- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 3 Dec 2012 12:24:55 +0100
- To: Peter Swire <peter@peterswire.net>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>
1. Define "tracking" and reduce the scope of compliance to turning off
that tracking. We can't expect users to express a preference if we
can't explain to them what is intended by DNT:1. We will never
reach agreement on specific use case requirements if we don't agree
on the desired effect that those requirements are intended to achieve.
If we can't agree on a definition, then close the WG or partition
into multiple groups based on each shared objective.
2. Fix "party" definitions so that they reflect user intent regarding
tracking (see above) instead of legalistic boundaries of ownership.
If necessary, use EU definitions of data controller and data processor
to target compliance requirements that preserve user transparency
and control, regardless of first/third party status for any given
interaction. This will eliminate the need for special requirements
on contractors ("service providers") and solve the current problem of
compliance definitions that prevent a company from sharing data with
its own contractors under NDA.
3. Eliminate compliance requirements that require guessing of user
intent (e.g., "I am the first party"). Instead, communicate
statements of fact (e.g., "I comply with DNT's requirements on
a first party") and require that resource deployment be consistent
with those statements (e.g., If a resource claims to only comply
with requirements on a first party, then the resource owner must
not knowingly allow that resource to be deployed in third-party
contexts, and must correct any unintentional deployments within
a reasonable period after being notified).
Cheers,
Roy T. Fielding <http://roy.gbiv.com/>
Senior Principal Scientist, Adobe <http://www.adobe.com/>
Received on Monday, 3 December 2012 11:27:11 UTC