W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: ACTION-255: Work on financial reporting text as alternative to legal requirements

From: Chris Mejia <chris.mejia@iab.net>
Date: Tue, 2 Oct 2012 20:31:53 +0000
To: John Simpson <john@consumerwatchdog.org>
CC: "public-tracking@w3.org" <public-tracking@w3.org>, Mike Zaneis <mike@iab.net>, Lou Mastria - DAA <lou@aboutads.info>
Message-ID: <CC9119F8.24BB9%chris.mejia@iab.net>
Hi John,

The DAA recently joined the W3C and the TPWG.  I work for the DAA as its Technical Director.  The IAB is a founding member of the DAA.  Accordingly, I am one of the DAA's official delegation to the TPWG, along with Mike Zanies and Lou Mastria.  The IAB has Brendan Riordan-Butterworth "officially" on the working group as an invited expert.  Several W3C members had requested that Mike, Brendan and I be added to the working group as invited experts representing the digital ad industry, but the Chairs only saw fit to invite Brendan in that capacity.

Mike and I are both here in Amsterdam for the meetings.

Kind Regards,


From: John Simpson <john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>>
Date: Tuesday, October 2, 2012 8:23 PM
To: Chris Mejia - IAB <chris.mejia@iab.net<mailto:chris.mejia@iab.net>>
Cc: Fred Andrews <fredandw@live.com<mailto:fredandw@live.com>>, W3C DNT Working Group Mailing List <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: Re: ACTION-255: Work on financial reporting text as alternative to legal requirements


I always read your posts and those from Mike Zaneis with interest. It is important to understand your positions.

I am also prompted to ask: What is IAB's and DAA's status with the Tracking Protection Working Group?

The participants list does not include either of you.  Is that an oversight?  Will either of you be in Amsterdam?


John M. Simpson
Consumer Advocate
Consumer Watchdog
2701 Ocean Park Blvd., Suite 112
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902

On Oct 2, 2012, at 7:03 AM, Chris Mejia wrote:


Thanks, I have read the charter-- I'm not a newbie to this forum.  Having a charter doesn't mean we shouldn't challenge it; that's not how democratic process works.  If in the end, the charter were flawed and we didn't correct it, all of this work would be for nothing.

As I have suggested time and again, I believe industry would be in favor of bifurcating the compliance spec into regional, if not national compliance docs that would be pointed to from the DNT tech.  Compliance could then be set on a regional level by stake holders from that region driving a true multi-stake-holder process within the region, while taking regional/national laws, regulations, and culture into account.  Iv'e asserted from the time I joined this initiative that a "one size fits all" for the world compliance specification will not work here-- it's simply impractical, and frankly arrogant (where are the representatives from Asia, from Central and South America, from Canada?).  On the technology side, we might get there, but only if people are willing to examine this group's work product critically, with an eye towards divorcing it from regional policy.


Chris Mejia, IAB & DAA

P.S. Which organization and constituency do you represent here Fred?  Apologies in advance for my ignorance-- I don't believe we have met formally.

On Oct 2, 2012, at 2:18 PM, "Fred Andrews" <fredandw@live.com<mailto:fredandw@live.com>> wrote:


This forum is not here to debate the merits of DNT.  Please read the charter http://www.w3.org/2011/tracking-protection/charter

I have suggested that an explicit opt-out be added to handle needs such as your contractual needs and also suggested adding a user ID with a declared country that you could use for contractual reporting.  This may still meet the charter of the group as users still have control and are allowed to express their preference.  I challenge you to support such an initiative.

The exemptions have corrupted DNT and made it almost meaningless.  If you really believe that most users are not afraid of being profiled and tracked then you should have nothing to fear from DNT which is just a mechanism to allow users to express their privacy preferences.  Requesting more exemptions further diminishes the meaning of DNT - the only problem you are solving is to make DNT meaningless.

I support Rigo in his attempts to block your exemption and there would seem to be a duty to keep the group on charter.  But I don't think the approach taken towards the exemptions has worked - finally it gets to your requested exemption and people realize there is nothing left of DNT and that users can not express anything meaningful.


