RE: [Issue-71] Proposed Text for Issue 71 from Shane Wiley on 2012-02-09 (public-tracking@w3.org from February 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 8 Feb 2012 22:40:50 -0800
To: David Singer <singer@apple.com>, JC Cannon <jccannon@microsoft.com>
CC: Jonathan Mayer <jmayer@stanford.edu>, Ninja Marnau <nmarnau@datenschutzzentrum.de>, Nicholas Doty <npdoty@w3.org>, "Amy Colando (LCA)" <acolando@microsoft.com>, "Frank.Wagner@telekom.de" <Frank.Wagner@telekom.de>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D0C8ACC28@SP2-EX07VS02.ds.corp.yahoo.com>

David,

In the examples you've provided:

"I don't think it's only 'bad actors', alas.  It is the very existence of the data that causes concern.  What happens if it leaks? The management changes? Someone makes a mistake? Law authorities want to look at it?  The company gets bought or merged?  And so on."

If an organization had retained data for DNT:1 events for specific operational purposes and then one of the voluntary events occur (mgmt change, purchase/merger) such that the information is used outside of the DNT standard exceptions, then that organization is a "bad actor" -- and pursuit to the claims in their privacy policy at the time of data collection (or a response header), it would be my expectation that they felt the full force of the law in all jurisdictions they operated in.

The security oriented risks such as "leaks" and "someone makes a mistake" are real concerns but when balanced against the real-life risks anonymous cross-site data collection presents we need to be careful to ensure the level of compliance burden is proportionate.  It is for this reason that "use based limitations" are the most appropriate outcome for this particular set of privacy issues.  

I understand the desire for absolutist remedies (radically short retention periods, outright data destruction, etc.), but the cost to implement these combined with the impact to business continuity will be too great to have many organizations wish to implement DNT.

- Shane

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: Wednesday, February 08, 2012 4:47 PM
To: JC Cannon
Cc: Jonathan Mayer; Ninja Marnau; Nicholas Doty; Amy Colando (LCA); Frank.Wagner@telekom.de; public-tracking@w3.org
Subject: Re: [Issue-71] Proposed Text for Issue 71

On Feb 8, 2012, at 16:38 , JC Cannon wrote:

> David,
> 
> It seems like are closer to each other in what is needed than the text bears out. I agree that bad actors will attempt to skirt the rules.

I don't think it's only 'bad actors', alas.  It is the very existence of the data that causes concern.  What happens if it leaks? The management changes? Someone makes a mistake? Law authorities want to look at it?  The company gets bought or merged?  And so on.

> I don't think the spec will stop bad actors. However, those of us who want to protect online privacy should not be lumped with them. That said, I would love to see the language adjusted to make sure that the loopholes are closed and complying with the spirit of this rule is made simpler.
> 

I, too, am open to suggestions!

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Thursday, 9 February 2012 06:42:49 UTC