FW: Questions/Comments on the current Compliance Spec Draft

Hi all,

Here is the email I sent Nick, Justin, Heather and Matthias last night.  I was going to send the comments/feedback to the list; but because some of my comments are editorial and some may be substantive, I wasn't sure how to properly label them per the new structure.

-Vinay

From: Vinay Goel <vigoel@adobe.com<mailto:vigoel@adobe.com>>
Date: Tuesday, September 17, 2013 11:20 PM
To: Nicholas Doty <npdoty@w3.org<mailto:npdoty@w3.org>>, Justin Brookman <jbrookman@cdt.org<mailto:jbrookman@cdt.org>>, Heather West - Google <heatherwest@google.com<mailto:heatherwest@google.com>>, "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org<mailto:mts-std@schunter.org>>
Subject: Questions/Comments on the current Compliance Spec Draft

Hi Nick, Justin, Heather and Matthias,

I wanted to reach out to the three of you before reaching out to the entire mailing list because I have some questions regarding the current Compliance Spec.  Specifically, I want to understand whether my comments are valid and whether they can be submitted either as issues or comments.  Curious to hear your thoughts.  I'm happy to provide more (as you can see I made a big jump in the end do to getting tired…) if these are helpful / are comments I should share with the broader working group.  If I should do the latter, Nick, I'd love your help on the best way to do that (I have to admit I'm behind on emails and not sure how to do it).

Comment 1 — I believe Editorial:  Section 2.8 — Deidentified
- Current text: "commits to try not to reidentify the data;"
- Comment: First off, the spec uses 're-identify' in #3.  So I'd suggest switching to re-identify for consistency.  Second, the current language is a tongue twister.  Instead, would something like "Commits from trying to re-identify the data" or "Commits to not trying to re-identify the data"?  I believe both capture the same intent but are clearer to read.

Comment 2 — I believe both Editorial and Structural: Section 2.10 — Definition of Collects
- Current Text: "A party collects data if it receives the data and shares the data with other parties or stores the data for more than a transient period."
- Comment: This sentence has unclear conjunctions.  I think it would help a lot if you add 'either' between 'and' and 'shares'.  Second, I would change the sentence to "A party collects data if it receives the data and either shares the data or stores the data for more than a transient period."  Since Shares is defined below, do we need to restate 'with other parties'?  Third, personally, I feel like the idea 'stores the data for more than a transient period' is 'retaining the data'.  Is there a reason why you don't use 'retain' here?

Comment 3 — I believe Editorial: Section 2.10 — Definition of Uses
- Current Text: "A party uses data if the party processes the data for any purpose other than storage or merely forwarding it to another party."
- Comment: Again, I think we need to add 'either' between 'than' and 'storage'.  Otherwise, is the or between storage and forwarding or processes and forwarding.

Comment 4 — Questions on language: Section 2.10 — Definition of Shares
- Current Text: "A party shares data if the party enables another party to receive or access the data."
- Comment: Why do we say 'receive or access the data' instead of 'collects, retains or uses'?

Comment 5 — Questions on language / editorial / content: Section 4 — First Party Compliance
- Current Text: "…first party MAY engage in its normal collection and use of information."
- Comment:  What if the first party's norma collection is to share it with 3rd parties for reselling purposes?  I know there are limits in the next paragraph on passing information to other parties, but why even set this up?  Why not just say something to the effect of "If a first party receives a DNT:1 signal, the first party MAY collect, retain, and use information to customize the content, services and advertising in the context of the first party experience."?

Comment 6 — Questions on language / editorial / content: Section 4 — First Party Compliance
- Current Text: "The first party MUST NOT pass…"
- Comment:  Why pass and not share here?  Pass is undefined, whereas share is defined.  Seems like we should be using defined terms when possible.

Comment 7 — Questions on language / editorial: Section 4 — First Party Compliance
- Current Text: "First parties may elect to follow third party practices."
- Comment:  I think this is worded badly.  I don't think this language is necessary.  But, without fighting that battle, how about "A first party MAY elect to follow the rules outlined for a third party within this specification."

Comment 8 — Third Party Compliance
- Current Text: "Further, parties may collect, use, and retain such information to comply with applicable laws, regulations, and judicial processes."
- Comment: I get what you're trying to do here, but this language should be done in both First Party compliance and Third Party compliance.  Otherwise, its odd to have just 'parties' here in a section titled 3rd Party compliance.  Also, I think its worth calling out 'share' here.

Comment 9 — Third Party Compliance
- Current Text: "… So long as the information is not transmitted to a third party…."  (in the 6th paragraph)
- Comment: Why not just say share here?

<< Yes, I am skipping a lot.  I got tired, and wanted to make sure these comments were welcome/are able to be considered before spending more time on this…>>

Comment 10 — User-Granted Exceptions
- Current Text: "… Recommendation …."  (last sentence of the first paragraph)
- Comment: Why are we calling it a recommendation here but call it a standard in the first sentence of the next paragraph?

-Vinay