W3C home > Mailing lists > Public > public-new-work@w3.org > December 2021

[wbs] response to 'Call for Review: Web Payments Working Group Charter'

From: Lionel Basdevant via WBS Mailer <sysbot+wbs@w3.org>
Date: Thu, 16 Dec 2021 17:36:02 +0000
To: public-new-work@w3.org
Message-Id: <wbs-1a1917f89b044479077aa6e2e3778e06@w3.org>
The following answers have been successfully submitted to 'Call for Review:
Web Payments Working Group Charter' (Advisory Committee) for Criteo by
Lionel Basdevant.


The reviewer's organization does not support this Charter for the reasons
cited in comments but is not raising a Formal Objection.

Additional comments about the proposal:
   Criteo believes the W3C should ensure all specifications it endorses
support the TAG’s priority of constituencies
(https://w3ctag.github.io/design-principles/#priority-of-constituencies)
and do not contain any explicit mentions that would violate its existing
antitrust guidelines
(https://www.w3.org/Consortium/Legal/2017/antitrust-guidance).
 
We are concerned about this Charter for the same reasons that we have
formally objected to the Payment Request API specification but feel that
resolving that prior issue once is a more fruitful path forward than
formally objecting to all documents W3C that trigger these same concerns.


We’d like to point out the following issues in the charter.
 
a. The charter includes: 
“User identification: simplifying user access to accounts and payment
instruments while protecting user privacy.”. 
 
“Privacy” is a term that is not currently defined at the W3C, and that
current notions discussed at the W3C, namely the distinction between first
and third party, conflict with recent statements by regulators
(https://ico.org.uk/media/about-the-ico/documents/4019050/opinion-on-data-protection-and-privacy-expectations-for-online-advertising-proposals.pdf
).
 

b. The charter includes:
« Payment Request API 1.0 and Payment Method Identifiers are W3C
Recommendations ». 
 
Criteo has raised a Formal Objection regarding the Payment Request API, and
this Formal Objection is still open.
 

c. The charter includes:
 
“Protection of the privacy of all participants in a payment is important
to maintaining the trust that payment systems are dependent upon to
function. A payment process defined by this group should not disclose
private details of the participants' identity or other sensitive
information unless required for operational purposes, by legal or
jurisdictional rules, or when deliberately consented to (e.g., as part of a
loyalty program) by the owner of the information. The design of any API
should guard against the unwanted or inadvertent leakage of such data
through exploitation of the API.”
 
The statement above has the potential to disintermediate merchants from
their customer base, which can lead to merchant having to “rent access”
to communicate even with current customers. 
Moreover, by cloaking people’s identity during purchase transactions
increases the risk of customer fraud (able to pay for first instalment, but
not from future ones – causing default). This directly contradicts credit
bureau functions that reduce risk from market participants and hence such a
“standard” would be tantamount to increasing transaction costs that
would be borne at first by merchants but passed through to consumers, hence
a consumption tax. 



The reviewer's organization:
   - intends to review drafts as they are published and send comments.

Answers to this questionnaire can be set and changed at
https://www.w3.org/2002/09/wbs/33280/wpwg2021/ until 2021-12-17.

 Regards,

 The Automatic WBS Mailer
Received on Thursday, 16 December 2021 17:36:04 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:30:35 UTC