Re: Proposed Text for Local Law and Public Purpose

I don't entirely agree. Yes, the audit/measurement/verification issue is 
key and is broader than the MRC debate. We have to be careful not to be 
overly narrow. For example, another self-regulatory requirement that has 
been raised as an example is the PCMCP in the UK. As I understand it, 
there's a need under their guidelines to retain data to show the geo 
where pharma ads were shown. There may be other such legitimate uses 
that are not clearly in the scope of "legal requirements." That's the 
other piece we're trying to accommodate.

Another piece is the need to allow for existing contracts. To the extent 
that this DNT standard affects the nature of contractual measurement, 
reporting, and auditing requirements in the future, there is a need to 
provide an exception for existing contracts.

Additionally, Amy's text proposal that started this thread tries to 
accommodate other valuable and legitimate purposes. Are you saying you 
want to create a separate issue for each of these purposes?

On 10/26/12 3:07 PM, Lauren Gelman wrote:
>
> I agree that both those points are true. No one is denying that MRC is 
> currently an important piece of the ecosystem. But this standard is 
> obviously meant to change the ecosystem-- it is *not* meant to change 
> local laws.  So let's delete this current action as overly broad. If 
> someone thinks companies need an exception to comply with local laws, 
> then I'm happy to support that one. I'm even happy to draft it.
>
> As a completely separate issue-- which I would group with general 
> concerns about audit-- If you think that MRC should not be affected by 
> DNT, then start a new Action item for an exception to DNT for MRC 
> compliance.
>
> In order to debate and vote on whether to support this Action Item, 
> people will need to know exactly what deviations from DNT compliance 
> (as currently drafted) will be permitted by this exception.
>
> This is a totally valid conversation.  Audit is important.  In fact, I 
> think it was always assumed that audit issues would be considered.  So 
> let's focus on that rather than the history of MRC (which is 
> interesting as an administrative law issue, or a code vs. law vs. 
> norms debate for us geeks) but is not an relevant issue here.
>
>
> Lauren Gelman
> BlurryEdge Strategies
> 415-627-8512
>
> On Oct 26, 2012, at 11:42 AM, Dobbs, Brooks wrote:
>
>> Lauren,
>>
>> I think his has all been covered ad naseum, but for a quick recap:
>>
>>  1. We have (I think) established that having an MRC audit is not a
>>     legal requirement, and further that the MRC was not created
>>     officially as an act of Congress but did come into existence out
>>     of pressure from a Congressional hearing.
>>  2.  Though it is not a legal requirement it is, at least in some's
>>     opinion, an integral and essential piece of the ecosystem without
>>     which buyers and sellers could not confidently transact in ad sales.
>>
>> Again, I return to my scale certification analogy.  If the seller of 
>> pork has to use the buyer's scale they want to make sure they have a 
>> common agreement on how the scale was certified.  This is doubly 
>> important online where you may not ever even see what you are buying. 
>>  To keep the analogy going, I may legally be allowed to buy and sell 
>> pork bellies using any scale, but in reality it is only both party's 
>> confidence in the scale's accuracy that keeps the market making 
>> certified scales a de facto requirement.  The importance here is 
>> protecting organizations (and the data they need) to ensure that 
>> continued confidence in the market.
>>
>> -Brooks
>>
>>
>>
>> -- 
>>
>> *Brooks Dobbs, CIPP *| Chief Privacy Officer |*KBM Group* | Part of 
>> the Wunderman Network
>> (Tel) 678 580 2683 | (Mob) 678 492 1662 | *kbmg.com <http://kbmg.com>*
>> _brooks.dobbs@kbmg.com <x-msg://1655/brooks.dobbs@kbmg.com>
>>
>> <image[140].png>
>> _
>> This email – including attachments – may contain confidential 
>> information. If you are not the intended recipient,
