Re: Proposed California Law affecting DNT from John Simpson on 2013-03-29 (public-tracking@w3.org from March 2013)

From: John Simpson <john@consumerwatchdog.org>
Date: Fri, 29 Mar 2013 11:19:02 -0700
To: Craig Spiezle <craigs@otalliance.org>
Cc: <public-tracking@w3.org>, <ifette@google.com>
Message-Id: <5D1968E5-FF81-4CBB-8F0D-466408A440BC@consumerwatchdog.org>
If we settle on our two specifications, the TPE and the TCS, I think it would be fine if a Website said that they honored or did not honor DNT in their privacy policy.  That should, however, be in addition to the required responses from the server when it receives a DNT:1 signal.  Only disclosing how you handle DNT requests in the privacy policy would be completely inadequate.



On Mar 28, 2013, at 10:30 PM, Craig Spiezle <craigs@otalliance.org> wrote:

> Once there agreement of what DNT means, I would like to understand any issues (pro or con) on a privacy policy making the assertion of them honoring DNT or asserting they do not.  In either case I tend to think it is good to have disclosure and transparency.  Comments? 
>  
>  
>  
>  
>  
>  
>  
> From: John M. Simpson [mailto:john@consumerwatchdog.org] 
> Sent: Thursday, March 28, 2013 10:23 PM
> To: ifette@google.com
> Cc: public-tracking@w3.org Group WG
> Subject: Re: Proposed California Law affecting DNT
>  
> I am just reporting what I have been told.
> 
> ----------------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> Tel: 310-392-7041
>  
> 
> On Mar 28, 2013, at 7:47 PM, Ian Fette (イアンフェッティ) <ifette@google.com> wrote:
> 
> And how does one contact an actual user given an ip? That ip could be a nat with 50 computers behind it, or 5000. And its not like you can just call up an ip and say "please tell the user I have a great offer for them..." so I'm really not sure in what context this is used to contact a user, unlike an email address or phone number...
> 
> On Mar 28, 2013 7:10 PM, "John Simpson" <john@consumerwatchdog.org> wrote:
> AG's folks tell me their interpretation is broader than traditional PII. Item 6 is:
> "(6) Any other identifier that permits the physical or online contacting of a specific individual."
> 
> They say they they understand that provision to include an IP address and a device ID.
>  
>  
> On Mar 28, 2013, at 5:02 PM, Ian Fette (イアンフェッティ) <ifette@google.com> wrote:
> 
> 
> Two thoughts,
>  
> 1, it seems the language of the bill is a bit confused around who is doing what, specifically it talks about the first party honoring the request to not "track", with an added obligation to explicitly call out the special circumstance where the website somehow enforces restrictions on third parties (by technical or contractual means?!)
>  
> 2, hey, it defines tracking! And the tracking seems to be defined as the collection of PII such as name, email, or social security number (specifically defined on page 3 line 19 forward).
>  
> 
> On Thu, Mar 28, 2013 at 4:53 PM, John Simpson <john@consumerwatchdog.org> wrote:
> Colleagues,
>  
> The California Attorney General is sponsoring a bill that could be of interest to our working group. It is AB 370 introduced by Assemblyman Al Muratsuchi.  I've attached it as a PDF file.  I'm not sure that the current language exactly accomplishes what the AG's office tells me is their intent, but here is what I was told they want to do:
>  
> The bill would amend existing California law requiring privacy policies to require that a commercial website would have to include in its privacy policy whether or not it honors a Do-Not-Track message.  The intent, I was told, is to increase transparency and shift some of the responsibility for Do Not Track on to consumer-facing 1st party sites.
>  
> The idea is that a 1st party website could not claim it honored Do Not Track if it allowed or knew it had 3rd parties on its site that engaged in tracking.
>  
> The bill offers this definition of tracking:
>  
> "The term "online tracking" means the practice of collecting personally identifiable information about and individual consumer's online activities over time and across different Web sites and online services."
>  
> I thought you would be interested.
>  
> Best regards,
> John
>  
>  
> ---------
> John M. Simpson
> Privacy Project Director
> Consumer Watchdog
> 2701 Ocean Park Blvd., Suite 112
> Santa Monica, CA, 90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org
>  
>  
>  
>  
> 
> 
>  
>  
>  
>
Received on Friday, 29 March 2013 18:19:33 UTC