Re: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49)

It seems more than a tad late to announce that implementers trump non-implementers in the group.

Jonathan

On Feb 9, 2012, at 1:49 PM, Roy T. Fielding wrote:

> On Feb 9, 2012, at 11:51 AM, Jonathan Mayer wrote:
> 
>> Some advertising companies won't budge on "operational uses," and some privacy advocates won't accept use-based exceptions.  I don't see another way to resolve this impasse.  If you do, I'm listening.
> 
> If an impasse is at hand, objections are raised and we examine what
> objections are strongest.  "I have an opinion" is always less of an
> objection than "I won't implement this", because the entire purpose of
> W3C Recommendations is to reach agreement on what participants are
> willing to implement as the standard.
> 
> The other side of the balance is the impact of the standard after
> it has been implemented.  If regulators (presumably informed by
> privacy advocates) determine that implementation of the standard
> is not sufficient to satisfy the social need, then they may impose
> additional regulations or suggest further changes to the standards
> that, when implemented, would make them sufficient.
> 
> The good actor companies will implement fixes to specific privacy
> vulnerabilities when they are identified, and to specific regulations
> when they are in force, regardless of the content of the standard.
> 
> Judging from my personal discussions with regulators, I would not
> say that data collection constraints are a significant concern.
> Data sharing (on purpose or by failure to handle it properly) is
> the primary concern.  Data retention beyond that necessary to
> support user-consented operational uses, or in a form that is
> unnecessary to support operational uses, is a concern.
> Obtaining specific and informed consent is a concern.
> 
> Violating the terms of consent is not that much of a concern for
> the standards because regulators have existing laws that allow
> for prosecution of those cases.
> 
> I'd love it if we could focus on actual concerns -- problems that
> we know exist and can try to solve -- instead of opinions.  If you
> have an opinion, that's great: Be sure it is shared with the rest
> of the group, but do not expect it to be the basis of the standard
> unless we have consensus on that opinion and understand that the
> rest of the WG is not here just to satisfy your opinion.
> 
> This WG does not exist to be a negotiation between privacy advocates
> and implementers.  We are here to find and specify solutions that the
> technology companies are willing to implement.  We need privacy advocates
> to propose solutions, poke holes in other solutions, and inform us all
> when a solution is not sufficient to adequately address some specific
> privacy need that the rest of us might not even be thinking about.
> 
> If no agreement is reached, the implementers ultimately determine
> what the standard contains (or do not implement it at all) and
> outside organizations (e.g., NGOs and regulators) determine whether an
> implementation of the standard is sufficient to satisfy the social need.
> 
> ....Roy

Received on Thursday, 9 February 2012 22:30:33 UTC