Re: A decade later: W3C finally admits using Cookies

Hi Bjoern,

We generally use this list for discussion of privacy issues in Web standards rather than privacy issues with w3.org itself, but I appreciate the opportunity for a kind of meta-discussion. Thanks for you feedback; I passed along your comments to the staff working on updating the privacy statement. A couple comments inline.

On April 4, 2014, at 1:36 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
>  I assume the use of cookies on w3.org would also require to update
>  the P3P documents as they currently apparently not disclose the use
>  of cookies nor how they are used.

I've asked our team to review the P3P policy file to make sure it's in harmony with the current privacy statement.

> That will be interesting to watch, considering the proposed prose does
> not disclose how cookies are used beyond two examples. Reviewers of the
> policy should note that "Logged information may be kept indefinitely"
> and that the "Do-Not-Track header" will be ignored by W3C, despite its
> mass accumulation of third party tracking data through tracking pixels
> (in forms like the "Valid HTML" logos and other hosted resources). The
> rationale "because we do not track any users for behavioral targeting"
> likely means that W3C will rename "Do-Not-Track" to "Do-Not-Target".

The proposed text already explicitly notes that: "We intend to update our practices as necessary to follow subsequent W3C privacy recommendations", which should include DNT as we make progress on defining compliance with that user expression. I've suggested that we clarify the wording there (the "because" clause is confusing). Looking forward, I've been talking with W3C technical staff about what w3.org-hosted content is embedded in third-party sites and how we should handle logging, but we don't have a test DNT implementation ready at the moment.

Thanks,
Nick