W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Towards a Grand Compromise

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Wed, 6 Jun 2012 14:28:53 -0700
To: JC Cannon <jccannon@microsoft.com>
Cc: Tamir Israel <tisrael@cippic.ca>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <7B4C0B569CC9494BA8B44C79ADDE268D@gmail.com>
JC, 

Our proposal accommodates storage of low-entropy information in the user agent, such as a "Language=Pig Latin" cookie.  It does not allow for active collection of a user's browsing history using any technology (e.g. an ID cookie, supercookie, or fingerprint).

As for phasing requirements in over time, many stakeholders were favorable towards the idea.  I certainly am.

Best,
Jonathan


On Wednesday, June 6, 2012 at 8:16 AM, JC Cannon wrote:

> 
> Jonathan,
> 
> 
>  
> 
> 
> On item 3, could you explain how multi-use cookies would work. For efficiency, many sites will use one cookie for multiple purposes and to change this would take time.
> 
> 
>  
> 
> 
> Thanks,
> 
> 
> JC
> 
> 
>  
> 
> 
> From: Tamir Israel [mailto:tisrael@cippic.ca] 
> Sent: Wednesday, June 06, 2012 7:04 AM
> To: Jonathan Mayer
> Cc: public-tracking@w3.org (mailto:public-tracking@w3.org)
> Subject: Re: Towards a Grand Compromise
> 
> 
> 
> 
>  
> 
> 
> I have an issue with the use of the term 'explicit consent' in the context of 1.1. This is perhaps a terminology problem. 
> 
> Specifically, under must DP frameworks (and I feel we are operating in a data protection paradigm here), 'explicit consent' basically means a positive act assenting to the collection, use or disclosure of personal information. 
> 
> I understood the objective of the spec is to 'express user preferences' (this is not the same as consent, I get the impression we are conflating the two).
> 
> Take your: "Example: The user agent's privacy preferences pane includes controls for configuring the Tracking Preference signal." This is more or less the archetypal description of _implicit_ consent, not explicit.
> 
> Best,
> Tamir
> 
> 
> On 6/6/2012 8:06 AM, Jonathan Mayer wrote: 
> 
> 
> This group has made tremendous progress.  As we enter our second year and look forward to our fifth meeting, we can celebrate achieving hard-won consensus on many difficult topics. 
> 
> 
> 
>  
> 
> 
> 
> It's time to complete our task.  We have given shape to the several issues at the center of Do Not Track policy, but we have not reached agreement on how to resolve them.  Those issues are, in brief:
> 
> 
> 
>  
> 
> 
> 
> 1) May a user agent enable Do Not Track by default?
> 
> 
> 
>  
> 
> 
> 
> 2) May a website share its information with corporate affiliates?
> 
> 
> 
>  
> 
> 
> 
> 3) May a third-party website continue to set tracking cookies (or use an equivalent technology for collecting a user's browsing history)?
> 
> 
> 
>  
> 
> 
> 
> Peter Eckersley (EFF), Tom Lowenthal (Mozilla), and I (Stanford) have iterated on a comprehensive compromise proposal that addresses these issues.  The text draws extensively on prior drafts from multiple constituencies.  It would, in short:
> 
> 
> 
>  
> 
> 
> 
> 1) Require explicit consent for enabling Do Not Track.
> 
> 
> 
>  
> 
> 
> 
> 2) Allow affiliate information sharing.
> 
> 
> 
>  
> 
> 
> 
> 3) Prohibit tracking cookies.
> 
> 
> 
>  
> 
> 
> 
> We have received valuable feedback from a number of participant viewpoints, including browser vendors, advertising companies, analytics services, social networks, policymakers, consumer groups, and researchers.  Out of respect for the candid nature of those ongoing conversations, we leave it to stakeholders to volunteer their contributions to and views on this proposal.
> 
> 
> 
>  
> 
> 
> 
> As you review the draft, please recognize that it is a compromise proposal.  The document is not a retread of well-worn positions; it reflects extraordinarily painful cuts for privacy-leaning stakeholders, including complete concessions on two of the three central issues.  Some participants have already indicated that they believe the proposal goes too far and are unwilling to support it.
> 
> 
> 
>  
> 
> 
> 
> We would ask all stakeholders to approach the document with a collegial spirit.  I can assure you now: there will be components of the proposal that you will not like.  Some industry and advocacy participants will flatly reject it.  But when everyone in the center of the group is just a bit unhappy, I think we've found our consensus.
> 
> 
> 
>  
> 
> 
> 
> Sincerely,
> 
> 
> 
> Jonathan
> 
> 
> 
>  
> 
> 
> 
>  
> 
> 
> 
> 
> 
Received on Wednesday, 6 June 2012 21:29:25 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC