- From: Chappelle, Kasey, VF-Group <Kasey.Chappelle@vodafone.com>
- Date: Wed, 17 Nov 2010 14:33:48 +0100
- To: "SULLIVAN, BRYAN L (ATTCINW)" <BS3131@att.com>
- Cc: <public-privacy@w3.org>
Oh, I'm certainly not saying that a "do not track" law is the right approach. But that any solution here is going to have to accommodate all forms of tracking. That said - something centralised has a lot going for it. Currently, I have to know all the different companies that are tracking for all the different websites I visit, and opt out for each one using their own particular opt out programme. Some participate in the NAI's programme, but certainly not all (or even a majority, last I checked). -----Original Message----- From: SULLIVAN, BRYAN L (ATTCINW) [mailto:BS3131@att.com] Sent: 17 November 2010 12:59 To: Chappelle, Kasey, VF-Group; tlr@w3.org; rigo@w3.org Cc: Subject: Re: do not track list? I only wish the "do not call" system worked. Pinning a "do not track" system on something similar will not solve the problem. It needs to consider and overcome the limitations of the existing systems or it will be a false promise. Bryan Sullivan | AT&T ----- Original Message ----- From: public-privacy-request@w3.org <public-privacy-request@w3.org> To: Thomas Roessler <tlr@w3.org>; Rigo Wenning <rigo@w3.org> Cc: public-privacy@w3.org <public-privacy@w3.org> Sent: Wed Nov 17 04:49:08 2010 Subject: RE: do not track list? Tracking has privacy implications regardless of whether it is pseudonymised or anonymised, as long as single individual profile is created. Very few network advertisers, for example, currently connect a profile to any information that would generally be considered "identifiable", but these programmes are still heavily scrutinised. See, for example, the discussion in the FTC's self-regulatory principles, here: http://www.ftc.gov/opa/2009/02/behavad.shtm So it's hard to believe that any do-not-track solution would include a carveout for pseudonymous or anonymous profiling. A more relevant question, though, and one that I have not seen a clear answer to, is whether it would also apply to aggregate tracking - the kind of statistical analysis that does not capture individual profiles, but does do some kind of tracking at the very lowest level to create those statistics (unique visitors, for example). Some regulators already consider this too to be privacy-invasive (see, for example, Germany's dealings with Google Analytics: http://eu.techcrunch.com/2009/11/24/google-analytics-illegal-germany/) -----Original Message----- From: public-privacy-request@w3.org [mailto:public-privacy-request@w3.org] On Behalf Of Thomas Roessler Sent: 17 November 2010 12:29 To: Rigo Wenning Cc: Thomas Roessler; public-privacy@w3.org Subject: Re: do not track list? On 15 Nov 2010, at 15:02, Rigo Wenning wrote: > http://www.nytimes.com/2010/11/10/business/media/10privacy.html?pagewant ed=all&nl=todaysheadlines&emc=a26 > > there is a suggestion to have "do not tracking" lists following > the example of the "do not call" lists. They imagine a browser > button or a button on the page. > > This looks like something where a discussion with technical folks > would be beneficial for the regulators. +1 It looks like some folks are working on a specific proposal: http://donottrack.us/ The basic idea: Put "X-Do-Not-Track: 1" into HTTP headers. It would be interesting to look at deployment (and compliance) incentives for this technology, and at what it actually means for a user not to be tracked. Also, what's the scope of this sort of exercise -- Do I opt out of all tracking, including pseudonymous profiles? Do I only opt out of tracking that identifies me? Thoughts? -- Thomas Roessler, W3C <tlr@w3.org> (@roessler)
Received on Wednesday, 17 November 2010 13:34:55 UTC