RE: ACTION-152 - Write up logged-in-means-out-of-band-consent from Shane Wiley on 2012-04-02 (public-tracking@w3.org from April 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Mon, 2 Apr 2012 08:56:22 -0700
To: Jeffrey Chester <jeff@democraticmedia.org>
CC: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, Alan Chapell <achapell@chapellassociates.com>, Jonathan Mayer <jmayer@stanford.edu>, David Singer <singer@apple.com>, John Simpson <john@consumerwatchdog.org>
Message-ID: <63294A1959410048A33AEE161379C8023D1171CA76@SP2-EX07VS02.ds.corp.yahoo.com>

Jeff,

I believe your comments were directed to me - not Rigo.

- Shane

From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
Sent: Monday, April 02, 2012 8:49 AM
To: Shane Wiley
Cc: Rigo Wenning; public-tracking@w3.org; Alan Chapell; Jonathan Mayer; David Singer; John Simpson
Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

Rigo:  I am dismayed that you would somehow assume that "advocates..are pushing so hard" in order to address "multiple privacy topics in a single pass." That's farther from the truth for me, and I believe colleagues.  I know online advertising very well--and it's precisely because of that I want to help encourage meaningful consumer/user/citizen consent mechanisms around DNT.  This isn't about any attempt to achieve anything else but our collaborative best efforts (which I know you personally support) to see if we can  make DNT choice as transparent and efficacious (not matter what the user decides) as possible.  As I said, this isn't (for me) anything to do with applicable law.  But fairness.  I assume that everyone wants to treat users fairly.

Best Regards,

Jeff

Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009
www.democraticmedia.org<http://www.democraticmedia.org>
www.digitalads.org<http://www.digitalads.org>
202-986-2220

On Apr 2, 2012, at 11:40 AM, Shane Wiley wrote:

Rigo,

Interestingly I believe it is your argument that attempts at eating its cake and having it too.

The issues this group is wrestling with will have impacts on the privacy debate far beyond the reach of DNT.  I'm not sure how often you work in the internet advertising world or how much history you have the specifics of the privacy legal debate both in the US and the EU, but there will be no way to isolate the "appropriate consent" structure as applying only to DNT.  This is exactly the reason advocates in this conversation are pushing so hard on these dimensions as they see this as an opportunity to solve multiple privacy topics in a single pass (Jonathan has said as much in email and in f2f meetings).  While I'm supportive of solving all of the privacy debate, I believe it will be impossible to do this in our stated timeframe - if ever - as I believe many of these debates will live far into the future as our cultures and the Internet evolve together.

I don't see the disconnect (eat/have cake) between saying out-of-band consent trumps DNT and then allowing local law to define what is appropriate consent.  In fact, I believe there will be many areas of this standard that will need to follow this formula.  We've already agreed as a working group that we don't believe direct references to regional laws are appropriate in the standards documents (fine for conversation as a testing mechanism) - rather we'd simply state "in compliance with local law".  I see several conversations within the TPWG as attempting to override local law by setting some default, pan-global privacy standard outside of DNT - "appropriate consent" is just one of these.

- Shane

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org]
Sent: Monday, April 02, 2012 7:48 AM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Cc: Shane Wiley; Alan Chapell; Jeffrey Chester; Jonathan Mayer; David Singer; John Simpson
Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

Shane,

On Sunday 01 April 2012 20:54:12 Shane Wiley wrote:

I disagree with your basic premise here: '"Out-of-band" is creating the
trouble, because it imports troubles from outside in our definition space
and we have to decide in how far we accept that (see below).'

You can't have the cake and eat it too.

Either you take some rule from outside (out of band is superior of what we
define here) and you accept that the discussion about quality of out of band
agreements for DNT compliance is in scope for our Group.

Or you say, those out of band agreements have some legal value outside DNT and
we do not discuss it here but manage the semantic clash in our legal
department. In this case you may well say that because you have out of band
agreement, you break DNT compliance without legal consequences.

Or we create some rules under which out of band is taken into account by DNT
while still maintaining DNT compliance. That needs definition of some
requirements for out-of-band agreement as accepted for compliance with the
_Specification_.

But what we should not accept is allowing services to say "we do DNT" while
basically ignoring DNT-rules because of an undefined out of band agreement.
This is so prone to abuse that DNT would become meaningless IMHO.

Best,

Rigo

Received on Monday, 2 April 2012 15:57:34 UTC