I just spent a few hours looking at lists of pre-existing rdf ontologies for use in modeling the data for an app idea. The vast preponderance of them had their origin in government and academic settings where the overriding concern was how to make the data easily shared and easily combined/mashed. The privacy concerns of individuals in apps designed for a ‘Person’ as the data owner just don’t exist in those contexts, and as a result, have not yet been made a priority. It’s clear that the answer here is ‘we haven’t figured that out yet, what do you think we should do?’
If I, as an institution, have written the application that I am running against my Solid server, it’s probably ok to assume that I don’t need to worry overmuch about privacy access controls. But individuals need methods to ensure that applications from 3rd parties can be trusted to enable and respect privacy constraints, while still supporting ease of data sharing / mashup, when desired.
I think it’s something that needs its own working group to focus on the issue. Any community protocol on establishing one?