W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: ISSUE-45 ACTION-246 Clarified proposal on compliance statements

From: David Wainberg <david@networkadvertising.org>
Date: Mon, 29 Oct 2012 15:13:00 -0400
Message-ID: <508ED53C.5070105@networkadvertising.org>
To: Lauren Gelman <gelman@blurryedge.com>
CC: Shane Wiley <wileys@yahoo-inc.com>, John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Lauren, that is a possible token. As explained in the top post on this 
thread 
(http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0154.html) 
this will, in a fully transparent way, accommodate the variation we will 
necessarily see in the way companies are able to honor DNT.

On 10/29/12 2:55 PM, Lauren Gelman wrote:
>
> Does that mean a US/DAA "token" is permitted under the language?
>
> Lauren Gelman
> BlurryEdge Strategies
> 415-627-8512
>
> On Oct 29, 2012, at 11:46 AM, David Wainberg wrote:
>
>> Hi Lauren,
>>
>> I think in general I think it will be hard for companies to speculate 
>> whether or how they'll honor DNT before the specs are done. Once 
>> there are defined standards, then companies will be able to determine 
>> what is applicable for their business.
>>
>> -David
>>
>> On 10/29/12 2:30 PM, Lauren Gelman wrote:
>>> Shane.  Does this permit a US/DAA "token" and would Yahoo use that 
>>> one or the W3C one this group is developing?
>>>
>>> Lauren Gelman
>>> BlurryEdge Strategies
>>> 415-627-8512
>>>
>>> On Oct 29, 2012, at 11:13 AM, Shane Wiley wrote:
>>>
>>>> John,
>>>>  This is still a single specification but provides for regional 
>>>> variance in communicating the user which policy their DNT will be 
>>>> honored under.  W3C is still a valid response but this would allow 
>>>> E/DAA to be a valid response as well.
>>>>  - Shane
>>>>  From: John Simpson [mailto:john@consumerwatchdog.org]
>>>> Sent: Monday, October 29, 2012 2:05 PM
>>>> To: David Wainberg
>>>> Cc: public-tracking@w3.org <mailto:public-tracking@w3.org>
>>>> Subject: Re: ISSUE-45 ACTION-246 Clarified proposal on compliance 
>>>> statements
>>>>  David,
>>>>  I'm puzzled here.  I don't think the WG is anywhere near consensus 
>>>> on the concept that the spec should provide servers with an 
>>>> opportunity to select what DNT regime they are following.  My 
>>>> impression is that we are working to develop a single 
>>>> specification. This suggestion seems to undercut that concept.
>>>>  Best regards,
>>>> John
>>>>  ----------
>>>> John M. Simpson
>>>> Consumer Advocate
>>>> Consumer Watchdog
>>>> 2701 Ocean Park Blvd., Suite 112
>>>> Santa Monica, CA,90405
>>>> Tel: 310-392-7041
>>>> Cell: 310-292-1902
>>>> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
>>>> john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>>>>  On Oct 29, 2012, at 9:57 AM, David Wainberg wrote:
>>>>
>>>>
>>>> Editors -- can we please add these options to the two docs?
>>>>
>>>> TPE: Add a required "compliance" field to the tracking status 
>>>> resource in the TPE, where the value indicates the compliance 
>>>> regime under which the server is honoring the DNT signal. In 5.5.3 
>>>> of the TPE:
>>>>
>>>>     A status-object MUST have a member named compliance that 
>>>> contains a single compliance mode token.
>>>>
>>>>
>>>> TCS:
>>>>
>>>>     Compliance mode tokens must be associated with a legislative or 
>>>> regulatory regime in a relevant jurisdiction, or with a relevant 
>>>> and established self-regulatory regime.
>>>>
>>>>
>>>> On 10/9/12 9:22 AM, David Wainberg wrote:
>>>> ACTION-246 
>>>> (http://www.w3.org/2011/tracking-protection/track/actions/246), 
>>>> which relates to ISSUE-45 
>>>> (http://www.w3.org/2011/tracking-protection/track/issues/45).
>>>>
>>>> Hello all,
>>>>
>>>> This is a clarification of my previous proposal 
>>>> (http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0012.html). 
>>>> I'm launching it on a fresh thread, because the previous one got a 
>>>> bit wild and off-topic.
>>>>
>>>> Recall that this arose out of the problem of how or where parties 
>>>> may or must make statements regarding their DNT compliance. One 
>>>> proposal, which many of us strongly objected to, was to make 
>>>> provision of the tracking status resource in and of itself an 
>>>> assertion of compliance with the DNT spec. That proposal was a 
>>>> replacement for an initial proposal to require a public statement 
>>>> of compliance, but without specifying where or how that statement 
>>>> must be made.
>>>>
>>>> The problems with these proposals are that the one is overly 
>>>> strict, does not provide any flexibility, and sets up a legal 
>>>> landmine that companies will avoid by not providing the WKL, and 
>>>> the other is too loose; it allows for potentially unlimited 
>>>> variation in how companies honor DNT and where and how they make 
>>>> their commitments to do so.
>>>>
>>>> This proposal solves these problems by requiring a statement in the 
>>>> status resource regarding compliance with one of a limited set of 
>>>> DNT variations. Although I understand the desire for and 
>>>> attractiveness of a single universal specification for DNT 
>>>> compliance, the reality is that we will have to accommodate some 
>>>> variation based on, e.g., business model, geography, etc. Examples 
>>>> of this problem arose during the Amsterdam meeting. If we want to 
>>>> ensure wide adoption and enforceability of DNT, this is the way to 
>>>> do it.
>>>>
>>>> The proposal is the following:
>>>>
>>>> Add a required "compliance" field to the tracking status resource 
>>>> in the TPE, where the value indicates the compliance regime under 
>>>> which the server is honoring the DNT signal. In 5.5.3 of the TPE:
>>>>
>>>>     A status-object MUST have a member named compliance that 
>>>> contains a single compliance mode token.
>>>>
>>>> From here, I look to the group for discussion regarding how and 
>>>> where to define compliance mode tokens. My initial version of this 
>>>> proposal suggested looking to IANA to manage a limited set of 
>>>> tokens to prevent collisions. I think there was some 
>>>> misunderstanding and concern about how this would work. No -- 
>>>> companies should not just create their own arbitrary values. My 
>>>> view is that each token must have a well-defined and 
>>>> widely-accepted meaning. How's this:
>>>>
>>>>     Compliance mode tokens must be associated with a legislative or 
>>>> regulatory regime in a relevant jurisdiction, or with a relevant 
>>>> and established self-regulatory regime.
>>>>
>>>> I'm open to other ideas for this.
>>>>
>>>> Cheers,
>>>>
>>>> David
>>>>
>>>>
>>
>>
>
Received on Monday, 29 October 2012 19:13:30 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:37 UTC