RE: Evolving Notice and Consensus for W3 to consider OECD Input from Chappelle, Kasey, VF-Group on 2010-10-20 (public-privacy@w3.org from October to December 2010)

From: Chappelle, Kasey, VF-Group <Kasey.Chappelle@vodafone.com>
Date: Wed, 20 Oct 2010 11:13:50 +0200
To: "Rigo Wenning" <rigo@w3.org>, "David Singer" <singer@apple.com>
Cc: "Mark Lizar" <mark@smartspecies.com>, <public-privacy@w3.org>
Message-ID: <DED01886A1779C459E4D5C8985C8D3DE01E666EC@VF-MBX19.internal.vodafone.com>

Nothing in the laws/regulations we have prescribe a particular form of
notice, and I think that's the right approach from a legal perspective.
There's nothing in the law keeping us from innovating here. 

On the other hand, the existing regulatory frameworks create misaligned
incentives - it's what's led to heavy privacy notices and burdensome SAR
processes. Legalistic privacy notices and customer-support based SARs
are cheap and legally proven to be sufficient. Companies won't splash
out with heavy investment in alternative (and legally unproven)
compliance systems without some kind on external pressure. 

But if someone can show that it works, and provides the resources so
that companies can cheaply and easily implement, I don't doubt that they
will. I think standards bodies and industry organizations have an
important role to play here, and I'd rather work towards better notice
in that context than push for regulation. 

-----Original Message-----
From: public-privacy-request@w3.org
[mailto:public-privacy-request@w3.org] On Behalf Of Rigo Wenning
Sent: 19 October 2010 23:48
To: David Singer
Cc: Mark Lizar; public-privacy@w3.org
Subject: Re: Evolving Notice and Consensus for W3 to consider OECD Input

David, 

trouble is: If we keep out, we have to swallow whatever people bake out
that 
are considerably less technically savvy than people I've seen so far 
discussing here. Hands off will just bring you unrealistic expectations
from 
the regulators transformed into unusable laws. The OECD Guidelines are a

beacon in the privacy sphere. All the principle that you're regularly
smacked 
with come from there: data minimization, finality etc. The EU Directive
is an 
implementation of the OECD Guidelines. But in 1980, they weren't not
really 
able to predict the development of the Internet. So there needs to be
some 
renovation. 

So it might be nice to engage in the rather high level discussions and
figure 
out, which of the high level requirements causes the most pain for 
implementations of web apps, device apis and the like... This will allow
us to 
set expectations of what is achievable and not end up with a set of
rules that 
is unrealistic, tortures technologists and doesn't really help
consumers.

Maybe think about it again. But I can understand your reluctance...

Best, 

Rigo

On Tuesday 19 October 2010 23:28:50 David Singer wrote:
> I think your thoughts are good, but I also think that the W3C's mind
is a
> long way from being clear enough to make recommendations to
governmental
> or other powerful bodies.  And I think 'advocating regulation' to
these is
> dangerous.  One never knows what will, in fact, emerge from a
political
> process.

Received on Wednesday, 20 October 2010 09:15:07 UTC