- From: Rigo Wenning <rigo@w3.org>
- Date: Fri, 13 Jan 2012 10:00:24 +0100
- To: Shane Wiley <wileys@yahoo-inc.com>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>, Ed Felten <ed@felten.com>
Shane, On Thursday 12 January 2012 14:55:30 Shane Wiley wrote: > Could you please explain the context of why the UK ICO is requesting an > "expression mechanism" in this regard? Have I said "requested"? I don't think so. I met the UK ICO people at the OECD high level meeting in Paris last June and explained them the potential of DNT with respect to Art. 5.3 of the current version of Directive 2002/58/EC. They were really really interested. Why? See below... > If you're suggesting that DNT > expressions serve as a persistent store for a user's opt-out choices > available from most 3rd party OBA activities, then I completely agree (and > believe this is the true value and goal of the working group). It is even better than that. IMHO DNT is already obviously a very good mechanism to implement opt-out in a technically very solid way. But DNT can be also used (and is a tool here, so don't panic) to ease the pain for businesses in regional areas that clearly have chosen an opt-in regime, which is clearly the case for Directive 2002/58/EC as amended by 2009/136/EC (ePrivacy). The idea is that it doesn't need technical changes to DNT, but some howto for the implementation. > But even in > this context, the goal is to limit/halt "cross-site tracking". Is there > some other activity you're attempting to have this signal serve as an > "expression"? In the EU Data Protection Directive context, is there > another use for 1st parties you're envisioning here? > DNT can perhaps serve as a (limited) expression of consent to a certain extend. That was the idea I presented in hallway conversations in Princeton and that got some traction. Though I haven't heard Rob praising it yet, so there may still be a lot of work. This is a more silent track and goal of our works here. And this goal is not affected by the baseline protection discussions for the US market we are having too with more noise. The additional goal is realized on the protocol level. And if the US baseline protection discussion poisons the protocol, we run into difficulties to make everything useful in other regions. My request to move "cross-site" back into the compliance discussions is thus not one of content and does IMHO not affect the US baseline protection discussion in its substance. IMHO we need a good tool to record expressions reliably. This can be opt- whatever (in/out/on/off/up/down). There is more to it, like the feedback mechanism whether a service supports DNT. At the end, somebody coming to you saying "you collected data but weren't supposed to" can be confronted with his own declarations. In this context the "opt back in" works become very important and I'm looking forward to discussions about it in Brussels. Best, Rigo
Received on Friday, 13 January 2012 09:03:19 UTC