- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Tue, 25 Oct 2011 23:48:25 -0700
- To: Karl Dubost <karld@opera.com>
- Cc: David Wainberg <dwainberg@appnexus.com>, Sean Harvey <sharvey@google.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
On Oct 25, 2011, at 7:04 PM, Karl Dubost wrote: > > Le 25 oct. 2011 à 21:17, Jonathan Mayer a écrit : >> Organizational boundaries are a cornerstone of many areas of regulatory law and policy. They enable market signals, consumer choices, business pressures, and government enforcement for countless product qualities. > > I do not understand what you mean here. It was a circuitous way of saying the profoundly obvious: organizational boundaries are used a lot, and matter a lot, in regulation. > >> Organizational boundaries are particularly important for online privacy: organizations have widely varying incentives surrounding user data, and user data is very easy to use and copy. One of the most effective privacy choices available to a consumer - which turns up in countless privacy regulations in the U.S. and elsewhere - is a limit on which organizations have unfettered access to their data in the first place. > > Concrete and practical example? Here's a case I suspect we'll be talking about frequently. Suppose I log into Example Website, and I run a query for Example Thing. I'm comfortable with Example Website knowing I'm interested in Example Thing. Example Website is a large, public-facing company that goes to great lengths to protect its users' data and makes enforceable commitments to not use its users' data save in a few commonly accepted ways. While I'm on Example Website learning about Example Thing, an ad loads from Shady Advertising Network. I've never heard of Shady Advertising Network. They have a goofy-sounding name. They're under scant public pressure to adequately protect my data, not use my data in ways I don't approve of, or not share my data. And I really, really don't want others to know I'm into Example Thing. I don't trust Shady Advertising Network, and so I'd like to impose some restrictions on the company's interaction with my data. That's a user decision that maps to organizational boundaries. Again, I don't think I'm saying anything particularly non-obvious or controversial. > -- > Karl Dubost - http://dev.opera.com/ > Developer Relations & Tools, Opera Software >
Received on Wednesday, 26 October 2011 06:49:04 UTC