Re: PING - areas where contributions are needed from Joseph Lorenzo Hall on 2015-10-08 (public-privacy@w3.org from October to December 2015)

From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Thu, 8 Oct 2015 09:50:37 -0400
To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>
Cc: public-tracking-comments@w3.org, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <CABtrr-WmB=LuSzfs_u-085P3CbsneTAkKkqssF9e=WUTJLhciA@mail.gmail.com>

On Tue, Oct 6, 2015 at 5:08 PM, Lukasz Olejnik (W3C)
<lukasz.w3c@gmail.com> wrote:
>>
>> There is a pretty big divide between US and EU models for consent and
>> legal theories... Frederik Z-B and Aleecia MacDonald just presented a
>> net paper at TPRC entitled "Do Not Track for Europe" that nicely
>> outlines the pretty stark differences that the DNT standard would need
>> to support to be usable in the EU:
>> http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2588086
>
>
> Interesting. So instead of forking DNT one might be interested in making
> sure all is set. The understanding and reasoning is that in order for the
> DNT standard/tracking compliance be enforced and honored in practice, at
> some point it will be necessary to engage regulatory bodies?

Absolutely... I don't think anyone ever envisioned DNT as a technical
enforcement mechanism (there was a similar line of work chartered for
the WG that would have created Tracking Protection Lists, but I don't
think that got very far despite MSFT IE implementing their idea about
it in some flavor of IE).

In the US, the State of California has a law on the books that
requires internet companies that do business with california residents
to state in their privacy policy what they do upon receipt of a DNT
signal. If a company were to follow that law and put a statement in
their privacy policy and if they were subsequently found to be doing
something substantially different from what they state in their
privacy policy, that could be a deceptive business practice that our
Federal Trade Commission could investigate and enforce against.

I'll stop here because I could have misunderstood your question and I
may be in the weeds. best, Joe

-- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

Received on Thursday, 8 October 2015 13:51:26 UTC