Re: [meetings] Agenda Request - Review Working Group Charter Changes (#52)

Nick,
Sorry for any confusion. There are three points that I am making: 
1.“Privacy” needs to be defined. If not defined with relation to a Privacy Law or laws there is a risk of inconsistency with that law or laws.
2. FRAND principles are used as the basis for ensuring non-discrimination – whether with relation to patent licensing or preventing abuse of dominance or monopolization or attempts to monopolize markets.
3.J. Rosewell raised the issue of competition law compliance. It was met with a response that implied issue is something for lawyers and there are no lawyers willing to contribute. i am contributing but compliance is an issue for all. 
 
I agreed that when James Rosewell summarised my points about FRAND that he was correctly doing so. The subsequent confusion appears to have arisen with your and D Marti’s assumption that end users would have to consent to FRAND, which conflates privacy with competition issues and overlooks the highlighted text in the sentence starting “ [@timcowen](https://github.com/timcowen) has raised an innovative suggestion concerning FRAND terms for the data needed to implement a standard. There is nothing that **would prevent such a clause being part of the charter** therefore providing all web participants the certainty that should they wish to implement independently the standards of the group those that worked on them have already agreed to not only licence the intellectual property related to patents but also access to the necessary input data from their products. [etc] “ 

FRAND.

The FRAND issue is one that arises for those that have market power ( Browsers from Apple and Google – see CMA Mobile Ecosystem Market Study 2022). So, the idea I advanced is that to help W3C (and members) comply with competition law, the Charter should make it clear that FRAND should apply to necessary input data and that discrimination by dominant browsers is not supported or endorsed by W3C. FRAND is a preventative mechanism to help W3C comply and address the economic and market power problem that may arise in developing standards. So, the way it works with relation to Patents (and other IPR) is that when a member of a standards organisation joins that organisation, the organisation requires, in its membership contract, that the IPR owners agree to licence IPRs on FRAND terms. If the implementer of a standard then in its implementation uses and reads on the patent or other IPR, that IPR is licensed on FRAND terms to those that use it. In doing so the standards body avoids the problem that has come up in the past of being complicit in a situation where an IPR holder then seeks to extract a rent from those implementing the standard (this famously happened between Google and Microsoft with relation to IPRs used in X Box). So, to be clear, the point is not about end users licensing anything. It is about ensuring that those that join the group under a Charter and the Charter needs to make it clear that FRAND applies to any essential input data used by browsers. (which may not be clear in the current W3C documents). 

It was also observed that W3C standards are voluntary. That is not correct as a matter of competition law since they are in effect mandatory being endorsed by dominant browser owners (see further below).     

Privacy

The privacy issue that is raised when data is shared is a different issue from FRAND. The control and use of personal data under privacy laws may be addressed in a number of different ways. Much depends on whether the data is personal data from the perspective of identifying a living individual (“personal” or “identity” data). Then there are the methods that may be adopted to control or mitigate risks to that personal data. In the context of browser input data I don’t know if any data would be personal data or not. You may be able to assess that more closely. If the use of data does not involve the use of personal data then there would not be a personal data protection issue to address. If personal data is being used, then there are mechanisms that address risk to privacy such as how meaningful consent is obtained and how the individual is informed to ensure that there are no dark patterns being used to obtain meaningful consent, and whether the end user is informed properly about the specific use to which the data is being put etc. 

Each issue should be addressed separately. Conflation of each needs to be avoided if engineering solutions are going to work and comply with the law.  

Compliance 

Finally, and hopefully to avoid any residual confusion, as a matter of compliance for all, I have observed that the Charter could be improved if it included an express reference to licencing necessary input data on FRAND terms. That would be the basis on which agreement to the work of the groups would operate. While it has been observed that W3C makes voluntary standards, they are in effect mandatory since they will be endorsed by the dominant browser organisations and become the basis on which all others in their ecosystems then trade. ( see for further information on competition law, FRAND and standards Section 7 in the following:  https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:52011XC0114(04) 

I trust that this issue concerning the charter is now clear and we can make the change to the charter as suggested.
    
With kind regards

Tim

-- 
GitHub Notification of comment by timcowen
Please view or discuss this issue at https://github.com/patcg/meetings/issues/52#issuecomment-1169927141 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 29 June 2022 12:36:29 UTC