RE: Towards a Grand Compromise

Shane and Jonathan, the way I read the compromise proposal is that first parties, corporate affiliates and service providers would be allowed to operate as first parties.  First parties could only claim a corporate affiliate if there was common branding or a way to easily discover the relationship (e.g. in a privacy policy).  Service providers would have some restrictions on their activity (e.g. contract with first party and siloing the data per first party).

Correct me if I’m wrong, but at least this portion seems to be a compromise.

From: Shane Wiley [mailto:wileys@yahoo-inc.com]
Sent: Friday, June 08, 2012 10:43 AM
To: Jonathan Mayer; public-tracking@w3.org
Subject: RE: Towards a Grand Compromise

Jonathan,

Thank you for evolving the original proposal from DC.  Since you’ve decided to call this the “Grand Compromise” could you please help me understand where the compromise really is?  After reviewing your key points of “compromise”, I’m not really seeing any.


1.       User must expressly activate DNT:  The TPWG decided on this and captured it in draft text over 9 months ago.  No compromise here.

2.       Affiliate 1st Party Definition:  On the surface this appears to be a compromise but once we get to #3 it clearly isn’t.

3.       No “Tracking Cookies”:  By this I believe your text is focused on cookies with unique identifiers.  Once those unique identifiers are removed then the data becomes “unlinkable”.  We’ve all agreed that “unlinkable” data is outside the scope of the standard and can be shared generously (although I wouldn’t personally advise that).  With that in mind, the “Affiliate 1st Party Definition” is meaningless in your context.

I see no mention of Permitted Uses, which the FTC and several EU DPAs have each conceded will be necessary for businesses to remain operational.

In essence, I’m not seeing any real change since your submission in DC.  Can you please help me understand what I’m missing on the “unlinkability” outcome?  I thought this was also your position in DC and have raised that concern in the discussion of “temporary log file retention”.  In my opinion, If you don’t agree with the complete “unlinkability” outcome, then the “temporary log file retention” discussion isn’t helpful.

Happy to learn more of your perspectives here.

Thank you,
- Shane

From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Thursday, June 07, 2012 10:40 PM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: Re: Towards a Grand Compromise

We've already received an extraordinary amount of feedback from working group participants on this proposal.  Thanks!

In the interest of keeping revisions sane, I've created a repo on GitHub.  The version control is available at https://github.com/jonathanmayer/dnt-compromise/blob/gh-pages/compromise-proposal.html, and the latest version can be viewed at http://jonathanmayer.github.com/dnt-compromise/compromise-proposal.html.


Jonathan

On Wednesday, June 6, 2012 at 8:06 AM, Jonathan Mayer wrote:
This group has made tremendous progress.  As we enter our second year and look forward to our fifth meeting, we can celebrate achieving hard-won consensus on many difficult topics.

It's time to complete our task.  We have given shape to the several issues at the center of Do Not Track policy, but we have not reached agreement on how to resolve them.  Those issues are, in brief:

1) May a user agent enable Do Not Track by default?

2) May a website share its information with corporate affiliates?

3) May a third-party website continue to set tracking cookies (or use an equivalent technology for collecting a user's browsing history)?

Peter Eckersley (EFF), Tom Lowenthal (Mozilla), and I (Stanford) have iterated on a comprehensive compromise proposal that addresses these issues.  The text draws extensively on prior drafts from multiple constituencies.  It would, in short:

1) Require explicit consent for enabling Do Not Track.

2) Allow affiliate information sharing.

3) Prohibit tracking cookies.

We have received valuable feedback from a number of participant viewpoints, including browser vendors, advertising companies, analytics services, social networks, policymakers, consumer groups, and researchers.  Out of respect for the candid nature of those ongoing conversations, we leave it to stakeholders to volunteer their contributions to and views on this proposal.

As you review the draft, please recognize that it is a compromise proposal.  The document is not a retread of well-worn positions; it reflects extraordinarily painful cuts for privacy-leaning stakeholders, including complete concessions on two of the three central issues.  Some participants have already indicated that they believe the proposal goes too far and are unwilling to support it.

We would ask all stakeholders to approach the document with a collegial spirit.  I can assure you now: there will be components of the proposal that you will not like.  Some industry and advocacy participants will flatly reject it.  But when everyone in the center of the group is just a bit unhappy, I think we've found our consensus.

Sincerely,
Jonathan



Attachments:
- compromise-proposal-pde-tl-jm.html
- compromise-proposal-pde-tl-jm.pdf

Received on Friday, 8 June 2012 14:57:56 UTC