(unknown charset) Re: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49)

Hi Justin,

thanks a lot for the clarification!

Sorry if I did not make myself clear: I did not want to say that
collection is a non-concern.

I agree with Justin that eliminating collection (e.g., raw server
logs) will often be impractical or impossible. Therefore, determining
how to handle the collected data is important to provide increased
privacy under DNT;1.


On 2/10/2012 12:17 AM, Justin Brookman wrote:
> I disagree with this statement. The FTC has announced five criteria
> necessary for "Do Not Track" to be successful; the fourth is that "Do
> Not Track" needs to address collection as well as usage. Similarly,
> the Article 29 Working Party identified failure to address
> collection/retention as a limitation in the existing DAA opt-out
> framework. So it is not at all correct to state that regulators are
> only interested in use limitations.
> That said, I think these regulators have also recognized that a
> complete prohibition on third-party collection is not practical or
> desirable. Given that the standard currently recognizes that third
> parties are frequently going to be allowed to obtain
> uniquely-identifying user agent strings despite the presence of a
> DNT:1 header, I personally don't think that fixating on client-side
> versus server-side solutions for frequency capping or conversion
> reporting is all that important. However, that does argue for the need
> for accountable statements on the part of complying third-parties
> (whether through a response header or something else).
> Justin Brookman
> Director, Consumer Privacy
> Center for Democracy&  Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> tel 202.407.8812
> fax 202.637.0969
> justin@cdt.org
> http://www.cdt.org
> @CenDemTech
> @JustinBrookman
> On 2/9/2012 5:50 PM, Matthias Schunter wrote:
>> Hi Team,
>> for DNT-related data,  Roy's assessment of the key regulatory concerns
>> matches my experience
>> Regards,
>> matthias
>> On 2/9/2012 10:49 PM, Roy T. Fielding wrote:
>>> Judging from my personal discussions with regulators, I would not
>>> say that data collection constraints are a significant concern.
>>> Data sharing (on purpose or by failure to handle it properly) is
>>> the primary concern.  Data retention beyond that necessary to
>>> support user-consented operational uses, or in a form that is
>>> unnecessary to support operational uses, is a concern.
>>> Obtaining specific and informed consent is a concern.

Received on Thursday, 9 February 2012 23:35:37 UTC