- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Tue, 02 Oct 2012 09:41:10 -0400
- To: Rigo Wenning <rigo@w3.org>
- CC: Mike Zaneis <mike@iab.net>, David Wainberg <david@networkadvertising.org>, Nicholas Doty <npdoty@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
See below... On 10/2/12 3:54 AM, "Rigo Wenning" <rigo@w3.org> wrote: >On Monday 01 October 2012 19:49:37 Alan Chapell wrote: >> The only thing you and I agree upon here is that you can't provide >> the smoking gun. (: > >... which is a personal limitation, not an absolute one. We can go >ask the DPAs and people who are closer to the day by day cases to >provide us with some really creepy stories. But I think sometimes >misunderstandings are considered a feature. >> >> >More below? >> >> >Oh, Airline XYZ can only do so because they have bought the >> >profile that tells them I can afford the higher price... - just >> >as an example - That we do not address first parties is >> >irrelevant for the EU and a sign of careful nudging of the US >> >community. >> >> In my experience, it would be unlikely (at best) that airline >> XYZ.com would operate in the way that you're suggesting. We need >> to distinguish what is POSSIBLE in theory from what is PRACTICAL. > >The question is not about what you guess the airline would do (it >was a broker). The point is that they collected data for the purpose >stateful service and used it for price discrimination. This is an assumption that you are making without providing any evidence. > This is a >consumer protection issue. This is my point, not more. If you >collect data to determine that somebody is from the UK, you may well >give them a different price. Or you may exclude Germans from Youtube >because of licensing battles between GEMA and Google. And as soon as >there is an issue, people will route around. If the incentive is >strong enough, the masses will move. Look at the download statistics >of adblock plus. If you're not seen to honor privacy choices (and >continue to do business, thus my call for innovation), the consumers >will IMHO react with data blocking. I can show you the tools. This >is very easy and effective. You prefer that? At some point in time, >the arms race will hit the limit of the legislation around hacking >(the consumer's computers) > >> >> So if this is your example of harm, you may want to keep looking >(: > >The harm is the undue price discrimination because of superior >knowledge that has its roots in the data collection. >Again, I don't >know what harm you're looking for. Your exemption is not "use IP >addresses to show PCMCP that the user that got the ad is from the >UK". Your exemption is: "Whatever code of conduct fits me best will >trump the user's stated preference". Please point me to the place where I've made this statement - or anything close to it. Are we reading minds now? > > >This allows to continue to build profiles despite the DNT:1 header >being present. With a good profile you can predict people and >manipulate them. This is why targeted advertisement is so much more >effective and expensive. There are a gazillion other examples. Even >a constitutional court said some 28 years ago that the creepiness >created by those profiles has a harming dimension that justifies >societal intervention. So it is not just me and my imagination. > >And you come here, take one of my funny examples and declare: "There >is no harm!". While it is right to question limitations, it is also >right to question data collection. While my example may be a bit >thin (I shouldn't have provided one, just point you to a large >collection, Ninja's office has one) its thinness can't be taken as >an argument to question the collection limitation principle in >general as introduced by the OECD in 1981. > > > >> >> >2/ Democratic values >> >[...] >> >> If you put the third party intermediaries out of business - by >> definition the marketplace will be smaller. > >If the only option for SMEs to survive would be unlimited data >collection for financial reporting, this would be a sinister >outlook, indeed. > >> >Because there is a fundamental transatlantic divide. We have that >> >even internally. While the eastern part believes that the >> >availability of organized personal data is very prone to abuse, >> >the western part believes that it is all about use limitations. >> >Give the data to the junkie but say: "do not use!". Some >> >believe, some don't. Note that those legitimate exceptions are >> >law in EU. Self regulation has to re-invent those. For the >> >unregulated, this is a test whether we can find a reasonable >> >compromise without the formal democratic process. >> >> I have no idea what you mean here > >Normal, you are part of the divided landscape and you haven't tried >looking beyond your own side of things. This is all about collection >limitations and quick transformations of personal data collected to >remove the personal context. Mainly, large collections of personal >data are seen as an intrinsic danger. > >> But while we're on the subject >> of providing arguments for your assertions, I'd invite you to >> provide a specific argument of harm that addresses the request >> for exemptions. If the XYZ.com is the best you can do, well... > >Google for Censilia and Zensursula. You'll find a filtering system >for control of information streams with large scope creep (also >active in the US and Canada I think). I said already 2 times: >Governments and others would love to have national Internets they >can control. The more you collect data, the more you can control >people. You say: But I promise not to control people with that data. >Others may say, avoid the collection in the first place, especially >if the users has asked you not to collect. In Egypt, they found ways >around very quickly. You haven't answered that argument yet. And how exactly, will DNT address these? > >The problem with your exemption is that it can be believed to be the >portal for collection scope creep even under DNT:1. The more I see >the intensity of the fight, the more I'm inclined to believe in the >scope creep here. How can it be avoided that you create the >contractual obligations that allows you to collect data under >exemptions as before regardless of the DNT header? > >> >I see the polls that indicate that over 56% of Europeans erase >> >_all_ their cookies at least once a month. 25% weekly (from the >> >top of my head, search for eurobarometer). >> > >> >2002, the industry thought: "danger banned, no privacy provisions >> >in the US, move on". And the browsers thought: "we manage >> >cookies by blocking tools". Ten years after, we are back to the >> >core semantic problem: "Can I trust your assertions?". What does >> >that tell me? Everybody has to optimize in some direction. >> >That's what this effort is all about. I have to optimize in the >> >direction of excellence... And putting in question the bases of >> >the effort for financial reporting is against my optimization >> >target. And there, your wording was much better (and stronger) >> >than mine. >> >> Thank you. Its interesting that you reference P3P. Do you believe >> that P3P was a success? > >It was a huge success for the industry to avoid legislation in the >US. It was a huge browser-failure. If you could elaborate on the ways the P3P helped avoid legislation in the U.S., I'd appreciate it. >And it was a respectable >scientific success as all newer policy and data handling research is >still very often based on the P3P statement vocabulary. I don't >think all browsers will repeat the same mistakes. IMHO, the changes >without DNT would change your business more than I ever could with >my emails and discussion. I'm trying to find a middle ground and new >ways to allow for the same business with less data to avoid that >bump. I try to help. If this leads into the trenches, it is >unfortunate. > > >Rigo > > > >
Received on Tuesday, 2 October 2012 13:41:49 UTC