström; Jan-Ivar Bruaroey. W3C. 6 March 2023. W3C Recommendation. URL:
Principles for the Development of International Standards, Guides and Recommendations. World Trade Organization. 2000. URL: