W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2010

Re: do not track list?

From: SULLIVAN, BRYAN L (ATTCINW) <BS3131@att.com>
Date: Wed, 17 Nov 2010 04:58:41 -0800
Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD09B3F523@BD01MSXMB015.US.Cingular.Net>
To: <Kasey.Chappelle@vodafone.com>, <tlr@w3.org>, <rigo@w3.org>
Cc: <public-privacy@w3.org>
I only wish the "do not call" system worked. Pinning a "do not track" system on something similar will not solve the problem. It needs to consider and overcome the limitations of the existing systems or it will be a false promise.
Bryan Sullivan | AT&T 

----- Original Message -----
From: public-privacy-request@w3.org <public-privacy-request@w3.org>
To: Thomas Roessler <tlr@w3.org>; Rigo Wenning <rigo@w3.org>
Cc: public-privacy@w3.org <public-privacy@w3.org>
Sent: Wed Nov 17 04:49:08 2010
Subject: RE: do not track list?

Tracking has privacy implications regardless of whether it is
pseudonymised or anonymised, as long as single individual profile is
created. Very few network advertisers, for example, currently connect a
profile to any information that would generally be considered
"identifiable", but these programmes are still heavily scrutinised. See,
for example, the discussion in the FTC's self-regulatory principles,
here: 
http://www.ftc.gov/opa/2009/02/behavad.shtm


So it's hard to believe that any do-not-track solution would include a
carveout for pseudonymous or anonymous profiling. A more relevant
question, though, and one that I have not seen a clear answer to, is
whether it would also apply to aggregate tracking - the kind of
statistical analysis that does not capture individual profiles, but does
do some kind of tracking at the very lowest level to create those
statistics (unique visitors, for example). Some regulators already
consider this too to be privacy-invasive (see, for example, Germany's
dealings with Google Analytics:
http://eu.techcrunch.com/2009/11/24/google-analytics-illegal-germany/) 
 

-----Original Message-----
From: public-privacy-request@w3.org
[mailto:public-privacy-request@w3.org] On Behalf Of Thomas Roessler
Sent: 17 November 2010 12:29
To: Rigo Wenning
Cc: Thomas Roessler; public-privacy@w3.org
Subject: Re: do not track list?

On 15 Nov 2010, at 15:02, Rigo Wenning wrote:

>
http://www.nytimes.com/2010/11/10/business/media/10privacy.html?pagewant

ed=all&nl=todaysheadlines&emc=a26
> 
> there is a suggestion to have "do not tracking" lists following
> the example of the "do not call" lists. They imagine a browser 
> button or a button on the page. 
> 
> This looks like something where a discussion with technical folks 
> would be beneficial for the regulators. 


+1

It looks like some folks are working on a specific proposal:
	http://donottrack.us/


The basic idea: Put "X-Do-Not-Track: 1" into HTTP headers.  It would be
interesting to look at deployment (and compliance) incentives for this
technology, and at what it actually means for a user not to be tracked.

Also, what's the scope of this sort of exercise -- Do I opt out of all
tracking, including pseudonymous profiles?  Do I only opt out of
tracking that identifies me?

Thoughts?

--
Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)










Received on Wednesday, 17 November 2010 12:59:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 17 November 2010 12:59:23 GMT