- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Thu, 9 Feb 2012 14:30:05 -0800
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
It seems more than a tad late to announce that implementers trump non-implementers in the group. Jonathan On Feb 9, 2012, at 1:49 PM, Roy T. Fielding wrote: > On Feb 9, 2012, at 11:51 AM, Jonathan Mayer wrote: > >> Some advertising companies won't budge on "operational uses," and some privacy advocates won't accept use-based exceptions. I don't see another way to resolve this impasse. If you do, I'm listening. > > If an impasse is at hand, objections are raised and we examine what > objections are strongest. "I have an opinion" is always less of an > objection than "I won't implement this", because the entire purpose of > W3C Recommendations is to reach agreement on what participants are > willing to implement as the standard. > > The other side of the balance is the impact of the standard after > it has been implemented. If regulators (presumably informed by > privacy advocates) determine that implementation of the standard > is not sufficient to satisfy the social need, then they may impose > additional regulations or suggest further changes to the standards > that, when implemented, would make them sufficient. > > The good actor companies will implement fixes to specific privacy > vulnerabilities when they are identified, and to specific regulations > when they are in force, regardless of the content of the standard. > > Judging from my personal discussions with regulators, I would not > say that data collection constraints are a significant concern. > Data sharing (on purpose or by failure to handle it properly) is > the primary concern. Data retention beyond that necessary to > support user-consented operational uses, or in a form that is > unnecessary to support operational uses, is a concern. > Obtaining specific and informed consent is a concern. > > Violating the terms of consent is not that much of a concern for > the standards because regulators have existing laws that allow > for prosecution of those cases. > > I'd love it if we could focus on actual concerns -- problems that > we know exist and can try to solve -- instead of opinions. If you > have an opinion, that's great: Be sure it is shared with the rest > of the group, but do not expect it to be the basis of the standard > unless we have consensus on that opinion and understand that the > rest of the WG is not here just to satisfy your opinion. > > This WG does not exist to be a negotiation between privacy advocates > and implementers. We are here to find and specify solutions that the > technology companies are willing to implement. We need privacy advocates > to propose solutions, poke holes in other solutions, and inform us all > when a solution is not sufficient to adequately address some specific > privacy need that the rest of us might not even be thinking about. > > If no agreement is reached, the implementers ultimately determine > what the standard contains (or do not implement it at all) and > outside organizations (e.g., NGOs and regulators) determine whether an > implementation of the standard is sufficient to satisfy the social need. > > ....Roy
Received on Thursday, 9 February 2012 22:30:33 UTC