Re: Mandatory Legal Process (ACTION-57, ISSUE-28)

agreed. this is overreach in the context of this compliance document, as
meritorious as its intent may be. I applaud Justice Sotomayor and look
forward to the evolution of this thread in American law. And I also really
appreciate Jonathan's strong user focus. But it is at least theoretically
possible that the law would compel the opposite, and it's difficult to see
how this standard should compel compliers to break the law in particular
circumstances. In any event, this is a broad enough departure from any
previous conversations on the compliance spec that it would require
substantive dialogue.




On Wed, Jan 25, 2012 at 7:28 PM, Shane Wiley <wileys@yahoo-inc.com> wrote:

> Jonathan,
>
> I don't believe it's appropriate to state if you want to be DNT compliant
> you now need to sign-up for legal disclosures that have NOTHING to do with
> DNT.  I believe this is an overreach to provide generally greater privacy
> protections for consumers in general - but outside of the scope of DNT.
>  While I generally agree with the sentiment, this is not the right location
> for it.
>
> - Shane
>
> -----Original Message-----
> From: Jonathan Mayer [mailto:jmayer@stanford.edu]
> Sent: Wednesday, January 25, 2012 7:22 PM
> To: Shane Wiley
> Cc: Tom Lowenthal; David Singer; public-tracking@w3.org
> Subject: Re: Mandatory Legal Process (ACTION-57, ISSUE-28)
>
> The text I've proposed addresses web information practices for DNT users.
>  By all means argue why organizations shouldn't inform their users of
> compelled disclosure, but I think this text is unambiguously within the
> working group's scope.
>
> On Jan 25, 2012, at 7:15 PM, Shane Wiley wrote:
>
> > I believe attempts to "add on" to the party responsibilities within
> legal process "outside of the DNT standard" is outside of scope of the
> working group.  Instead I would suggest the preamble of each document
> simply state "this standard is not intended to override local, state, or
> country law."
> >
> > - Shane
> >
> > -----Original Message-----
> > From: Tom Lowenthal [mailto:tom@mozilla.com]
> > Sent: Wednesday, January 25, 2012 7:11 PM
> > To: David Singer; public-tracking@w3.org
> > Subject: Re: Mandatory Legal Process (ACTION-57, ISSUE-28)
> >
> > I don't think we need anything apart from Jonathan's text. I'd argue
> that for process applied to data collected in a third party capacity,
> notification is a must; for first party data, a should; and for any breach
> where you must notify some users, you must notify all users.
> >
> > On Wed 25 Jan 2012 06:43:06 PM CET, David Singer wrote:
> >>
> >> On Jan 25, 2012, at 16:12 , Jonathan Mayer wrote:
> >>
> >>> Proposed text:
> >>>
> >>> A party MAY take action contrary to the requirements of this standard
> if compelled by mandatory legal process.  To the extent allowed by law, the
> party MUST (SHOULD? MAY? non-normative?) notify affected users.
> >>
> >> which means we need a 'legal exception'?
> >>
> >>
> >>
> >> David Singer
> >> Multimedia and Software Standards, Apple Inc.
> >>
> >>
> >
>
>
>


-- 
Sean Harvey
Business Product Manager
Google, Inc.
212-381-5330
sharvey@google.com

Received on Wednesday, 25 January 2012 18:40:27 UTC