Re: Request for comments on priorities for DNT from Walter van Holst on 2012-12-03 (public-tracking@w3.org from December 2012)

From: Walter van Holst <walter.van.holst@xs4all.nl>
Date: Mon, 03 Dec 2012 13:53:04 +0100
To: <public-tracking@w3.org>
Message-ID: <f9412da5c2f1eae91b15091c2571a5e1@xs4all.nl>

On 2012-12-03 12:24, Roy T. Fielding wrote:
> 1. Define "tracking" and reduce the scope of compliance to turning off
>    that tracking.  We can't expect users to express a preference if we
>    can't explain to them what is intended by DNT:1.  We will never
>    reach agreement on specific use case requirements if we don't agree
>    on the desired effect that those requirements are intended to 
> achieve.
>    If we can't agree on a definition, then close the WG or partition
>    into multiple groups based on each shared objective.
> 
> 2. Fix "party" definitions so that they reflect user intent regarding
>    tracking (see above) instead of legalistic boundaries of ownership.
>    If necessary, use EU definitions of data controller and data 
> processor
>    to target compliance requirements that preserve user transparency
>    and control, regardless of first/third party status for any given
>    interaction.  This will eliminate the need for special requirements
>    on contractors ("service providers") and solve the current problem 
> of
>    compliance definitions that prevent a company from sharing data 
> with
>    its own contractors under NDA.
> 
> 3. Eliminate compliance requirements that require guessing of user
>    intent (e.g., "I am the first party"). Instead, communicate
>    statements of fact (e.g., "I comply with DNT's requirements on
>    a first party") and require that resource deployment be consistent
>    with those statements (e.g., If a resource claims to only comply
>    with requirements on a first party, then the resource owner must
>    not knowingly allow that resource to be deployed in third-party
>    contexts, and must correct any unintentional deployments within
>    a reasonable period after being notified).


I wholeheartedly concur with the contents of priorities 2 and 3 and on 
1 think that the decision to start this process without a definition of 
tracking was a justified one since having the conversation first could 
actually help to shape consensus on its definition. By now the process 
has reached a point that discussing a definition of tracking maybe the 
only way to get some progress. It still bears the risk of derailing the 
process into a unsalvagable state. So I concur on that one too, albeit 
more tentatively.

Regards,

  Walter

Received on Monday, 3 December 2012 12:53:36 UTC