Re: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49)

For the record, here is what Chairman Leibowitz said in the speech
Shane and Justin are referencing:


[DNT] should be universal, honored by not just the advertising
industry, but also by other companies that track consumers online.
Consumers would have to be able to find and use the system easily and
the tracking preference should be persistent –  it shouldn’t disappear
if a consumer clears her cookies or updates her browser.  And most
important, Do Not Track should
allow consumers to do more than just turn off targeted advertising;
they must be able to opt out of the collection of behavioral data for
all purposes except for a few specific categories like preventing
click fraud and facilitating billing.

[end quote]

Full text of the speech is here:

On Thu, Feb 9, 2012 at 6:17 PM, Justin Brookman <> wrote:
> I disagree with this statement. The FTC has announced five criteria
> necessary for "Do Not Track" to be successful; the fourth is that "Do Not
> Track" needs to address collection as well as usage. Similarly, the Article
> 29 Working Party identified failure to address collection/retention as a
> limitation in the existing DAA opt-out framework. So it is not at all
> correct to state that regulators are only interested in use limitations.
> That said, I think these regulators have also recognized that a complete
> prohibition on third-party collection is not practical or desirable. Given
> that the standard currently recognizes that third parties are frequently
> going to be allowed to obtain uniquely-identifying user agent strings
> despite the presence of a DNT:1 header, I personally don't think that
> fixating on client-side versus server-side solutions for frequency capping
> or conversion reporting is all that important. However, that does argue for
> the need for accountable statements on the part of complying third-parties
> (whether through a response header or something else).
> Justin Brookman
> Director, Consumer Privacy
> Center for Democracy&  Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> tel 202.407.8812
> fax 202.637.0969
> @CenDemTech
> @JustinBrookman
> On 2/9/2012 5:50 PM, Matthias Schunter wrote:
>> Hi Team,
>> for DNT-related data,  Roy's assessment of the key regulatory concerns
>> matches my experience
>> Regards,
>> matthias
>> On 2/9/2012 10:49 PM, Roy T. Fielding wrote:
>>> Judging from my personal discussions with regulators, I would not
>>> say that data collection constraints are a significant concern.
>>> Data sharing (on purpose or by failure to handle it properly) is
>>> the primary concern.  Data retention beyond that necessary to
>>> support user-consented operational uses, or in a form that is
>>> unnecessary to support operational uses, is a concern.
>>> Obtaining specific and informed consent is a concern.

Received on Friday, 10 February 2012 13:17:44 UTC