W3C home > Mailing lists > Public > public-tracking@w3.org > January 2012

Re: ACTION-43: added user-agent-managed site-specific exception proposal to Editor's Draft

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 19 Jan 2012 08:45:19 +0100
To: public-tracking@w3.org
Cc: David Singer <singer@apple.com>, Nicholas Doty <npdoty@w3.org>, Sid Stamm <sid@mozilla.com>, "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA" <Vincent.Toubiana@alcatel-lucent.com>
Message-ID: <9412562.yxbvIRmebd@freud>
David, 

we are approaching the "normal" catch22 situation of the data self 
determination concept that is secretly underlying all our discussions IMHO. 

On Wednesday 18 January 2012 16:37:25 David Singer wrote:
> I think we're designing a protocol between the UA and the server, and what
> that protocol means and its requirements.  UA to user interactions are out
> of the scope of a MUST statement, I think.

And if you want to have (some) user-control and self-determination, we assume 
that at some point the user should be enabled to make a (albeit possibly 
automated) decision. And the protocol, at some point, needs to trigger that 
decision process. I do not believe we can avoid that without going square to 
the entire concept of privacy (because privacy is finally about autonomy).

This said, a specification should only said that there MUST be a user decision 
and not how that user decision is implemented. Note that P3P implementation on 
UAs failed mainly because of lacking guidance and complete misunderstanding by 
implementers. Coming out of a 4 year research project where we investigated 
some of this, I could imagine that it may be worthwhile to have some good 
practices documentation where we join forces to unearth good privacy 
interfacing guidelines.

Best, 

Rigo
Received on Thursday, 19 January 2012 07:45:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:30 UTC