Re: Proposed Text for Local Law and Public Purpose

On 10/24/12 1:56 PM, David Wainberg wrote:

>>>> the onus is on me to explain privacy risks through examples
>>> Please do. There continues to be reluctance to specify the exact risks
>>> we're trying to address with this standard. It would be extremely useful
>>> for us to finally enumerate the problems we're trying to solve so that
>>> we can zero in on the appropriate solutions. Thanks!
>> I am sorry David, but we're dealing here with fundamental human rights.
>> To take a horrible historical analogy: there was much resistance against
>> abolition of slavery in the Southern US states for economic reasons.
> You're comparing online advertising to the enslavement and brutal abuse
> of a race of people? With respect, I think hyperbole overshadows your
> point, and some may even find it offensive. Perhaps you can think of a
> more apt analogy.

The core point stands: mere economic interest does not trump fundamental
rights. And a society in which every thing you do, read and watch is
monitored and registered, be it by private or government entities, is as
close to a perfect prison as you can get. And I am not comparing online
advertisement with enslavement, I am comparing the collection of every
little piece of behaviour one can exhibit on in the online context for
any purpose, be it advertising or something else, to enslavement. Online
advertising was flourishing before behavioural advertising came along.

> Aside from whether this point is hyperbole as well, it is irrelevant.
> DNT as conceived by this working group will have little to no impact on
> any Orwellian data collection. First parties online, all sorts of
> parties offline, and more importantly, governments everywhere will
> continue to have the ability to collect large amounts of data about all
> of our behavior online and off. If that's the problem we're trying to
> solve, we're way off base. Constraining the uses that 3rd parties are
> allowed to make of data collected online will give no net benefit to
> users in this regard.

So you're stating that the whole DNT saga is without merit? If the point
is not to allow users to restrict data collection, then what is it?

> those, that might be a good route. For example, if access to data and
> misuse of it by governments is a particular issue, let's explore that.
> It's been mentioned regularly, but has never been approached as a
> discrete concern we are trying to address.

Governments will (and can in most jurisdictions) access all data
gathered. Which in itself is justification for having as little data
around as possible. If anything, may I recommend to have a chat with the
European telco operators who have been forced to spend vast amounts of
money on data retention schemes to satisfy the data hunger of
governments? Without any tangible benefit for society whatsoever and all
because some of them where keeping that data around anyway for potential
marketing reasons.

>> Do not forget that a lack of privacy also erodes freedom of expression
>> by putting barriers to access information.
> I'm not entirely sure I understand this point, but I think I see it
> completely opposite. Third party online advertising services make
> possible a much wider range of content and services than users would
> have access to otherwise.

Again, you are assuming that I am ranting against any form of third
party online advertisement. I am fully aware that advertisement based
business models have greatly contributed to the availability of content.
What I am opposed to is the correlation of user behaviour over different
contexts because it results in a collapse of social context.

> This is not how it is in the US. Our law and our culture around these
> issues are different. Although we have had many conversations in this
> group about how we can try to craft DNT to suit needs in the EU, I'm not
> sure there's an appetite here to import European law to the US via this
> standard. This is the justification for my compliance token proposal:
> there are significant differences we may not be able to accommodate in a
> monolithic standard.

Actually, from a EU perspective this standard as a whole is unnecessary
because most business practices, at least the one that are publicly
known, in this field are in violation of EU-law already. Having a
mechanism for consent in the form of DNT is much more significant in the
US context than in the EU context. The fact that various EU parties are
sitting at the table in this process is in itself a sign that the lack
of appetite by the US to import EU concepts (unlike most other
democracies on the planet) has been noticed in the EU.

Moreover, please be aware that the successor to the Data Protection
Directive, the Data Protection Regulation is quite likely to have an
extraterritorial scope, the unprecedented lobbying efforts by the US
Department of Commerce notwithstanding.



Received on Wednesday, 24 October 2012 12:21:00 UTC