- From: Rigo Wenning <rigo@w3.org>
- Date: Thu, 19 Jan 2012 08:45:19 +0100
- To: public-tracking@w3.org
- Cc: David Singer <singer@apple.com>, Nicholas Doty <npdoty@w3.org>, Sid Stamm <sid@mozilla.com>, "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA" <Vincent.Toubiana@alcatel-lucent.com>
David, we are approaching the "normal" catch22 situation of the data self determination concept that is secretly underlying all our discussions IMHO. On Wednesday 18 January 2012 16:37:25 David Singer wrote: > I think we're designing a protocol between the UA and the server, and what > that protocol means and its requirements. UA to user interactions are out > of the scope of a MUST statement, I think. And if you want to have (some) user-control and self-determination, we assume that at some point the user should be enabled to make a (albeit possibly automated) decision. And the protocol, at some point, needs to trigger that decision process. I do not believe we can avoid that without going square to the entire concept of privacy (because privacy is finally about autonomy). This said, a specification should only said that there MUST be a user decision and not how that user decision is implemented. Note that P3P implementation on UAs failed mainly because of lacking guidance and complete misunderstanding by implementers. Coming out of a 4 year research project where we investigated some of this, I could imagine that it may be worthwhile to have some good practices documentation where we join forces to unearth good privacy interfacing guidelines. Best, Rigo
Received on Thursday, 19 January 2012 07:45:50 UTC