- From: Lionel Basdevant via WBS Mailer <sysbot+wbs@w3.org>
- Date: Thu, 16 Dec 2021 17:36:02 +0000
- To: public-new-work@w3.org
The following answers have been successfully submitted to 'Call for Review: Web Payments Working Group Charter' (Advisory Committee) for Criteo by Lionel Basdevant. The reviewer's organization does not support this Charter for the reasons cited in comments but is not raising a Formal Objection. Additional comments about the proposal: Criteo believes the W3C should ensure all specifications it endorses support the TAG’s priority of constituencies (https://w3ctag.github.io/design-principles/#priority-of-constituencies) and do not contain any explicit mentions that would violate its existing antitrust guidelines (https://www.w3.org/Consortium/Legal/2017/antitrust-guidance). We are concerned about this Charter for the same reasons that we have formally objected to the Payment Request API specification but feel that resolving that prior issue once is a more fruitful path forward than formally objecting to all documents W3C that trigger these same concerns. We’d like to point out the following issues in the charter. a. The charter includes: “User identification: simplifying user access to accounts and payment instruments while protecting user privacy.”. “Privacy” is a term that is not currently defined at the W3C, and that current notions discussed at the W3C, namely the distinction between first and third party, conflict with recent statements by regulators (https://ico.org.uk/media/about-the-ico/documents/4019050/opinion-on-data-protection-and-privacy-expectations-for-online-advertising-proposals.pdf ). b. The charter includes: « Payment Request API 1.0 and Payment Method Identifiers are W3C Recommendations ». Criteo has raised a Formal Objection regarding the Payment Request API, and this Formal Objection is still open. c. The charter includes: “Protection of the privacy of all participants in a payment is important to maintaining the trust that payment systems are dependent upon to function. A payment process defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g., as part of a loyalty program) by the owner of the information. The design of any API should guard against the unwanted or inadvertent leakage of such data through exploitation of the API.” The statement above has the potential to disintermediate merchants from their customer base, which can lead to merchant having to “rent access” to communicate even with current customers. Moreover, by cloaking people’s identity during purchase transactions increases the risk of customer fraud (able to pay for first instalment, but not from future ones – causing default). This directly contradicts credit bureau functions that reduce risk from market participants and hence such a “standard” would be tantamount to increasing transaction costs that would be borne at first by merchants but passed through to consumers, hence a consumption tax. The reviewer's organization: - intends to review drafts as they are published and send comments. Answers to this questionnaire can be set and changed at https://www.w3.org/2002/09/wbs/33280/wpwg2021/ until 2021-12-17. Regards, The Automatic WBS Mailer
Received on Thursday, 16 December 2021 17:36:04 UTC