Re: Proposed Text for Local Law and Public Purpose

Hi Rigo,

First, I do not disagree with taking EU concerns or needs into 
consideration. Though I do think we've been confused about the extent 
we're doing so, or what it means. Perhaps your Global Considerations 
effort will clarify things.

However, the way I read Walter's statements, and, frankly, some 
statements of others, is that he would use this W3C process to apply EU 
style privacy regulation across the Internet, including in the US. This 
is not the proper venue for that. In my view, there's little interest in 
the US to have EU-style regulation, but even if there is, it is not for 
this working group to provide it. As we're all aware, the U.S. has a 
different approach to privacy regulation, as well as a very mature and 
complementary self-regulatory program in the digital advertising 
industry. We could have an interesting conversation about whether the US 
approach or the EU approach is better, but we will never get an answer, 
and it's irrelevant. The reality is that approaches to privacy vary 
across jurisdictions, and we should honor that. We need a DNT policy 
that fits well within existing frameworks in the jurisdictions where it 
will be enforced.

-David

On 10/25/12 12:54 PM, Rigo Wenning wrote:
> David,
>
> I think Walter is an invited expert and offered his opinion on why
> he thinks we should also take the EU system into account. I think
> Walter gave a pretty accurate view on current EU feelings as I also
> saw them in the hearing of the EU parliament on the new regulation.
> There is much emphasis that privacy is a human right and that it
> should not under all circumstances be trumped by commercial
> considerations. I think you should read his statement like a report
> rather than an opinion.
>
> And his EU comments are important for me as I think that global
> considerations are important. I think we are much closer to
> usefulness of DNT in Europe than many believe. And this is a big
> thing if you consider the current UK solution that is not as nice.
> So killing the European solution for an alleged impossibility to
> comply with MRC raises heat that we should take out again.
>
> Note further that IMHO he is not threatening in any way. I was at
> the OECD this week and last week. There are discussions about
> transborder data flow and how to achieve that. Many OECD countries
> have appropriate protections in place and now urge to create a level
> playing field to avoid a race to the bottom. And there are serious
> voices questioning the transborder data flow to countries not having
> the right protection level. Again, this is rather a report. I do not
> have the intention to say: "see you should do this or that". And I
> see DNT as an opportunity. Because it can't be mandated by W3C
> anyway it can only be an opportunity and never a threat. The threat
> is elsewhere.
>
> Apart from that I concur to Kimon. Measures are done anonymously and
> this is part of the innovation challenge. Then outreach is out of
> the way. This is why I talked about "transition". In the sixties we
> had nice cars, but consumption was 7mpg. Now we still have nice cars
> and consumption is 60mpg and they are even faster. Better outreach
> measures with less personal data. We can talk about how far we get
> with Version 1 if there is a will to innovate. But just saying: "DNT
> will not change my business" would misunderstand the commitments and
> the unease in the market and between the regulators.
>
> Rigo
>
> On Wednesday 24 October 2012 18:14:22 David Wainberg wrote:
>> Rob, Rigo, Ninja, what are your thoughts?
>>
>> On 10/24/12 6:12 PM, David Wainberg wrote:
>>> Hi Kimon,
>>>
>>> I would not suggest that MRC is or should be relevant in Europe.
>>> My questions to other Europeans in the group is whether they
>>> share Walter's position, quoted below, regarding U.S. law and
>>> the goals for the DNT standard.
>>>
>>> -David
>>>
>>> On 10/24/12 11:32 AM, Kimon Zorbas wrote:
>>>> David,
>>>>
>>>> I am struggling to understand why MRC should be relevant in
>>>> Europe? (I am a bit lost in this debate – it seems to me that
>>>> MRC certifies products to conduct measurement - in the US). If
>>>> companies operate in Europe, they need to comply with our
>>>> strict laws.
>>>>
>>>> Audience measurement in Europe is to my knowledge conducted via
>>>> anonymous data. Safe Harbor wouldn't apply to such data. If
>>>> audience data is transferred to outside the EEA (and adequate
