- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Wed, 26 Oct 2011 06:59:12 +0200
- To: Justin Brookman <justin@cdt.org>
- Cc: public-tracking@w3.org
* Justin Brookman wrote: >Fair enough, but the legal definition of consent is actually incredibly >vague in many jurisdictions, and we may wish to specify a higher >standard for users in those places where the requirements are weak or >unclear. For instance, it would be a perverse result if a company's >privacy policy could say both "we comply with 'Do Not Track'" and "oh, >by the way, we reserve the right to track you." One way to avoid the >legal inconsistency problem would be to define "Affirmative Informed >Consent" as AT LEAST in response to a clear and prominent request >separate from other permissions/disclosures. At the moment there are only a few third parties that obtain data that can be used to track people on a global scale. If the Working Group was to define "consent", I would think it to be quite reasonable to look how these few organize their "consent to privacy policy" systems, which may, in the future, include provisions saying their logged-in users consent to be tracked by them even when visiting unrelated web sites that just happen to embed some widget they offer. Let's say Acme, Inc. offers some social networking web site with a billion users and they put a provision like that into their privacy policy. Some people might argue that Acme has designed their signup process so that people are discouraged to read the privacy policy and users do not actually affirm their consent when they sign up. That would lead the Working Group to argue about whether some entity is engaging in jailtime criminal conduct, and the result may be that the specification says such and such is good enough even though, in some jurisdictions, actually doing "that" puts you in jail. I do think the document can say useful things about consent, but it's a highly sensitive matter where a very specific definition specifically for "DNT" provides only very limited value, so the matter should be handled in a manner that is unlikely to create much controversy. >> Various sections refer to "behavioral tracking". That seems borderline >> tautological to me. > >"Behavioral tracking" is specifically defined in 3.4. I think "behavioral tracking" needs to be notably different from just "tracking" in order to justify using a different term. Based on my own understanding of the terms and the draft, I find it difficult to argue the terms are notably different. If you consider more traditional cases of tracking, like a hunter may do in the woods in winter, it's hard to imagine data the hunter may obtain that's not based on behavior. It may be okay to use the term "behavioral tracking", but the document would have to explain more clearly how "behavioral tracking" is a very special form of "tracking". -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Wednesday, 26 October 2011 04:59:45 UTC