Re: Tracking Protection Working Group draft charter from Nicholas Doty on 2011-07-25 (public-privacy@w3.org from July to September 2011)

From: Nicholas Doty <npdoty@w3.org>
Date: Sun, 24 Jul 2011 17:14:27 -0700
To: Alissa Cooper <acooper@cdt.org>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <FBBDA061-147E-4E16-807E-C321B7244407@w3.org>

Hi Alissa,

Thanks for the comments.

On Jul 17, 2011, at 10:09 AM, Alissa Cooper wrote:
> Section 1:
> 
> "The Working Group will produce Recommendation-track specifications for a simple machine-readable preference expression mechanism ("Do Not Track") and technologies for selectively allowing or blocking tracking elements.
> 
> Proposed candidate technologies for this preference that the Working Group will consider include, but are not limited to, the use of an HTTP header to signal the preference and a site's response, and the use of a ECMAScript API or DOM property for the same purpose."
> 
> Are there no proposed candidate technologies for "selectively allowing or blocking tracking elements"? I find the transition from the first paragraph to the second a bit confusing; the first paragraph seems to talk about two specs (preference mechanisms and selecting blocking mechanism), but the second paragraph only addresses one of those.

Good point, this was needlessly unclear. I've added some detail on the selection list (including a pointer to Microsoft's member submission) and clarified the language.

> Section 1.2:
> 
> Might be good to explain the relationship between the output of this group and the P3P specs.

Hmmm… we thought the current language ("the expression of complex or general-purpose policy statements" being out of scope) would address the common questions here. What additional text would you have in mind for this?

> Section 2:
> 
> "Tracking Preference Expression Definitions and Compliance, Recommendation.
> This specification defines the meaning of a Do Not Track preference and sets out practices for Web sites to comply with this preference."
> 
> Will the definitions/compliance item be normative? That is, will the practices it "sets out" be mandatory to implement (for some population of web endpoints)?

The Working Group determines the contents of its deliverables, but, yes, we've listed this as a Recommendation because we expect it to contain normative statements for server-side behavior. As you know, W3C is a standards organization, not a regulator, so the standard wouldn't itself enforce this as mandatory for Web servers (or for any particular subset of servers), only require that servers that comply with the standard follow the normative requirements.

Hope these comments answer your questions, but please follow-up if they don't or if you have any other feedback.
Thanks again,
Nick

Received on Monday, 25 July 2011 00:14:39 UTC