- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Fri, 26 Apr 2013 09:44:05 -0400
- To: Rigo Wenning <rigo@w3.org>
- CC: <public-tracking@w3.org>, David Singer <singer@apple.com>, "Edward W. Felten" <felten@cs.princeton.edu>
Thanks Rigo. I'm not sure this is simply a case of lawyerly myopia. More below. On 4/25/13 8:21 PM, "Rigo Wenning" <rigo@w3.org> wrote: >Alan, > >I was waiting for that question because it looks at the world with the >eyes of a lawyer :) > >The text does not have to target the user agent. "User agent" is just >something that can initiate an HTTP request. So "user agent" is nothing >that can be liable. I'm not looking to establish liability. Rather, I'm trying to establish accountability. And in order to establish accountability, we need to understand who are the entities that are turning DNT on. If the entities that enact DNT are not able to ensure that the user has been notified of DNT functionality, then I'd like to understand who IS responsible in your view. The entity that enacts DNT MUST meet some bar of informed consent -- If we don't have a requirement to that effect in this spec, we'll have lots of DNT signals floating around with few users understanding what that means. > > >What you're looking for are statements of conformance. No - I want to understand who is responsible for ensuring that DNT functionality is clearly described in line with privacy by design concepts. >My software is >conformant to the the Tracking Protection Standard. Now the implementer >has to show that the user is informed before making a decision to be >conformant, however this software informs the user (the MP3 player may >read it out to you). The fact that a legal entity is making claims of >conformance without informing the user is the connection you need for >liability. I'm sorry Rigo, but I'm just not understanding. Who here is the implementer here? > > >So talking about the "user" instead of the "user agent" actually does >the trick. So you need to find a wording that addresses the requirements >from a user perspective. What do we need to provide -at least- to the >user to be conformant. This somewhat satisfies Ed's use case and David's >remarks. I think we're in agreement re: the User must be informed. We can word the requirement from the pov of the User if you'd like, but I don't think that changes the fact that SOME 'thing' sends a DNT header. That thing may be a browser or other User agent, a piece of software, a refrigerator, a carrier pigeon, etcŠ The spec needs to have some requirement that those things that turn on DNT have a responsibility to meet some baseline standard of informed consent. Otherwise, we don't have a standard that is meaningful for anyone. > > > --Rigo > >On Thursday 25 April 2013 14:14:12 Alan Chapell wrote: >> Thanks Rigo. >> >> Let me ask what may appear to be a dumb question. In your view, who is >> responsible for ensuring informed consent - if not the User Agent? > >
Received on Friday, 26 April 2013 16:40:24 UTC