- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 3 Dec 2012 12:24:55 +0100
- To: Peter Swire <peter@peterswire.net>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>
1. Define "tracking" and reduce the scope of compliance to turning off that tracking. We can't expect users to express a preference if we can't explain to them what is intended by DNT:1. We will never reach agreement on specific use case requirements if we don't agree on the desired effect that those requirements are intended to achieve. If we can't agree on a definition, then close the WG or partition into multiple groups based on each shared objective. 2. Fix "party" definitions so that they reflect user intent regarding tracking (see above) instead of legalistic boundaries of ownership. If necessary, use EU definitions of data controller and data processor to target compliance requirements that preserve user transparency and control, regardless of first/third party status for any given interaction. This will eliminate the need for special requirements on contractors ("service providers") and solve the current problem of compliance definitions that prevent a company from sharing data with its own contractors under NDA. 3. Eliminate compliance requirements that require guessing of user intent (e.g., "I am the first party"). Instead, communicate statements of fact (e.g., "I comply with DNT's requirements on a first party") and require that resource deployment be consistent with those statements (e.g., If a resource claims to only comply with requirements on a first party, then the resource owner must not knowingly allow that resource to be deployed in third-party contexts, and must correct any unintentional deployments within a reasonable period after being notified). Cheers, Roy T. Fielding <http://roy.gbiv.com/> Senior Principal Scientist, Adobe <http://www.adobe.com/>
Received on Monday, 3 December 2012 11:27:11 UTC