W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: Proposed Text for Local Law and Public Purpose

From: Lauren Gelman <gelman@blurryedge.com>
Date: Fri, 26 Oct 2012 12:07:44 -0700
Cc: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, Jeffrey Chester <jeff@democraticmedia.org>, "Ed Felten" <ed@felten.com>
Message-Id: <44A63B60-0C87-4F14-BB4E-79D74B5CB98F@blurryedge.com>
To: "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>

I agree that both those points are true. No one is denying that MRC is currently an important piece of the ecosystem. But this standard is obviously meant to change the ecosystem-- it is *not* meant to change local laws.  So let's delete this current action as overly broad. If someone thinks companies need an exception to comply with local laws, then I'm happy to support that one. I'm even happy to draft it.

As a completely separate issue-- which I would group with general concerns about audit-- If you think that MRC should not be affected by DNT, then start a new Action item for an exception to DNT for MRC compliance.  

In order to debate and vote on whether to support this Action Item, people will need to know exactly what deviations from DNT compliance (as currently drafted) will be permitted by this exception.

This is a totally valid conversation.  Audit is important.  In fact, I think it was always assumed that audit issues would be considered.  So let's focus on that rather than the history of MRC (which is interesting as an administrative law issue, or a code vs. law vs. norms debate for us geeks) but is not an relevant issue here. 


Lauren Gelman
BlurryEdge Strategies
415-627-8512

On Oct 26, 2012, at 11:42 AM, Dobbs, Brooks wrote:

> Lauren,
> 
> I think his has all been covered ad naseum, but for a quick recap:
> We have (I think) established that having an MRC audit is not a legal requirement, and further that the MRC was not created officially as an act of Congress but did come into existence out of pressure from a Congressional hearing.  
>  Though it is not a legal requirement it is, at least in some's opinion, an integral and essential piece of the ecosystem without which buyers and sellers could not confidently transact in ad sales.
> Again, I return to my scale certification analogy.  If the seller of pork has to use the buyer's scale they want to make sure they have a common agreement on how the scale was certified.  This is doubly important online where you may not ever even see what you are buying.  To keep the analogy going, I may legally be allowed to buy and sell pork bellies using any scale, but in reality it is only both party's confidence in the scale's accuracy that keeps the market making certified scales a de facto requirement.  The importance here is protecting organizations (and the data they need) to ensure that continued confidence in the market.
> 
> -Brooks  
> 
> 
> 
> -- 
> 
> Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network
> (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com 
> brooks.dobbs@kbmg.com
> 
> <image[140].png>
> 
> This email  including attachments  may contain confidential information. If you are not the intended recipient,
>  do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message.
> 
> From: Lauren Gelman <gelman@blurryedge.com>
> Date: Friday, October 26, 2012 2:13 PM
> To: Brooks Dobbs <brooks.dobbs@kbmg.com>
> Cc: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, Jeffrey Chester <jeff@democraticmedia.org>, Ed Felten <ed@felten.com>
> Subject: Re: Proposed Text for Local Law and Public Purpose
> 
> 
> Can someone explain exactly why this matters?  Is it the "compliance with other rules" language?  If so I suggest we cut this section all together.  No company needs an exception in a voluntary standard to comply with local laws.  And let individual companies figure out how compliance with DNT affects any other obligations (current or future)-- which they are going to do based on business needs and risk no matter what is written here.
> 
> It seems this is a hot of hoopala, and a lot of hoops, over something that is going to have very little practical value.  If my client has a Congressionally mandated compliance requirement, legal requirement, receives a valid law enforcement request, etc. it's going to matter very little to me what DNT says about it.
> 
> Lauren Gelman
> BlurryEdge Strategies
> 415-627-8512
> 
> On Oct 26, 2012, at 7:59 AM, Dobbs, Brooks wrote:
> 
>> Rigo,
>> 
>> I appreciate you trying to find a solution here, but I am really the wrong
>> person to essentially be negotiating for what the MRC does or doesn't need
>> or how they can rejigger their systems.  Again I think I can guess pretty
>> accurately at what MRC or Company XYZ Anti-clickfraud squad might need,
>> but if you are asking specifics or how to change what they do - I'd go to
>> the horses mouth.  Does anyone object to bringing the MRC into the
>> process? 
>> 
>> -Brooks
>> 
>> -- 
>> 
>> Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
>> Wunderman Network
>> (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
>> brooks.dobbs@kbmg.com
>> 
>> 
>> 
>> This email  including attachments  may contain confidential information.
>> If you are not the intended recipient,
>> do not copy, distribute or act on it. Instead, notify the sender
>> immediately and delete the message.
>> 
>> 
>> 
>> On 10/26/12 4:47 AM, "Rigo Wenning" <rigo@w3.org> wrote:
>> 
>>> On Thursday 25 October 2012 15:40:10 Dobbs, Brooks wrote:
>>>> It may be that it is concluded that accrediting measurement is
>>>> incompatible with DNT, but I would suggest that this is an
>>>> outcome with exceedingly broad reaching consequences.
>>> 
>>> There is a big eco-system. But we can't just do nothing because a
>>> change here would affect changes there. I would hope that we can do
>>> DNT so that it is feasible with MRC. Ed has hinted that maybe MRC
>>> can be implemented in a way that is more privacy friendly and thus
>>> acceptable even under DNT:1. I hear Kimon saying that they have done
>>> their homework already and measure without personal data. Maybe a
>>> simple tweak will help. Can we compare IAB EU way to the others?
>>> 
>>> Nobody ever said that this endeavor will be simple. But again, if as
>>> is fits, fine. If we need to tweak, we have to identify what. To
>>> know, we need to know what personal identifiers they use. I hear
>>> Brooks saying "IP" but there may be other identifiers. Nobody wants
>>> to end measuring. But we have to resolve a conflict here between
>>> measuring (and accuracy) against an expressed will of not being
>>> followed and put into a dossier.
>>> 
>>> Brooks do you happen to know what MRC collects? Or is this too
>>> sensitive for a public mailing-list?
>>> 
>>> Rigo
>>> 
>> 
>> 
> 
Received on Friday, 26 October 2012 19:08:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:37 UTC