- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 9 Feb 2012 13:49:27 -0800
- To: Jonathan Mayer <jmayer@stanford.edu>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Feb 9, 2012, at 11:51 AM, Jonathan Mayer wrote: > Some advertising companies won't budge on "operational uses," and some privacy advocates won't accept use-based exceptions. I don't see another way to resolve this impasse. If you do, I'm listening. If an impasse is at hand, objections are raised and we examine what objections are strongest. "I have an opinion" is always less of an objection than "I won't implement this", because the entire purpose of W3C Recommendations is to reach agreement on what participants are willing to implement as the standard. The other side of the balance is the impact of the standard after it has been implemented. If regulators (presumably informed by privacy advocates) determine that implementation of the standard is not sufficient to satisfy the social need, then they may impose additional regulations or suggest further changes to the standards that, when implemented, would make them sufficient. The good actor companies will implement fixes to specific privacy vulnerabilities when they are identified, and to specific regulations when they are in force, regardless of the content of the standard. Judging from my personal discussions with regulators, I would not say that data collection constraints are a significant concern. Data sharing (on purpose or by failure to handle it properly) is the primary concern. Data retention beyond that necessary to support user-consented operational uses, or in a form that is unnecessary to support operational uses, is a concern. Obtaining specific and informed consent is a concern. Violating the terms of consent is not that much of a concern for the standards because regulators have existing laws that allow for prosecution of those cases. I'd love it if we could focus on actual concerns -- problems that we know exist and can try to solve -- instead of opinions. If you have an opinion, that's great: Be sure it is shared with the rest of the group, but do not expect it to be the basis of the standard unless we have consensus on that opinion and understand that the rest of the WG is not here just to satisfy your opinion. This WG does not exist to be a negotiation between privacy advocates and implementers. We are here to find and specify solutions that the technology companies are willing to implement. We need privacy advocates to propose solutions, poke holes in other solutions, and inform us all when a solution is not sufficient to adequately address some specific privacy need that the rest of us might not even be thinking about. If no agreement is reached, the implementers ultimately determine what the standard contains (or do not implement it at all) and outside organizations (e.g., NGOs and regulators) determine whether an implementation of the standard is sufficient to satisfy the social need. ....Roy
Received on Thursday, 9 February 2012 21:49:52 UTC