- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Fri, 20 Jan 2012 16:15:39 -0600
- To: David Wainberg <dwainberg@appnexus.com>
- Cc: Shane Wiley <wileys@yahoo-inc.com>, David Singer <singer@apple.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-Id: <EB96B05E-A872-47C4-9A2B-8B7FDA39461E@stanford.edu>
On Jan 20, 2012, at 4:08 PM, David Wainberg wrote: > > > On 1/20/12 1:19 PM, Jonathan Mayer wrote: >>>> There was consensus at Santa Clara that the outsourcing exception requires both legal and technical precautions. There was not consensus about what those precautions are against, either 1) collecting data that could be correlated across first parties, or 2) commingling data across first parties. David's draft text proposes the former rule (which de facto encapsulates the latter rule), and I am in support. >>> I do not recall consensus on this. Wasn't there dissent regarding the feasibility of such precautions? My view is that legal requirements in this technical standard are not workable. >> See the minutes from the first day of Santa Clara. Shane's proposal was a MUST on legal precautions and a SHOULD on technical precautions. My proposal was a MUST on legal precautions and a MUST on technical precautions - including origin-scoped data. The group compromised with a MUST on legal precautions and a MUST on technical precautions, with a non-normative suggestion of origin-scoped data. It was a great example of consensus-building through compromise. I hope Brussels will follow suit. > Can you point me to this in the minutes? I don't recall a consensus on baking legal precautions into the standard. http://www.w3.org/2011/10/31-dnt-minutes.html Discussion of ISSUE-73. >>>> I believe there is consensus on how the most common widget use cases should turn out. There appeared to be consensus on the list and in calls to apply a user expectations test to borderline cases, but that consensus may no longer exist. >>> No, I don't think we had consensus that a "user expectations" test should be used. A user expectations standard is absolutely unworkable for companies trying to implement. From my conversations with others in industry, the one thing almost everyone says they want out of DNT is clarity. The ambiguity of a user expectations test would, in my view, be a disaster. >> My text on widgets in late October included an objective user expectations component. Tom's subsequent text included a subjective user intent component. In the lengthy discussions of both texts - in calls, on the list, and in person - I cannot recall any objection to the reliance on user expectations. That said, I recognize that many in the group are now uncomfortable with a user expectations approach, and that's why I noted that to the extent there was consensus earlier, it "may no longer exist." >> >> As for a user expectations test being "absolutely unworkable" and lacking "clarity" - I thoroughly disagree, and despite protracted grousing from many in the group, I have yet to see use cases to the contrary. I'm sure it'll make for lively discussion in Brussels. > It's one thing to use our notions of user expectations to guide our development of the spec. That's fine. However, it's something else to bake it into the spec as a standard that must be met. And regardless of any consensus in this group, my point as someone who actually may have to implement this at a company is that it's too way too vague.
Received on Friday, 20 January 2012 22:16:12 UTC