W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2010

RE: Evolving Notice and Consensus for W3 to consider OECD Input

From: Chappelle, Kasey, VF-Group <Kasey.Chappelle@vodafone.com>
Date: Wed, 20 Oct 2010 11:13:50 +0200
Message-ID: <DED01886A1779C459E4D5C8985C8D3DE01E666EC@VF-MBX19.internal.vodafone.com>
To: "Rigo Wenning" <rigo@w3.org>, "David Singer" <singer@apple.com>
Cc: "Mark Lizar" <mark@smartspecies.com>, <public-privacy@w3.org>
Nothing in the laws/regulations we have prescribe a particular form of
notice, and I think that's the right approach from a legal perspective.
There's nothing in the law keeping us from innovating here. 

On the other hand, the existing regulatory frameworks create misaligned
incentives - it's what's led to heavy privacy notices and burdensome SAR
processes. Legalistic privacy notices and customer-support based SARs
are cheap and legally proven to be sufficient. Companies won't splash
out with heavy investment in alternative (and legally unproven)
compliance systems without some kind on external pressure. 

But if someone can show that it works, and provides the resources so
that companies can cheaply and easily implement, I don't doubt that they
will. I think standards bodies and industry organizations have an
important role to play here, and I'd rather work towards better notice
in that context than push for regulation. 

-----Original Message-----
From: public-privacy-request@w3.org
[mailto:public-privacy-request@w3.org] On Behalf Of Rigo Wenning
Sent: 19 October 2010 23:48
To: David Singer
Cc: Mark Lizar; public-privacy@w3.org
Subject: Re: Evolving Notice and Consensus for W3 to consider OECD Input


trouble is: If we keep out, we have to swallow whatever people bake out
are considerably less technically savvy than people I've seen so far 
discussing here. Hands off will just bring you unrealistic expectations
the regulators transformed into unusable laws. The OECD Guidelines are a

beacon in the privacy sphere. All the principle that you're regularly
with come from there: data minimization, finality etc. The EU Directive
is an 
implementation of the OECD Guidelines. But in 1980, they weren't not
able to predict the development of the Internet. So there needs to be

So it might be nice to engage in the rather high level discussions and
out, which of the high level requirements causes the most pain for 
implementations of web apps, device apis and the like... This will allow
us to 
set expectations of what is achievable and not end up with a set of
rules that 
is unrealistic, tortures technologists and doesn't really help

Maybe think about it again. But I can understand your reluctance...



On Tuesday 19 October 2010 23:28:50 David Singer wrote:
> I think your thoughts are good, but I also think that the W3C's mind
is a
> long way from being clear enough to make recommendations to
> or other powerful bodies.  And I think 'advocating regulation' to
these is
> dangerous.  One never knows what will, in fact, emerge from a
> process.
Received on Wednesday, 20 October 2010 09:15:07 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:52 UTC