Re: [ISSUE-5] What is the definition of tracking?

* wrote:
>I have to disagree with Bjoern. The goals are expressed clearly in the
>charter document, starting with the mission and scope.

No, the charter does not even have a problem statement. Formulating the
problems a Working Group will address, what its goals are, would be more
like "Some web sites and services present content to users based on past
activities, for instance, a user may see advertisements based on the web
sites the user visited recently. Some users would prefer to not receive
content adapted in this manner, and while it is common for web sites and
services to offer 'opt-outs', these are cumbersome to use. The Working
Group will define a mechanism that allows users to convey the preference
via a simple setting in their web browser."

With something like that a Working Group could then say ads based on web
site visits are not okay, a search engine keeping a "web history" for
users that are not explicitly logged in to some account with the search
engine is not okay, remembering language preferences across sessions is
okay, a search engine keeping a list of recently used search terms on
the server rather than the client is problematic. That's relatively easy
as it is relatively clear what the goal is.

This Working Group does not have a problem statement like that, there is
an open issue "What are the underlying concerns? Why are we doing this /
what are people afraid of?". Is the concern informational self-determi-
nation, think people getting to know who receives their data, what for,
which data exactly, and so on, or is it about storage, or is it about
sharing, or is it about use, maybe, say, for people in the EU it's more
about their data ending up in the countries where there is no adequate
protection for personal data; or maybe it's more a matter of those who
collect personal information via "tracking" would like to implement more
data minimization techniques, but lack information on how to do that,
say they might want to strip bits from IP addresses they obtain, but it
is not clear to them how many bits would be adequate and what data they
might lose? Google Analytics for instance has an option that will strip
the last octet of IPv4 addresses prior to storage, but Google notes that
"this will slightly reduce the accuracy of geographic reporting". Is
that actually the case? Maybe it would be better to derive geographic
information prior to storage and store the geographic information, so
webmaster using Google Analytics would not need to worry about this? Is
that something to talk about in the group? The charter does not tell.

>Personally I like the DNT-X definition for it focusses on the application
>of the data. To emphasise the data use, I would like to sharpen it a bit:

The charter does not tell the Working Group to focus on the application
of the data instead of focusing on its collection and retention. And the
group so far has not decided, as far as I know anyway, that it wants to
focus on application rather than collection and retention, or anything
else really. My point, quite simply, was that if the group decided it'll
focus on application, and someone proposes a definition for dnt-relevant
tracking based on collection and retention, then it would be easy to say
that's not a suitable definition because the group's focus is different.

I think the Working Group should decide the focus should be on the app-
lication of data, if that is what it wants, and then find a suitable de-
finition for dnt-relevant tracking, rather than arguing about the focus
by way of the definition of dnt-relevant tracking.

A month ago I ran across,6741,8366811,00.html
("heute" is a news broadcast on television with a market share between
15% and 20% in Germany) which explains that Internet Explorer and Fire-
fox have a "do-not-track" function that is meant to prevent that brow-
sing behavior is recorded. Is that what the group means to do? I don't
know because the group hasn't made a decision for or against that.
Björn Höhrmann · ·
Am Badedeich 7 · Telefon: +49(0)160/4415681 ·
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · 

Received on Monday, 12 December 2011 03:03:54 UTC