Re: Request for comments on priorities for DNT

"track" means what you are not allowed to do under the compliance spec when you receive the DNT:1 message. If I were Brooks, I' d say, "Son, I'm working to ensure people who use the Internet can say how information about what they do is used."

----------------
John M. Simpson
Consumer Advocate
Consumer Watchdog
Tel: 310-392-7041
 

On Dec 4, 2012, at 9:28 PM, Berin Szoka <bszoka@techfreedom.org> wrote:

> While I think tracking needs be defined, I'd also say that if we're not going to define it, we can't call the spec "Do Not Track."  If you want to keep that name, we look like fools if we can't answer the question that Brooks' young son asked him when he said he was going toff to work on "Do Not Track"—"Daddy, what does 'track' mean?"  
> 
> From the mouths of babes...
> 
> 
> 
> On Tue, Dec 4, 2012 at 11:00 PM, John Simpson <john@consumerwatchdog.org> wrote:
> Comments on Priorities:
> 
> 1. In recent months there has been a growing sentiment expressed by some that the W3C should only focus on developing a technical standard on how the DNT message should be sent. Deciding how technically to send a message without spelling out what the obligations are for the server that receives the message would produce a meaningless specification. It is essential that our working group produce both the Tracking Preference Expression standard and the Tracking Compliance and Scope standard. One without the other would be useless.  Both must be released at the same time.  
> 
> 2. I have long been of the view that there is no need to define tracking to complete the WG's task.  Consensus is only needed around what the obligations are of the site that receives a valid DNT message.  Activities that are not allowed when the message DNT message is received would constitute "tracking."  However, if the WG insists on first defining 'tracking," I offer this definition: Tracking is the collection and correlation of data about the Internet activities of a particular user, computer, or device over time and across a website or websites.
> 
> 3. I suggest we revisit the question of first and third parties and legalistic definitions that users do not understand.  A better approach, as Roy Fielding has suggested may be to follow the European data controller and data processor approach.
> 
> Regards,
> John
> 
> ---------
> John M. Simpson
> Privacy Project Director
> Consumer Watchdog
> 2701 Ocean Park Blvd., Suite 112
> Santa Monica, CA, 90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org
> 
> 
> 
> 
> 
> 
> 
> On Dec 3, 2012, at 3:24 AM, Roy T. Fielding wrote:
> 
>> 1. Define "tracking" and reduce the scope of compliance to turning off
>>   that tracking.  We can't expect users to express a preference if we
>>   can't explain to them what is intended by DNT:1.  We will never
>>   reach agreement on specific use case requirements if we don't agree
>>   on the desired effect that those requirements are intended to achieve.
>>   If we can't agree on a definition, then close the WG or partition
>>   into multiple groups based on each shared objective.
>> 
>> 2. Fix "party" definitions so that they reflect user intent regarding
>>   tracking (see above) instead of legalistic boundaries of ownership.
>>   If necessary, use EU definitions of data controller and data processor
>>   to target compliance requirements that preserve user transparency
>>   and control, regardless of first/third party status for any given
>>   interaction.  This will eliminate the need for special requirements
>>   on contractors ("service providers") and solve the current problem of
>>   compliance definitions that prevent a company from sharing data with
>>   its own contractors under NDA.
>> 
>> 3. Eliminate compliance requirements that require guessing of user
>>   intent (e.g., "I am the first party"). Instead, communicate
>>   statements of fact (e.g., "I comply with DNT's requirements on
>>   a first party") and require that resource deployment be consistent
>>   with those statements (e.g., If a resource claims to only comply
>>   with requirements on a first party, then the resource owner must
>>   not knowingly allow that resource to be deployed in third-party
>>   contexts, and must correct any unintentional deployments within
>>   a reasonable period after being notified).
>> 
>> 
>> Cheers,
>> 
>> Roy T. Fielding                     <http://roy.gbiv.com/>
>> Senior Principal Scientist, Adobe   <http://www.adobe.com/>
>> 
> 
> 
> 
> 
> -- 
> Berin Szoka | President, TechFreedom | @TechFreedom
> bszoka@techfreedom.org | @BerinSzoka
> 

Received on Wednesday, 5 December 2012 05:44:01 UTC