Re: ACTION-255: Work on financial reporting text as alternative to legal requirements

Alan, 

On Monday 01 October 2012 16:51:45 Alan Chapell wrote:
> I appreciate your taking the time - and the willingness to engage
> in dialog. However, you really did not directly answer my
> questions. You are providing high level examples of privacy
> issues - most of which will not be addressed by DNT unless we
> radically change our approach.

If DNT would not address some of those issues, you wouldn't see me 
engaged. :) But this IMHO. I also know that I can't provide the 
smoking gun. I guess, Ninja and Rob could. W3C as a community is a 
pretty good indication whether something is going on. People are 
afraid. This can kill the entire market. That's why we are 
discussing here.

more inline

> On 10/1/12 4:27 PM, "Rigo Wenning" <rigo@w3.org> wrote:
> >blocking tools. I can show you how easy it is. If this is still
> >an issue in 5 years, this may even be more damaging to the
> >industry than DNT ever could be.
> 
> How is DNT going to stop this practice? If I'm buying my tickets
> via Delta.com, Delta is a 1st party and would not be subject to a
> DNT signal for these purposes.

Oh, Airline XYZ can only do so because they have bought the profile 
that tells them I can afford the higher price... - just as an 
example - That we do not address first parties is irrelevant for the 
EU and a sign of careful nudging of the US community.
> 
> >2/ Democratic values
> >In confirmation of Godwin's law let me tell you that I think that
> >totalitarianism doesn't need computers. But it makes life easier
> >for them. The concentration of high amounts of personal data in
> >few hands is a risk in the power balance.
> 
> I agree - concentration of data in a small number of players is
> problematic. How do you see DNT addressing this issue? In fact, I
> think one can make a plausible argument that DNT will concentrate
> data in a smaller number of entities. I believe that's a horrible
> outcome that many in this group may be missing and/or choosing to
> ignore.

You fail to give an argument for your assertion. While one can make 
a plausible argument, you'll have to make that argument to 
contradict me. Why should the number of players be smaller if I can 
refuse collection? Note: a first party -by definition- can't collect 
cross site. Leaves you the 2-3 big fish. Those have a different 
incentive: They are targets.
> 
[...]
> My point - There are going to be legitimate exceptions for the use
> of data. And each exception should be weighed on the merits -
> benefit to creating the exception vs risks of keeping the
> exception. My issue with your approach is that you aren't really
> explaining what you think the harm is to allowing my specific
> exception.

Because there is a fundamental transatlantic divide. We have that 
even internally. While the eastern part believes that the 
availability of organized personal data is very prone to abuse, the 
western part believes that it is all about use limitations. Give the 
data to the junkie but say: "do not use!". Some believe, some don't. 
Note that those legitimate exceptions are law in EU. Self regulation 
has to re-invent those. For the unregulated, this is a test whether 
we can find a reasonable compromise without the formal democratic 
process. 
> 
> >It is therefore essential that somebody can just indicate to the
> >system not to be recorded. And that the system just does not
> >record, or at least throws away after a very short time. So DNT
> >is just a tiny tool, a little aspect in this overall picture.
> >But it could be a useful tool. Now you may understand that
> >recording the same information for accounting or PCMCP (a pure
> >use limitation that is) is not sufficient for most people.
> 
> What are these people you cite? Are you representing the interests
> of consumers in the same way that Jeff and John are?

People just meant my grandma. I neither represent consumers nor 
industry nor W3C Team. Because the answer given here are not 
coordinated with the W3C Team. I'm just talking to you from my ivory 
tower of 15 years of privacy research. This is my second exercise 
after P3P, XACML privacy extensions and the like... But I see the 
polls that indicate that over 56% of Europeans erase _all_ their 
cookies at least once a month. 25% weekly (from the top of my head, 
search for eurobarometer).

2002, the industry thought: "danger banned, no privacy provisions in 
the US, move on". And the browsers thought: "we manage cookies by 
blocking tools". Ten years after, we are back to the core semantic 
problem: "Can I trust your assertions?". What does that tell me? 
Everybody has to optimize in some direction. That's what this effort 
is all about. I have to optimize in the direction of excellence... 
And putting in question the bases of the effort for financial 
reporting is against my optimization target. And there, your wording 
was much better (and stronger) than mine.

Rigo

Received on Monday, 1 October 2012 23:01:56 UTC