- From: Vinay Goel <vigoel@adobe.com>
- Date: Fri, 8 Jun 2012 07:12:20 -0700
- To: Jeffrey Chester <jeff@democraticmedia.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Hi Jeff, I want to make sure I understand your statements below. You say below "there shouldn't be 'cherry-picking' allowed in the spec". Is your intention to apply that statement to both websites and browser manufacturers? Specifically, I believe your statements below suggest that a website cannot pick parts of the spec it wants to comply with, and not comply with the parts where DNT:1 was set by a browser. But, I would argue that Microsoft IE 10 would be, in fact, cherry-picking parts of the spec that it wants to comply with (such as the DNT mechanism, what it is suppose to impact, etc.) but ignoring a part of the spec (that the DNT preference must be set by the user). In addition, you say that in your view a site that doesn't honor DNT will not be considered brand safe. Will Microsoft IE 10, with setting DNT:1 by default and therefore not honoring all of the DNT specs, not be considered "brand safe"? -Vinay ________________________________________ Vinay Goel | Privacy Product Manager | Adobe Systems | Office: 917.934.0867 On 6/8/12 6:51 AM, "Jeffrey Chester" <jeff@democraticmedia.org> wrote: >I support what Ninja says below, and the concerns Jonathan raises. There >shouldn't be "cherry-picking" allowed in the spec. When sites receive >DNT, they should honor it. The W3C should not develop a policy that >permits the over-riding of requests/intent of global Internet users. > >The key issue for us to address is the need to limit collection and >retention. I hope we can discuss and build support for a consensus on >the proposal sent the other day by EFF/Mozilla and Jonathan. Without >meaningful collection and retention policy, we risk not having a spec >that can receive the support from many stakeholders (esp civil society). >That is critical to the fate of the privacy and digital consumer >protection debates, esp. both sides of the Atlantic. > >Finally, I want to add that in my view and fairly quickly a site that >doesn't honor DNT will not be considered "brand safe." Responsible >advertisers and brands concerned about their reputation will need to >respect a robust DNT. They will have to add DNT to the >blacklist/whitelist systems in place. It behooves us to continue to >advance the process of ensuring monetization and privacy can thrive >together in the digital economy. > >Jeff > >On Jun 8, 2012, at 5:26 AM, Ninja Marnau wrote: > >> We are discussing two different issues here. >> >> First is, I support that servers should give the users a clear answer >>wether their DNT request is honored. There should be an option to answer >>NACK. >> >> Second is, a company claiming "We will honor DNT when it's coming from >>the following user agents" or "We will honor DNT from all user agents >>except for the following" (I am quoting Ian's example here) is honest - >>and I appreciate that. But whether it is "compliant" to the DNT >>recommendation or not, is up to us as a working group. It is our task to >>discuss whether we want the spec to allow this cherry-picking. (Don't >>get me wrong, companies can stll do so. But will they be able to claim >>DNT compliance?). >> >> I oppose this. I think the spec should state that when you receive a >>valid signal, no matter from what UA, you have to honor it in order to >>claim DNT compliance. >> >> There are several reasons for this: >> 1) predictability >> David raised this point and I agree: "Defining that "I'll stop tracking >>unless I don't feel like it" as *compliant* makes it basically >>unpredictable what will happen." >> >> 2) only for "uncompliant" UAs? >> If we open the spec to cherry-picking. Will it stop at "uncompliant"? >>Or will the spec just stay silent or explicitly allow for other >>motivations? Patent lawsuits, harming competitors, just feeling like it >>- for painting a very black picture. >> I don't support this as being considered DNT compliant. >> >> 3) Who decides wether a UA is "uncompliant"? >> As long as there is no judgement by a competent authority, this is a >>very critical statement. >> >> 4) liability issues >> If the spec allows to NACK the DNT requests of "uncompliant" UAs, and I >>site claims to "honor DNT from all user agents except for the following >>..." it makes a legally relevant statement about these UAs. Which may >>lead to liability and claims for damages by these UAs if the judgement >>is wrong. >> If the spec is more open -> issue 2. >> >> 5) hindering privacy-by-default >> The proposed Data Protection Regulation of the EC explicitly asks for >>privacy by default. (Art. 23) >> >> >> Ninja >> >> >> >> Am 08.06.2012 10:25, schrieb Rigo Wenning: >>> On Thursday 07 June 2012 18:25:27 Ian Fette wrote: >>>> A site is already under no obligation to conform to DNT. Would you >>>> rather have the user be clear that their request is being >>>> ignored, or left to wonder? >>> >>> Precisely my point! Thanks Ian >>> >>> Rigo >>> >> >> -- >> >> Ninja Marnau >> mail: NMarnau@datenschutzzentrum.de - http://www.datenschutzzentrum.de >> Telefon: +49 431/988-1285, Fax +49 431/988-1223 >> Unabhaengiges Landeszentrum fuer Datenschutz Schleswig-Holstein >> Independent Centre for Privacy Protection Schleswig-Holstein >> >> >> > > Confidentiality Notice: The contents of this e-mail (including any attachments) may be confidential to the intended recipient, and may contain information that is privileged and/or exempt from disclosure under applicable law. If you are not the intended recipient, please immediately notify the sender and destroy the original e-mail and any attachments (and any copies that may have been made) from your system or otherwise. Any unauthorized use, copying, disclosure or distribution of this information is strictly prohibited. <ACL>
Received on Friday, 8 June 2012 14:12:51 UTC