Re: diff of TPE editing since the FPWD


On Thursday 12 January 2012 14:55:30 Shane Wiley wrote:
> Could you please explain the context of why the UK ICO is requesting an
> "expression mechanism" in this regard?  

Have I said "requested"? I don't think so. I met the UK ICO people at the OECD 
high level meeting in Paris last June and explained them the potential of DNT 
with respect to Art. 5.3 of the current version of Directive 2002/58/EC. They 
were really really interested. Why? See below...

> If you're suggesting that DNT
> expressions serve as a persistent store for a user's opt-out choices
> available from most 3rd party OBA activities, then I completely agree (and
> believe this is the true value and goal of the working group).  

It is even better than that. IMHO DNT is already obviously a very good 
mechanism to implement opt-out in a technically very solid way. But DNT can be 
also used (and is a tool here, so don't panic) to ease the pain for businesses 
in regional areas that clearly have chosen an opt-in regime, which is clearly 
the case for Directive 2002/58/EC as amended by 2009/136/EC (ePrivacy). The 
idea is that it doesn't need technical changes to DNT, but some howto for the 

> But even in
> this context, the goal is to limit/halt "cross-site tracking".  Is there
> some other activity you're attempting to have this signal serve as an
> "expression"?  In the EU Data Protection Directive context, is there
> another use for 1st parties you're envisioning here?
DNT can perhaps serve as a (limited) expression of consent to a certain 
extend. That was the idea I presented in hallway conversations in Princeton 
and that got some traction. Though I haven't heard Rob praising it yet, so 
there may still be a lot of work. This is a more silent track and goal of our 
works here. And this goal is not affected by the baseline protection 
discussions for the US market we are having too with more noise. The 
additional goal is realized on the protocol level. And if the US baseline 
protection discussion poisons the protocol, we run into difficulties to make 
everything useful in other regions. 

My request to move "cross-site" back into the compliance discussions is thus 
not one of content and does IMHO not affect the US baseline protection 
discussion in its substance. 

IMHO we need a good tool to record expressions reliably. This can be opt-
whatever (in/out/on/off/up/down). There is more to it, like the feedback 
mechanism whether a service supports DNT. At the end, somebody coming to you 
saying "you collected data but weren't supposed to" can be confronted with his 
own declarations. In this context the "opt back in" works become very 
important and I'm looking forward to discussions about it in Brussels. 



Received on Friday, 13 January 2012 09:03:19 UTC