W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: [Issue-71] Proposed Text for Issue 71

From: David Singer <singer@apple.com>
Date: Thu, 09 Feb 2012 11:18:40 -0800
Cc: JC Cannon <jccannon@microsoft.com>, Jonathan Mayer <jmayer@stanford.edu>, Ninja Marnau <nmarnau@datenschutzzentrum.de>, Nicholas Doty <npdoty@w3.org>, "Amy Colando (LCA)" <acolando@microsoft.com>, "Frank.Wagner@telekom.de" <Frank.Wagner@telekom.de>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-id: <8619C974-C7B8-4634-BDF4-0B27EFDC88E6@apple.com>
To: Shane Wiley <wileys@yahoo-inc.com>

On Feb 8, 2012, at 22:40 , Shane Wiley wrote:

> David,
> In the examples you've provided:
> "I don't think it's only 'bad actors', alas.  It is the very existence of the data that causes concern.  What happens if it leaks? The management changes? Someone makes a mistake? Law authorities want to look at it?  The company gets bought or merged?  And so on."
> If an organization had retained data for DNT:1 events for specific operational purposes and then one of the voluntary events occur (mgmt change, purchase/merger) such that the information is used outside of the DNT standard exceptions, then that organization is a "bad actor" -- and pursuit to the claims in their privacy policy at the time of data collection (or a response header), it would be my expectation that they felt the full force of the law in all jurisdictions they operated in.
> The security oriented risks such as "leaks" and "someone makes a mistake" are real concerns but when balanced against the real-life risks anonymous cross-site data collection presents we need to be careful to ensure the level of compliance burden is proportionate.  It is for this reason that "use based limitations" are the most appropriate outcome for this particular set of privacy issues.  
> I understand the desire for absolutist remedies (radically short retention periods, outright data destruction, etc.), but the cost to implement these combined with the impact to business continuity will be too great to have many organizations wish to implement DNT.
> - Shane


thanks for the thoughtful response.  I think we're in agreement; we need a balanced specification that has real changes in terms of the privacy of consumers, yet is implementable by the business community.  (If no-one implements, we'll have had no effect on privacy at all :-().

I just want to lay to rest the idea that we're protecting against 'bad actors', and that's the only concern.  In some sense, that's not the concern at all, since we can't (except by providing sharper instruments with which to confront them, which is not a small thing in itself).

If you went to the department store to buy a shirt, and at the entrance someone took your picture and said "welcome back Mr. Wiley", and as you walk in someone says "that sweater you looked at last week is on sale", and further into the store someone said "would you like a pill-case for the prescription you just picked up down the road?", and then someone said "many people with your income and background very much like our new line of briefcases", and later "your daughter would really like this pink hair bow, it would go with blouse your wife bought her in Paris",  you'd be freaked. What's going on that you know all this about me?  

That 'what the heck' is only tangentially connected with 'bad actors'.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Thursday, 9 February 2012 19:21:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:33 UTC