Re: Request for comments on priorities for DNT

1. Define "tracking" and reduce the scope of compliance to turning off
   that tracking.  We can't expect users to express a preference if we
   can't explain to them what is intended by DNT:1.  We will never
   reach agreement on specific use case requirements if we don't agree
   on the desired effect that those requirements are intended to achieve.
   If we can't agree on a definition, then close the WG or partition
   into multiple groups based on each shared objective.

2. Fix "party" definitions so that they reflect user intent regarding
   tracking (see above) instead of legalistic boundaries of ownership.
   If necessary, use EU definitions of data controller and data processor
   to target compliance requirements that preserve user transparency
   and control, regardless of first/third party status for any given
   interaction.  This will eliminate the need for special requirements
   on contractors ("service providers") and solve the current problem of
   compliance definitions that prevent a company from sharing data with
   its own contractors under NDA.

3. Eliminate compliance requirements that require guessing of user
   intent (e.g., "I am the first party"). Instead, communicate
   statements of fact (e.g., "I comply with DNT's requirements on
   a first party") and require that resource deployment be consistent
   with those statements (e.g., If a resource claims to only comply
   with requirements on a first party, then the resource owner must
   not knowingly allow that resource to be deployed in third-party
   contexts, and must correct any unintentional deployments within
   a reasonable period after being notified).


Cheers,

Roy T. Fielding                     <http://roy.gbiv.com/>
Senior Principal Scientist, Adobe   <http://www.adobe.com/>

Received on Monday, 3 December 2012 11:27:11 UTC