>>>> countries), then there is no issue (with anonymous data sets).
>>>> If personal data is collected, then you could benefit of the
>>>> Safe Harbor regime as a US based company. Not sure that has
>>>> anything to do with MRC (being only a certification body, if I
>>>> understand correctly).
>>>>
>>>> Kind regards,
>>>> Kimon
>>>>
>>>> From: David Wainberg <david@networkadvertising.org
>>>> <mailto:david@networkadvertising.org>>
>>>> Date: Wednesday 24 October 2012 17:15
>>>> To: Walter van Holst <walter.van.holst@xs4all.nl
>>>> <mailto:walter.van.holst@xs4all.nl>>, "public-tracking@w3.org
>>>> <mailto:public-tracking@w3.org>" <public-tracking@w3.org
>>>> <mailto:public-tracking@w3.org>>
>>>> Subject: Re: Proposed Text for Local Law and Public Purpose
>>>> Resent-From: <public-tracking@w3.org
>>>> <mailto:public-tracking@w3.org>> Resent-Date: Wednesday 24
>>>> October 2012 17:15
>>>>
>>>> Is this the view of other Europeans participating in this
>>>> working group?>>
>>>> On 10/24/12 10:39 AM, Walter van Holst wrote:
>>>>              Actually, from a EU perspective this standard as a
>>>>              whole
>>>>              is unnecessary
>>>>              because most business practices, at least the one
>>>>              that
>>>>              are publicly
>>>>              known, in this field are in violation of EU-law
>>>>              already.
>>>>          
>>>>          So why do we keep talking about it in terms of EU law?
>>>>          Why do we
>>>>          continue to have proposals aimed at suiting EU
>>>>          requirements?
>>>>      
>>>>      Well, I am going to be offensive again and maybe even
>>>>      patronising, but
>>>>      the US legal context for privacy discussions is not quite
>>>>      up to
>>>>      par with
>>>>      the rest of the industrialised world. For all its defects,
>>>>      the
>>>>      European
>>>>      legal framework embodies a coherent framework of concepts
>>>>      on this
>>>>      subject matter. Which sadly the USA does not have. So,
>>>>      apart from
>>>>      my own
>>>>      geographical bias by virtue of being Dutch, other than in
>>>>      terms of consent it is difficult to discuss this in
>>>>      outside the terms of EU law.
>>>>      Not to mention that similar frameworks have been adopted by
>>>>      Canada, Australia, South-Africa, Japan, Korea and Brazil
>>>>      as well as that India
>>>>      is in the process of moving in a similar direction.
>>>>      
>>>>         I will be
>>>>         
>>>>          happy if we can once and for all determine that this
>>>>          
>>>>              Having a
>>>>              mechanism for consent in the form of DNT is much
>>>>              more
>>>>              significant in the
>>>>              US context than in the EU context. The fact that
>>>>              various
>>>>              EU parties are
>>>>              sitting at the table in this process is in itself a
>>>>              sign
>>>>              that the lack
>>>>              of appetite by the US to import EU concepts (unlike
>>>>              most
>>>>              other
>>>>              democracies on the planet) has been noticed in the
>>>>              EU.
>>>>          
>>>>          Are you saying that EU participation in this forum is
>>>>          precisely for the
>>>>          purpose of trying to impose EU concepts on US
>>>>          companies?
>>>>      
>>>>      No, it is an acknowledgement that EU law is not applicable
>>>>      in the USA and that merely leaning back basking in an
>>>>      ill-conceived dream of EU-superiority in this regard is
>>>>      not going to be helpful at all if large
>>>>      parts of the relevant industries are (for now) out of scope
>>>>      of EU
>>>>      law.
>>>>      Therefore it is still useful to participate in a
>>>>      self-regulatory
>>>>      approach, despite it being unnecessary in the EU-context.
>>>>      
>>>>          But to my previous question, if the EU can impose these
>>>>          concepts
>>>>          extra-territorially through regulation then why try to
>>>>          do it
>>>>          through
>>>>          this DNT process?
>>>>      
>>>>      Well, why get to what you want by asking nicely if you can
>>>>      do it by holding a gun to someone's head? The former is
>>>>      rather more constructive,
>>>>      one would think.
>>>>      
>>>>      Regards,
>>>>      
>>>>         Walter

Received on Thursday, 25 October 2012 20:29:43 UTC