Re: Comments on tracking-compliance.html from Justin Brookman on 2011-10-28 (public-tracking@w3.org from October 2011)

From: Justin Brookman <justin@cdt.org>
Date: Fri, 28 Oct 2011 15:02:30 -0400
To: public-tracking@w3.org
Message-ID: <4EAAFC46.2050802@cdt.org>

Responses to Karl's points:
>> Similarly, if a user sets her browser to "Do Not Track" (or whatever her browser calls the setting), Acme shouldn't be able to ignore that instruction by reserving the right to ignore that instruction in a place the user is unlikely to notice.
> Acme is able to ignore anything. It just means that they are
> not compliant. But as long as the user is sending which is
> identifiable, the other party may use it. It is exactly for
> the same reason that robots.txt are not useful to block search
> engines, spam robots, etc. Some like Google respects robots.txt
> but nothing technically forces them to do so.
This is my only point.  By doing so, Acme becomes non-compliant with the 
spec.  I wasn't arguing they would be technically prohibited from doing so.

> Le 25 oct. 2011 à 23:16, Justin Brookman a écrit :
>> Fair enough, but the legal definition of consent is actually incredibly vague in many jurisdictions, and we may wish to specify a higher standard for users in those places where the requirements are weak or unclear.
> In fact I do not think we can. For a simple reason, W3C produces 
> documents which can be used for enabling mechanism, protocols, etc. 
> Web accessibility documents are a good example. They explain how the 
> technology can be used to create accessible documents (i.e. documents 
> used by people with disabilities). We can in that group provide 
> documents explaining how to develop Web sites, clients which will give 
> choices to users to browse with more opacity (or masked if you wish). 
> We can't create document that mandate legal implications. Users 
> organizations, privacy advocates, etc might use our documents to push 
> the legal issues in their countries demonstrating how it is possible 
> to do it.
As I said before, requiring in this spec that a party seeking consent 
ask the user in a clear and prominent way for permission has NOTHING 
WHATSOEVER to do with any particular jurisdiction's legal requirements.  
I simply think that should be the requirement for a tracking company to 
be compliant with the standard.  What W3C requires for compliance will 
not have any bearing on what the US, France, Mexico, or Palau deem 
necessary for legally binding consent in order to share or process 
personal data.

Received on Friday, 28 October 2011 19:03:07 UTC