W3C home > Mailing lists > Public > public-tracking@w3.org > January 2012

Re: ACTION-43: added user-agent-managed site-specific exception proposal to Editor's Draft

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 19 Jan 2012 08:45:19 +0100
To: public-tracking@w3.org
Cc: David Singer <singer@apple.com>, Nicholas Doty <npdoty@w3.org>, Sid Stamm <sid@mozilla.com>, "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA" <Vincent.Toubiana@alcatel-lucent.com>
Message-ID: <9412562.yxbvIRmebd@freud>

we are approaching the "normal" catch22 situation of the data self 
determination concept that is secretly underlying all our discussions IMHO. 

On Wednesday 18 January 2012 16:37:25 David Singer wrote:
> I think we're designing a protocol between the UA and the server, and what
> that protocol means and its requirements.  UA to user interactions are out
> of the scope of a MUST statement, I think.

And if you want to have (some) user-control and self-determination, we assume 
that at some point the user should be enabled to make a (albeit possibly 
automated) decision. And the protocol, at some point, needs to trigger that 
decision process. I do not believe we can avoid that without going square to 
the entire concept of privacy (because privacy is finally about autonomy).

This said, a specification should only said that there MUST be a user decision 
and not how that user decision is implemented. Note that P3P implementation on 
UAs failed mainly because of lacking guidance and complete misunderstanding by 
implementers. Coming out of a 4 year research project where we investigated 
some of this, I could imagine that it may be worthwhile to have some good 
practices documentation where we join forces to unearth good privacy 
interfacing guidelines.


Received on Thursday, 19 January 2012 07:45:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:30 UTC