Re: Propose to drop from the strawman: requirement for privacy policy disclosure

* David Wainberg wrote:
>Section 6.4 of the Compliance and Scope document states, "In order to be 
>compliant with this specification, an operator of a third-party domain 
>must clearly and unambiguously assert in the privacy policy governing 
>that domain that it is in compliance with this specification." Such a 
>requirement is out of scope of this standard and should not be included 
>in the strawman. While it may be in scope to create tools that 
>facilitate auditing and enforcement by other entities, it is not the 
>role of this technical standard to impose legal requirements for 
>compliance. Any such requirements will come from entities with relevant 
>authority, e.g. Congress or the FTC in the US.

This cannot be a legal requirement and documentation requirements are
not unusual for technical specifications, so I don't follow your argu-
ment. How would a requirement to assert this not in the privacy policy
but on /.well-known/dnt-compliance be different?
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Received on Tuesday, 25 October 2011 23:39:37 UTC