Alternative 6

Here is the proposal I have for how we can best use our time tomorrow, at
least one additional alternative to those presented so far.

I do not believe the TP WG will be successful in defining policies (i.e.
normative requirements) that are universally applicable, as normative
statements re contextually permitted uses across 1st/3rd parties.

To achieve something in the desired timeframe (Q3 2012), the TP WG should
limit its scope to:
- in the TPE spec, defining how a user expresses their intent, and
optionally how sites express compliance
- in the TCS spec
- Defining what the DNT signal means (e.g. "don't remember me", "don't track
me", "don't share me" etc)
- Defining the overall responsibility sites have for communicating to users
their privacy practices (including discoverability of site relatiohships)
and how those practices will change with a DNT signal from the user.
- If the TCS spec addresses data uses, it should do so only as an
informative set of guidelines that are consistent with (or reference) the
approach being taken in compliance programs

This way, we can avoid the unecessary (and increasingly cloudy) definition
of 1st vs 3rd parties, and the incomplete/procrustean definition of
acceptable / commonly accepted business practices.

I believe we can fulfill the charter for the TPE, and for the TCS by using
the approach above. This will provide time for the market to gain experience
with the DNT standard, while the compliance issues continue to be discussed
and worked within the existing compliance-focused forums.

Thanks,
Bryan Sullivan