>>  do not copy, distribute or act on it. Instead, notify the sender 
>> immediately and delete the message.
>>
>> From: Lauren Gelman <gelman@blurryedge.com 
>> <mailto:gelman@blurryedge.com>>
>> Date: Friday, October 26, 2012 2:13 PM
>> To: Brooks Dobbs <brooks.dobbs@kbmg.com <mailto:brooks.dobbs@kbmg.com>>
>> Cc: Rigo Wenning <rigo@w3.org <mailto:rigo@w3.org>>, 
>> "public-tracking@w3.org <mailto:public-tracking@w3.org>" 
>> <public-tracking@w3.org <mailto:public-tracking@w3.org>>, Jeffrey 
>> Chester <jeff@democraticmedia.org <mailto:jeff@democraticmedia.org>>, 
>> Ed Felten <ed@felten.com <mailto:ed@felten.com>>
>> Subject: Re: Proposed Text for Local Law and Public Purpose
>>
>>
>> Can someone explain exactly why this matters?  Is it the "compliance 
>> with other rules" language?  If so I suggest we cut this section all 
>> together.  No company needs an exception in a voluntary standard to 
>> comply with local laws.  And let individual companies figure out how 
>> compliance with DNT affects any other obligations (current or 
>> future)-- which they are going to do based on business needs and risk 
>> no matter what is written here.
>>
>> It seems this is a hot of hoopala, and a lot of hoops, over something 
>> that is going to have very little practical value.  If my client has 
>> a Congressionally mandated compliance requirement, legal requirement, 
>> receives a valid law enforcement request, etc. it's going to matter 
>> very little to me what DNT says about it.
>>
>> Lauren Gelman
>> BlurryEdge Strategies
>> 415-627-8512
>>
>> On Oct 26, 2012, at 7:59 AM, Dobbs, Brooks wrote:
>>
>>> Rigo,
>>>
>>> I appreciate you trying to find a solution here, but I am really the 
>>> wrong
>>> person to essentially be negotiating for what the MRC does or 
>>> doesn't need
>>> or how they can rejigger their systems.  Again I think I can guess 
>>> pretty
>>> accurately at what MRC or Company XYZ Anti-clickfraud squad might need,
>>> but if you are asking specifics or how to change what they do - I'd 
>>> go to
>>> the horses mouth.  Does anyone object to bringing the MRC into the
>>> process?
>>>
>>> -Brooks
>>>
>>> -- 
>>>
>>> Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
>>> Wunderman Network
>>> (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com <http://kbmg.com/>
>>> brooks.dobbs@kbmg.com <mailto:brooks.dobbs@kbmg.com>
>>>
>>>
>>>
>>> This email ­ including attachments ­ may contain confidential 
>>> information.
>>> If you are not the intended recipient,
>>> do not copy, distribute or act on it. Instead, notify the sender
>>> immediately and delete the message.
>>>
>>>
>>>
>>> On 10/26/12 4:47 AM, "Rigo Wenning" <rigo@w3.org 
>>> <mailto:rigo@w3.org>> wrote:
>>>
>>>> On Thursday 25 October 2012 15:40:10 Dobbs, Brooks wrote:
>>>>> It may be that it is concluded that accrediting measurement is
>>>>> incompatible with DNT, but I would suggest that this is an
>>>>> outcome with exceedingly broad reaching consequences.
>>>>
>>>> There is a big eco-system. But we can't just do nothing because a
>>>> change here would affect changes there. I would hope that we can do
>>>> DNT so that it is feasible with MRC. Ed has hinted that maybe MRC
>>>> can be implemented in a way that is more privacy friendly and thus
>>>> acceptable even under DNT:1. I hear Kimon saying that they have done
>>>> their homework already and measure without personal data. Maybe a
>>>> simple tweak will help. Can we compare IAB EU way to the others?
>>>>
>>>> Nobody ever said that this endeavor will be simple. But again, if as
>>>> is fits, fine. If we need to tweak, we have to identify what. To
>>>> know, we need to know what personal identifiers they use. I hear
>>>> Brooks saying "IP" but there may be other identifiers. Nobody wants
>>>> to end measuring. But we have to resolve a conflict here between
>>>> measuring (and accuracy) against an expressed will of not being
>>>> followed and put into a dossier.
>>>>
>>>> Brooks do you happen to know what MRC collects? Or is this too
>>>> sensitive for a public mailing-list?
>>>>
>>>> Rigo
>>>>
>>>
>>>
>>
>