Re: Proposed Text for Local Law and Public Purpose

Hi Ed,

The MRC requirements are relevant in that they are /one/ example of the 
need to retain records to verify ad serving events. Chris and Brooks -- 
who have as much expertise in this area as anyone -- have both explained 
this need. //I don't see how any more discussion of it is relevant. I do 
not see how it is relevant to have this group dissect and debate the MRC 
requirements. Are we going to do a comprehensive survey of all 
applicable data retention requirements globally, dissect them, judge 
their reasonableness, and then allow them or not under the standard? And 
what happens when those requirements change? Will the relevant 
regulatory or self-regulatory bodies have to bring those changes to this 
working group for approval? The only reasonable thing /we/ can do is to 
make a high level requirement along the lines of "as long as is 
reasonably necessary," and then let local jurisdictions who will be 
enforcing compliance make their own judgments.


On 10/24/12 10:13 AM, Ed Felten wrote:
> I can't speak for John, but I asked my question of Chris because I was 
> under the impression that Chris (and possibly others) believe that the 
> MRC documents are relevant to this group's discussion.   If that is 
> not the case, and there is general agreement that the MRC documents 
> are not relevant to this group's work, I would be only too happy to 
> see this thread end.
> On Wed, Oct 24, 2012 at 9:33 AM, David Wainberg 
> < <>> 
> wrote:
>     Hi John,
>     On 10/23/12 8:06 PM, John Simpson wrote:
>>     It seems extremely relevant to this Working Group to understand
>>     the answers to the clarifying questions that Ed and I have
>>     raised.  I don't see why a call is necessary for that.
>     I disagree that this is a relevant conversation. It is not for
>     this group to deeply examine, interpret, and pass judgment on the
>     requirements of another organization. As this group has decided to
>     take the approach of permitted uses, then measurement and auditing
>     are permitted uses or not. Attempts to now be highly prescriptive
>     about the nature of those uses are unproductive. Likewise,
>     attempts to anticipate every possible sneaky way a bad actor might
>     try to circumvent this voluntary standard are also unproductive.
>     On the other hand, if we could start with a list of specific types
>     of data and specific risks associated with that data, and then
>     target our solutions to those risks, that would be, in my view, a
>     more effective way forward. (Or, perhaps, we could work from a
>     definition of tracking.) To get started, here's a list of data
>     elements typically available to a third party ad network. I'm sure
>     others on the list can add to it.
>     cookie ID
>     IP address
>     user agent
>     date and time
>     referrer URL
>     Regards,
>     David
>>     I ask you again to please answer them.
>>     ----------
>>     John M. Simpson
>>     Consumer Advocate
>>     Consumer Watchdog
>>     2701 Ocean Park Blvd., Suite 112
>>     Santa Monica, CA,90405
>>     Tel: 310-392-7041 <tel:310-392-7041>
>>     Cell: 310-292-1902 <tel:310-292-1902>
>> <>
>> <>

Received on Wednesday, 24 October 2012 14:56:14 UTC