Re: ACTION-255: Work on financial reporting text as alternative to legal requirements

See below...

On 10/2/12 3:54 AM, "Rigo Wenning" <> wrote:

>On Monday 01 October 2012 19:49:37 Alan Chapell wrote:
>> The only thing you and I agree upon here is that you can't provide
>> the smoking gun. (:
>... which is a personal limitation, not an absolute one. We can go
>ask the DPAs and people who are closer to the day by day cases to
>provide us with some really creepy stories. But I think sometimes
>misunderstandings are considered a feature.
>More below?
>> >Oh, Airline XYZ can only do so because they have bought the
>> >profile that tells them I can afford the higher price... - just
>> >as an example - That we do not address first parties is
>> >irrelevant for the EU and a sign of careful nudging of the US
>> >community.
>> In my experience, it would be unlikely (at best) that airline
>> would operate in the way that you're suggesting. We need
>> to distinguish what is POSSIBLE in theory from what is PRACTICAL.
>The question is not about what you guess the airline would do (it
>was a broker). The point is that they collected data for the purpose
>stateful service and used it for price discrimination.

This is an assumption that you are making without providing any evidence.

> This is a 
>consumer protection issue. This is my point, not more. If you
>collect data to determine that somebody is from the UK, you may well
>give them a different price. Or you may exclude Germans from Youtube
>because of licensing battles between GEMA and Google. And as soon as
>there is an issue, people will route around. If the incentive is
>strong enough, the masses will move. Look at the download statistics
>of adblock plus. If you're not seen to honor privacy choices (and
>continue to do business, thus my call for innovation), the consumers
>will IMHO react with data blocking. I can show you the tools. This
>is very easy and effective. You prefer that? At some point in time,
>the arms race will hit the limit of the legislation around hacking
>(the consumer's computers)
>> So if this is your example of harm, you may want to keep looking
>The harm is the undue price discrimination because of superior
>knowledge that has its roots in the data collection.

>Again, I don't 
>know what harm you're looking for. Your exemption is not "use IP
>addresses to show PCMCP that the user that got the ad is from the
>UK". Your exemption is: "Whatever code of conduct fits me best will
>trump the user's stated preference".

Please point me to the place where I've made this statement - or anything
close to it. Are we reading minds now?
>This allows to continue to build profiles despite the DNT:1 header
>being present. With a good profile you can predict people and
>manipulate them. This is why targeted advertisement is so much more
>effective and expensive. There are a gazillion other examples. Even
>a constitutional court said some 28 years ago that the creepiness
>created by those profiles has a harming dimension that justifies
>societal intervention. So it is not just me and my imagination.
>And you come here, take one of my funny examples and declare: "There
>is no harm!". While it is right to question limitations, it is also
>right to question data collection. While my example may be a bit
>thin (I shouldn't have provided one, just point you to a large
>collection, Ninja's office has one) its thinness can't be taken as
>an argument to question the collection limitation principle in
>general as introduced by the OECD in 1981.
>> >> >2/ Democratic values
>> >[...]
>> If you put the third party intermediaries out of business - by
>> definition the marketplace will be smaller.
>If the only option for SMEs to survive would be unlimited data
>collection for financial reporting, this would be a sinister
>outlook, indeed. 
>> >Because there is a fundamental transatlantic divide. We have that
>> >even internally. While the eastern part believes that the
>> >availability of organized personal data is very prone to abuse,
>> >the western part believes that it is all about use limitations.
>> >Give the data to the junkie but say: "do not use!". Some
>> >believe, some don't. Note that those legitimate exceptions are
>> >law in EU. Self regulation has to re-invent those. For the
>> >unregulated, this is a test whether we can find a reasonable
>> >compromise without the formal democratic process.
>> I have no idea what you mean here
>Normal, you are part of the divided landscape and you haven't tried
>looking beyond your own side of things. This is all about collection
>limitations and quick transformations of personal data collected to
>remove the personal context. Mainly, large collections of personal
>data are seen as an intrinsic danger.
>> But while we're on the subject
>> of providing arguments for your assertions, I'd invite you to
>> provide a specific argument of harm that addresses the request
>> for exemptions. If the is the best you can do, well...
>Google for Censilia and Zensursula. You'll find a filtering system
>for control of information streams with large scope creep (also
>active in the US and Canada I think). I said already 2 times:
>Governments and others would love to have national Internets they
>can control. The more you collect data, the more you can control
>people. You say: But I promise not to control people with that data.
>Others may say, avoid the collection in the first place, especially
>if the users has asked you not to collect. In Egypt, they found ways
>around very quickly. You haven't answered that argument yet.

And how exactly, will DNT address these?

>The problem with your exemption is that it can be believed to be the
>portal for collection scope creep even under DNT:1. The more I see
>the intensity of the fight, the more I'm inclined to believe in the
>scope creep here. How can it be avoided that you create the
>contractual obligations that allows you to collect data under
>exemptions as before regardless of the DNT header?
>> >I see the polls that indicate that over 56% of Europeans erase
>> >_all_ their cookies at least once a month. 25% weekly (from the
>> >top of my head, search for eurobarometer).
>> >
>> >2002, the industry thought: "danger banned, no privacy provisions
>> >in the US, move on". And the browsers thought: "we manage
>> >cookies by blocking tools". Ten years after, we are back to the
>> >core semantic problem: "Can I trust your assertions?". What does
>> >that tell me? Everybody has to optimize in some direction.
>> >That's what this effort is all about. I have to optimize in the
>> >direction of excellence... And putting in question the bases of
>> >the effort for financial reporting is against my optimization
>> >target. And there, your wording was much better (and stronger)
>> >than mine.
>> Thank you. Its interesting that you reference P3P. Do you believe
>> that P3P was a success?
>It was a huge success for the industry to avoid legislation in the
>US. It was a huge browser-failure.

If you could elaborate on the ways the P3P helped avoid legislation in the
U.S., I'd appreciate it.

>And it was a respectable
>scientific success as all newer policy and data handling research is
>still very often based on the P3P statement vocabulary. I don't
>think all browsers will repeat the same mistakes. IMHO, the changes
>without DNT would change your business more than I ever could with
>my emails and discussion. I'm trying to find a middle ground and new
>ways to allow for the same business with less data to avoid that
>bump. I try to help. If this leads into the trenches, it is

Received on Tuesday, 2 October 2012 13:41:49 UTC