RE: Mandatory Legal Process (ACTION-57, ISSUE-28) from Shane Wiley on 2012-01-25 (public-tracking@w3.org from January 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 25 Jan 2012 10:28:55 -0800
To: Jonathan Mayer <jmayer@stanford.edu>
CC: Tom Lowenthal <tom@mozilla.com>, David Singer <singer@apple.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D0C4250C8@SP2-EX07VS02.ds.corp.yahoo.com>

Jonathan,

I don't believe it's appropriate to state if you want to be DNT compliant you now need to sign-up for legal disclosures that have NOTHING to do with DNT.  I believe this is an overreach to provide generally greater privacy protections for consumers in general - but outside of the scope of DNT.  While I generally agree with the sentiment, this is not the right location for it.

- Shane

-----Original Message-----
From: Jonathan Mayer [mailto:jmayer@stanford.edu] 
Sent: Wednesday, January 25, 2012 7:22 PM
To: Shane Wiley
Cc: Tom Lowenthal; David Singer; public-tracking@w3.org
Subject: Re: Mandatory Legal Process (ACTION-57, ISSUE-28)

The text I've proposed addresses web information practices for DNT users.  By all means argue why organizations shouldn't inform their users of compelled disclosure, but I think this text is unambiguously within the working group's scope.

On Jan 25, 2012, at 7:15 PM, Shane Wiley wrote:

> I believe attempts to "add on" to the party responsibilities within legal process "outside of the DNT standard" is outside of scope of the working group.  Instead I would suggest the preamble of each document simply state "this standard is not intended to override local, state, or country law."
> 
> - Shane
> 
> -----Original Message-----
> From: Tom Lowenthal [mailto:tom@mozilla.com] 
> Sent: Wednesday, January 25, 2012 7:11 PM
> To: David Singer; public-tracking@w3.org
> Subject: Re: Mandatory Legal Process (ACTION-57, ISSUE-28)
> 
> I don't think we need anything apart from Jonathan's text. I'd argue that for process applied to data collected in a third party capacity, notification is a must; for first party data, a should; and for any breach where you must notify some users, you must notify all users.
> 
> On Wed 25 Jan 2012 06:43:06 PM CET, David Singer wrote:
>> 
>> On Jan 25, 2012, at 16:12 , Jonathan Mayer wrote:
>> 
>>> Proposed text:
>>> 
>>> A party MAY take action contrary to the requirements of this standard if compelled by mandatory legal process.  To the extent allowed by law, the party MUST (SHOULD? MAY? non-normative?) notify affected users.
>> 
>> which means we need a 'legal exception'?
>> 
>> 
>> 
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>> 
>> 
>

Received on Wednesday, 25 January 2012 18:29:54 UTC