RE: Towards a Grand Compromise

Tamir,

I believe you may be reading too much into two common terms in the English language – these are not meant to relate to any specific countries legal terms of art.  In this case “consent” simply means “agreement to presented option” and “explicit” means “fully revealed or expressed without vagueness”.

- Shane

From: Tamir Israel [mailto:tisrael@cippic.ca]
Sent: Wednesday, June 06, 2012 7:04 AM
To: Jonathan Mayer
Cc: public-tracking@w3.org
Subject: Re: Towards a Grand Compromise

I have an issue with the use of the term 'explicit consent' in the context of 1.1. This is perhaps a terminology problem.

Specifically, under must DP frameworks (and I feel we are operating in a data protection paradigm here), 'explicit consent' basically means a positive act assenting to the collection, use or disclosure of personal information.

I understood the objective of the spec is to 'express user preferences' (this is not the same as consent, I get the impression we are conflating the two).

Take your: "Example: The user agent's privacy preferences pane includes controls for configuring the Tracking Preference signal." This is more or less the archetypal description of _implicit_ consent, not explicit.

Best,
Tamir


On 6/6/2012 8:06 AM, Jonathan Mayer wrote:
This group has made tremendous progress.  As we enter our second year and look forward to our fifth meeting, we can celebrate achieving hard-won consensus on many difficult topics.

It's time to complete our task.  We have given shape to the several issues at the center of Do Not Track policy, but we have not reached agreement on how to resolve them.  Those issues are, in brief:

1) May a user agent enable Do Not Track by default?

2) May a website share its information with corporate affiliates?

3) May a third-party website continue to set tracking cookies (or use an equivalent technology for collecting a user's browsing history)?

Peter Eckersley (EFF), Tom Lowenthal (Mozilla), and I (Stanford) have iterated on a comprehensive compromise proposal that addresses these issues.  The text draws extensively on prior drafts from multiple constituencies.  It would, in short:

1) Require explicit consent for enabling Do Not Track.

2) Allow affiliate information sharing.

3) Prohibit tracking cookies.

We have received valuable feedback from a number of participant viewpoints, including browser vendors, advertising companies, analytics services, social networks, policymakers, consumer groups, and researchers.  Out of respect for the candid nature of those ongoing conversations, we leave it to stakeholders to volunteer their contributions to and views on this proposal.

As you review the draft, please recognize that it is a compromise proposal.  The document is not a retread of well-worn positions; it reflects extraordinarily painful cuts for privacy-leaning stakeholders, including complete concessions on two of the three central issues.  Some participants have already indicated that they believe the proposal goes too far and are unwilling to support it.

We would ask all stakeholders to approach the document with a collegial spirit.  I can assure you now: there will be components of the proposal that you will not like.  Some industry and advocacy participants will flatly reject it.  But when everyone in the center of the group is just a bit unhappy, I think we've found our consensus.

Sincerely,
Jonathan

Received on Wednesday, 6 June 2012 15:54:13 UTC