> From: chris.mejia@iab.net<mailto:chris.mejia@iab.net>
> To: rigo@w3.org<mailto:rigo@w3.org>
> CC: achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>; mike@iab.net<mailto:mike@iab.net>; david@networkadvertising.org<mailto:david@networkadvertising.org>; npdoty@w3.org<mailto:npdoty@w3.org>; public-tracking@w3.org<mailto:public-tracking@w3.org>; Brooks.Dobbs@kbmg.com<mailto:Brooks.Dobbs@kbmg.com>
> Date: Tue, 2 Oct 2012 09:55:33 +0000
> Subject: Re: ACTION-255: Work on financial reporting text as alternative to legal requirements
> Rigo,
> Since you brought up paranoia earlier in the thread, I'd like to point out respectfully, that a few people who are "afraid" and yet can't point to the exact cause of their fears in this debate, nor real-world examples of harm done or intended, wreaks more of paranoia than substance. Is this a forum for conspiracy theorists? You insinuate that there is a fear amongst Internet users that will "kill the entire market", yet there is no evidence of widespread fear, nor of the market dying. On the contrary, the market is enjoying tremendous life and success at the direct result of the vast majority of people not being afraid at all, and partaking joyfully in the riches of this market driven economy.
> In making your case "that something is wrong and it must be fixed," industry representatives have time and again requested and have been patiently waiting for the privacy activists to deliver real evidence of harm or even the intent to do harm, and yet very little to nothing has been delivered that's more pointed than "well, it could happen." In creating this forum, you asked industry to listen to your concerns, and we are here now listening, so please, if you have some smoking gun that points to industry's actual abuse of privacy, let's concentrate on that. Let's not lose time debating theory of what "could happen" and "if" scenarios-- such debates are better left for academic institutions. Let's please try to solve REAL problems: deliver them to us in a tangible manner, with evidence of the real harm and scale of harm done, and you have a willing audience. I for one, joined this forum to solve real problems, if they existed. You have my attention...
> Regards,
> Chris Mejia, IAB & DAA
> On Oct 2, 2012, at 12:01 AM, "Rigo Wenning" <rigo@w3.org<mailto:rigo@w3.org>> wrote:
> > Alan,
> >
> > On Monday 01 October 2012 16:51:45 Alan Chapell wrote:
> >> I appreciate your taking the time - and the willingness to engage
> >> in dialog. However, you really did not directly answer my
> >> questions. You are providing high level examples of privacy
> >> issues - most of which will not be addressed by DNT unless we
> >> radically change our approach.
> >
> > If DNT would not address some of those issues, you wouldn't see me
> > engaged. :) But this IMHO. I also know that I can't provide the
> > smoking gun. I guess, Ninja and Rob could. W3C as a community is a
> > pretty good indication whether something is going on. People are
> > afraid. This can kill the entire market. That's why we are
> > discussing here.
> >
> > more inline
> >
> >> On 10/1/12 4:27 PM, "Rigo Wenning" <rigo@w3.org<mailto:rigo@w3.org>> wrote:
> >>> blocking tools. I can show you how easy it is. If this is still
> >>> an issue in 5 years, this may even be more damaging to the
> >>> industry than DNT ever could be.
> >>
> >> How is DNT going to stop this practice? If I'm buying my tickets
> >> via Delta.com<http://Delta.com/>, Delta is a 1st party and would not be subject to a
> >> DNT signal for these purposes.
> >
> > Oh, Airline XYZ can only do so because they have bought the profile
> > that tells them I can afford the higher price... - just as an
> > example - That we do not address first parties is irrelevant for the
> > EU and a sign of careful nudging of the US community.
> >>
> >>> 2/ Democratic values
> >>> In confirmation of Godwin's law let me tell you that I think that
> >>> totalitarianism doesn't need computers. But it makes life easier
> >>> for them. The concentration of high amounts of personal data in
> >>> few hands is a risk in the power balance.
> >>
> >> I agree - concentration of data in a small number of players is
> >> problematic. How do you see DNT addressing this issue? In fact, I
> >> think one can make a plausible argument that DNT will concentrate
> >> data in a smaller number of entities. I believe that's a horrible
> >> outcome that many in this group may be missing and/or choosing to
> >> ignore.
> >
> > You fail to give an argument for your assertion. While one can make
> > a plausible argument, you'll have to make that argument to
> > contradict me. Why should the number of players be smaller if I can
> > refuse collection? Note: a first party -by definition- can't collect
> > cross site. Leaves you the 2-3 big fish. Those have a different
> > incentive: They are targets.
> >>
> > [...]
> >> My point - There are going to be legitimate exceptions for the use
> >> of data. And each exception should be weighed on the merits -
> >> benefit to creating the exception vs risks of keeping the
> >> exception. My issue with your approach is that you aren't really
> >> explaining what you think the harm is to allowing my specific
> >> exception.
> >
> > Because there is a fundamental transatlantic divide. We have that
> > even internally. While the eastern part believes that the
> > availability of organized personal data is very prone to abuse, the
> > western part believes that it is all about use limitations. Give the
> > data to the junkie but say: "do not use!". Some believe, some don't.
> > Note that those legitimate exceptions are law in EU. Self regulation
> > has to re-invent those. For the unregulated, this is a test whether
> > we can find a reasonable compromise without the formal democratic
> > process.
> >>
> >>> It is therefore essential that somebody can just indicate to the
> >>> system not to be recorded. And that the system just does not
> >>> record, or at least throws away after a very short time. So DNT
> >>> is just a tiny tool, a little aspect in this overall picture.
> >>> But it could be a useful tool. Now you may understand that
> >>> recording the same information for accounting or PCMCP (a pure
> >>> use limitation that is) is not sufficient for most people.
> >>
> >> What are these people you cite? Are you representing the interests
> >> of consumers in the same way that Jeff and John are?
> >
> > People just meant my grandma. I neither represent consumers nor
> > industry nor W3C Team. Because the answer given here are not
> > coordinated with the W3C Team. I'm just talking to you from my ivory
> > tower of 15 years of privacy research. This is my second exercise
> > after P3P, XACML privacy extensions and the like... But I see the
> > polls that indicate that over 56% of Europeans erase _all_ their
> > cookies at least once a month. 25% weekly (from the top of my head,
> > search for eurobarometer).
> >
> > 2002, the industry thought: "danger banned, no privacy provisions in
> > the US, move on". And the browsers thought: "we manage cookies by
> > blocking tools". Ten years after, we are back to the core semantic
> > problem: "Can I trust your assertions?". What does that tell me?
> > Everybody has to optimize in some direction. That's what this effort
> > is all about. I have to optimize in the direction of excellence...
> > And putting in question the bases of the effort for financial
> > reporting is against my optimization target. And there, your wording
> > was much better (and stronger) than mine.
> >
> > Rigo
> >
Received on Tuesday, 2 October 2012 20:32:56 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:58 UTC