- From: Walter van Holst <walter.van.holst@xs4all.nl>
- Date: Fri, 26 Oct 2012 10:20:56 +0200
- To: <public-tracking@w3.org>
On 2012-10-26 00:58, Grimmelmann, James wrote: > On the basis of the available sources, it appears that the MRC is a > private body that promulgates voluntary standards and accredits > compliance with them. Some members of Congress indicated in the > 1960s > that they would prefer industry self-regulation to legal regulation. > The industries involved created the MRC, which regularly sends > information about its activities to Congress and the executive branch > (such as in the testimony quoted above). The MRC has no official > legal status; Congress has never passed legislation establishing it, > requiring its accreditation, or giving it any advisory capacity. Thank you very much for providing this insight in the formal status of the MRC as an industry body. > In the language of the proposed text, the MRC's accreditation rules > appear to be "relevant self-regulatory verification requirements." > Whether the DNT self-regulation effort or the MRC self-regulation > effort should give way where they might conflict is a policy choice > for the group to make. My position would be that if we are to treat the tracking status value as an indication of a self-regulatory restraint on the collection, use and sharing of personal data in jurisdictions which do not have a great deal of such restraints outside contract law, we cannot accept exceptions introduced through requirements from other forms of self-regulation. This is because doing otherwise would create a potential for different meanings of the tracking status value for different content providers. Also to come back to the earlier discussions about different legal perpectives. I think DNT can become a workable global standard provided that we are able to agree on the following basic principles: - on the UA side DNT:0 or DNT:1 may have different purposes for different jurisdictions: - DNT:0 means an informed, freely given, thus providing clarity and legal certainty for EU content providers - DNT:1 means an informed, freely given indication of a preference for having no personal (linkable) data collected about that user across different contexts (this group has chosen to use the 1st and 3rd party distinction as the main vehicle for determining context) - on the server side the tracking status value, the optional tracking status qualifiers and the tracking status resources must provide a globally unified indication of what a reasonable user may expect in terms of the restraints on data collection. Doing otherwise will result in a standard that is either as convoluted as p3p or one that is meaningless because it will result in unexpected surprises for users. To given an example: an Argentian user will not necessarily be aware of the exact legal requirements a US based advertisement broker has to operate under, but will not be suprised to find out there are requirements for data collection imposed by law. It does not take a great deal of domain expertise to be aware of this possibility and will generally be accepted, because there generally speaking is trust in the balances struck by democratically chosen lawmakers, especially in those of one of the oldest democracies in the world. So even though it may result in more collection of data than would be the case if the content provider was based in the EU, it is a difference that will not be unexpected by users. Regards, Walter
Received on Friday, 26 October 2012 08:21:28 UTC