W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

(unknown charset) Re: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49)

From: (unknown charset) Justin Brookman <justin@cdt.org>
Date: Thu, 09 Feb 2012 18:17:31 -0500
Message-ID: <4F34540B.7040202@cdt.org>
To: (unknown charset) public-tracking@w3.org
I disagree with this statement. The FTC has announced five criteria 
necessary for "Do Not Track" to be successful; the fourth is that "Do 
Not Track" needs to address collection as well as usage. Similarly, the 
Article 29 Working Party identified failure to address 
collection/retention as a limitation in the existing DAA opt-out 
framework. So it is not at all correct to state that regulators are only 
interested in use limitations.

That said, I think these regulators have also recognized that a complete 
prohibition on third-party collection is not practical or desirable. 
Given that the standard currently recognizes that third parties are 
frequently going to be allowed to obtain uniquely-identifying user agent 
strings despite the presence of a DNT:1 header, I personally don't think 
that fixating on client-side versus server-side solutions for frequency 
capping or conversion reporting is all that important. However, that 
does argue for the need for accountable statements on the part of 
complying third-parties (whether through a response header or something 
else).

Justin Brookman
Director, Consumer Privacy
Center for Democracy&  Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
tel 202.407.8812
fax 202.637.0969
justin@cdt.org
http://www.cdt.org
@CenDemTech
@JustinBrookman


On 2/9/2012 5:50 PM, Matthias Schunter wrote:
> Hi Team,
>
> for DNT-related data,  Roy's assessment of the key regulatory concerns
> matches my experience
>
> Regards,
> matthias
>
> On 2/9/2012 10:49 PM, Roy T. Fielding wrote:
>> Judging from my personal discussions with regulators, I would not
>> say that data collection constraints are a significant concern.
>> Data sharing (on purpose or by failure to handle it properly) is
>> the primary concern.  Data retention beyond that necessary to
>> support user-consented operational uses, or in a form that is
>> unnecessary to support operational uses, is a concern.
>> Obtaining specific and informed consent is a concern.
>
>
>
Received on Thursday, 9 February 2012 23:18:00 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:45 UTC