W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: ACTION-265

From: Lauren Gelman <gelman@blurryedge.com>
Date: Wed, 17 Oct 2012 14:47:22 -0700
Cc: Shane Wiley <wileys@yahoo-inc.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-Id: <CE0DA4BC-7EEC-4D19-9F57-338D95BCE628@blurryedge.com>
To: David Wainberg <david@networkadvertising.org>

David.  That is not what this clause says.  If you want to do this (plus my suggestions), it should say something like:

"a party that despite reasonable investigation when making the promise, discovers that it has failed to comply with DNT, should not be held responsible for that breach if, within a reasonable period of time, it: (a) prominently posts notice of the breach; (b) brings any data collected during the lapse into compliance with this standard;  AND (c) confirms it is in compliance with the standard going forward."

I put in "despite reasonable investigation when making the promise"  as I have no idea what unintentionally meant in the original definition.  Anything short of knowingly?  Doesn't a company that is promising DNT compliance have some obligation to investigate whether they are actually in compliance?  If not it seems like this is a whole lot of work for nothing.

Please note, I think this is A BAD IDEA and should be left out of the spec.  However if it is meant as an opportunity to "cure" a breach than, per Berin's suggestion, it should be written so the lawyers can parse it ;)

Lauren Gelman
BlurryEdge Strategies
415-627-8512

On Oct 17, 2012, at 2:14 PM, David Wainberg wrote:

> Hi Lauren,
> 
> On 10/17/12 4:50 PM, Lauren Gelman wrote:
>> 
>> I have to say I think this is an extraneous provision.  It does nothing to affect liability imposed for promises that were made while the company was out of compliance that were not adhered to.  Saying that a company who has promised DNT and breached that promise can continue to to claim to be in compliance with it for an arbitrary period of additional time is bizarre.  It is self-evident that to cap liability for the breach of promise you need to either stop promising or must bring your practices into compliance with the standard.
> I disagree. This gives companies who unintentionally violate the standard an explicit exception from liability as long as they fix the problem within a reasonable time after discovery. Why is that concept extraneous or bizarre?
> 
>> 
>> It could be useful for the group to require that a company that finds itself out of compliance (a) notify its users or (b) require that it delete any data collected while the company was not accurately tagging the data's DNT signal.  
>> 
> Isn't option b what this does? Bring the data that was collected out of compliance into compliance within a reasonable time. 
> 
> Regards,
> 
> David
> 
>> On Oct 16, 2012, at 9:58 PM, Shane Wiley wrote:
>> 
>>> Updated text per our discussions in Amsterdam.
>>>  
>>> Tracking Compliance and Scope
>>> Section 3.8.1
>>>  
>>> It may happen that a party claiming compliance with this standard will retain or use data without awareness that it is doing so contrary to its intended party position with respect to the standard. In such a case, the party must bring its practices and prior collected data into compliance with the standard within a commercially reasonable time after it learns of such non-compliant activity.
>>>  
>> 
> 
Received on Wednesday, 17 October 2012 21:47:53 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:36 UTC