ACTION-262 Re: Proposed Text for Local Law and Public Purpose


I think the hole is created by trying to make a transition into a 
general rule. If you need to track and you're not a first party, you 
either need to action the API and get consent or you need a 
permitted use. If you have neither, you can't deliver the service or 
you can't implement DNT. Having a general opening for agreements is 
just displacing the consensus from this group into any arbitrary 
contract negotiation between two businesses that will then determine 
what DNT means to the user. But the users in our case assume that it 
means what is written in the compliance specification without the 
opening. This will lead to huge surprises IMHO. 

So we should add some transition on the one hand into an annex of 
the compliance document. I think nobody ever disputed:

1/ that law trumps DNT

2/ that data collection necessary for the service delivery can occur

Point 2/ is even written down in the ePrivacy Directive. And we 
shouldn't be stricter. But your statement goes beyond. 

So my suggestion would be to change the specification text to: 

Where data collection is required by law directly and not via 
contractual obligations, this law will prevail over the rules of 
this specification. 

We could write explanatory prose on how to handle cases. 


On Wednesday 24 October 2012 16:23:40 Amy Colando wrote:
> Hi Rigo and Rob, the intent behind this language is certainly not
> to override DNT in a very broad way.  We tried to address the
> concern regarding contracts in the non-normative text by
> differentiating between existing and new contractual obligations,
> which is a concept we have discussed in a few face-to-face
> meetings.  Alternative text submissions or modifications would be
> helpful to move forward.

Received on Wednesday, 24 October 2012 16:55:26 UTC