- From: Tamir Israel <tisrael@cippic.ca>
- Date: Wed, 22 Feb 2012 10:51:44 -0500
- To: public-tracking@w3.org
- Message-ID: <4F450F10.5000000@cippic.ca>
Hi Alan,
My apologies for chiming in -- I'm coming to this process quite late.
Feel free to ignore if the point I'm raising merely rehashes comments
that have already been made, or is off point in some other respect.
My concern with deference to domestic standards in this context is it
will make it very difficult for Internet companies to develop multiple
notification criteria for the various jurisdictions they're going to be
active in. The most likely outcome would be either the inconsistency in
application of these standards or, worse, convergence on the lowest
common denominator. This won't help the legitimacy and adoption of a W3C
standard abroad, I suspect.
Certainly in Canada, direct notification (beyond notice buried in a
privacy statement) would appear to be a minimal requirement for
compliance with the online tracking guidelines our privacy commissioner
issued not too long ago. I paste these here in part for your consideration:
While obtaining consent in the online environment is not without its
challenges, it is possible. Opt-out consent for online behavioural
advertising could be considered reasonable providing that:
* Individuals are made aware of the purposes for the practice in a
manner that is clear and understandable -- the purposes must be made
obvious and cannot be buried in a privacy policy. Organizations
should be transparent about their practices and consider how to
effectively inform individuals of their online behavioural
advertising practices, by using a variety of communication methods,
such as online banners, layered approaches, and interactive tools;
* Individuals are informed of these purposes at or before the time of
collection and provided with information about the various parties
involved in online behavioural advertising;
* Individuals are able to easily opt-out of the practice - ideally at
or before the time the information is collected;
* The opt-out takes effect immediately and is persistent;
* The information collected and used is limited, to the extent
practicable, to non-sensitive information (avoiding sensitive
information such as medical or health information); and
* Information collected and used is destroyed as soon as possible or
effectively de-identified.
http://www.priv.gc.ca/information/guide/2011/gl_ba_1112_e.cfm
Thanks and best regards,
Tamir Israel
Staff Lawyer
Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC)
University of Ottawa, Faculty of Law, CML
57 Louis Pasteur Street
Ottawa, ON, K1N 6N5
Tel: (613) 562-5800 ext. 2914
Fax: (613) 562-5417
www.cippic.ca
On 2/22/2012 9:31 AM, Alan Chapell wrote:
> Thanks Jeff - This is certainly a step in the right direction. I'd like to
> propose my own text for consideration.
>
>
> When seeking exemption when DNT:1 is sent sites should communicate those
> requests clearly, accurately and in line with consumer protection law(s)
> in the jurisdiction(s) in which they operate.
>
>
>
>
>
>
> Cheers,
>
> Alan Chapell
> Chapell& Associates
> 917 318 8440
>
>
>
>
>
>
> On 2/22/12 9:16 AM, "Jeffrey Chester"<jeff@democraticmedia.org> wrote:
>
>>> When seeking exemption when DNT:1 is sent, a site must disclose on the
>>> first screen an accurate summary of their data tracking practices. It
>>> should succinctly and accurately explain how a user will be tracked on
>>> the site, and what data may be shared or used by third parties. The
>>> site should not rely on privacy statement that requires the user to
>>> travel to another page. Sites seeking an exemption should engage in
>>> additional disclosure when seeking a user exemption from DNT:1
>>
>
>
Received on Thursday, 23 February 2012 09:25:11 UTC