Re: Mandatory Legal Process (ACTION-57, ISSUE-28)

This is is different than saying that the standard does not attempt to override applicable laws.  Justin's language is aimed at telling the user that a party has been legally required to gather data despite DNT 1.  I like it and would be inclined to make it a "must."


On Jan 31, 2012, at 1:01 PM, Justin Brookman wrote:

> Revising Jonathan's text based on this string:
> 
> A party MAY take action contrary to the requirements of this standard if compelled by applicable law.  If compelled by applicable law to collect, retain, or transmit data  despite receiving a DNT:1 signal for which there is no exception or exemption, the party SHOULD notify affected users to the extent practical and allowed by law.
> 
> I suggest "applicable law" instead of "mandatory legal process" both to accommodate David's concern about using contract to compel and because a statute could mandate the retention of IP logs (for example) without serving a subpoena or court order (which is what "process" means to me).  Feel free to revise the terms "exception or exemption" --- I was trying to convey the two scenarios of
> (1) operational data collection/use/retention is allowed even if DNT is on and/or
> (2) the user has given permission to a company to track,
> but I haven't gotten all the way through the ponderous thread on the meanings of exception/exemption.
> 
> I also don't think a requirement to tell users when DNT is being ignored because of government action is at all out of scope.  I'm suggesting SHOULD as a placeholder but think a MUST is worth a discussion.  However, it's relevant to note that we don't require (or even offer SHOULD guidance) that companies inform users about operational collection/usage/retention (exceptions???) that is allowed despite the DNT header.
> Justin Brookman
> Director, Consumer Privacy Project
> Center for Democracy & Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> tel 202.407.8812
> fax 202.637.0969
> justin@cdt.org
> http://www.cdt.org
> @CenDemTech
> @JustinBrookman
> 
> On 1/31/2012 2:40 PM, Shane Wiley wrote:
>> 
>> If the concern is that a party can somehow contract their way out of DNT compliance (versus other types of legal/government obligations) then I’m fine with calling that out more directly.
>>  
>> - Shane
>>  
>> From: David Singer [mailto:singer@apple.com] 
>> Sent: Tuesday, January 31, 2012 12:36 PM
>> To: Shane Wiley
>> Cc: John Simpson; Amy Colando (LCA); Joanne Furtsch; MeMe Rasmussen; Tom Lowenthal; Jonathan Mayer; public-tracking@w3.org
>> Subject: Re: Mandatory Legal Process (ACTION-57, ISSUE-28)
>>  
>>  
>> On Jan 31, 2012, at 19:22 , Shane Wiley wrote:
>> 
>> 
>> Agreed – NO text seems like the appropriate path (in agreement with Amy and John).
>>  
>> well, the rationale was way back at the end of the thread.  it's two-fold:
>>  
>> a) you can send DNT, but don't forget that tracking may still happen if legally required - there is a 'legislation exception'
>> b) a notification of a 'legislation exception taken' will be signaled if legally possible, but under some laws, notification itself is not allowed.
>>  
>> we can also explain that having a *contract* that 'forces' you to track is not a valid exception...
>>  
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>>  

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org
john@consumerwatchdog.org

Received on Wednesday, 1 February 2012 20:40:07 UTC