Re: Proposed Text for Local Law and Public Purpose

Lauren,

I think his has all been covered ad naseum, but for a quick recap:

  1.  We have (I think) established that having an MRC audit is not a legal requirement, and further that the MRC was not created officially as an act of Congress but did come into existence out of pressure from a Congressional hearing.
  2.   Though it is not a legal requirement it is, at least in some's opinion, an integral and essential piece of the ecosystem without which buyers and sellers could not confidently transact in ad sales.

Again, I return to my scale certification analogy.  If the seller of pork has to use the buyer's scale they want to make sure they have a common agreement on how the scale was certified.  This is doubly important online where you may not ever even see what you are buying.  To keep the analogy going, I may legally be allowed to buy and sell pork bellies using any scale, but in reality it is only both party's confidence in the scale's accuracy that keeps the market making certified scales a de facto requirement.  The importance here is protecting organizations (and the data they need) to ensure that continued confidence in the market.

-Brooks



--

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
brooks.dobbs@kbmg.com

[cid:105015AE-38B6-41DC-8D3F-047C3EB8C857]

This email – including attachments – may contain confidential information. If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message.

From: Lauren Gelman <gelman@blurryedge.com<mailto:gelman@blurryedge.com>>
Date: Friday, October 26, 2012 2:13 PM
To: Brooks Dobbs <brooks.dobbs@kbmg.com<mailto:brooks.dobbs@kbmg.com>>
Cc: Rigo Wenning <rigo@w3.org<mailto:rigo@w3.org>>, "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>>, Jeffrey Chester <jeff@democraticmedia.org<mailto:jeff@democraticmedia.org>>, Ed Felten <ed@felten.com<mailto:ed@felten.com>>
Subject: Re: Proposed Text for Local Law and Public Purpose


Can someone explain exactly why this matters?  Is it the "compliance with other rules" language?  If so I suggest we cut this section all together.  No company needs an exception in a voluntary standard to comply with local laws.  And let individual companies figure out how compliance with DNT affects any other obligations (current or future)-- which they are going to do based on business needs and risk no matter what is written here.

It seems this is a hot of hoopala, and a lot of hoops, over something that is going to have very little practical value.  If my client has a Congressionally mandated compliance requirement, legal requirement, receives a valid law enforcement request, etc. it's going to matter very little to me what DNT says about it.

Lauren Gelman
BlurryEdge Strategies
415-627-8512

On Oct 26, 2012, at 7:59 AM, Dobbs, Brooks wrote:

Rigo,

I appreciate you trying to find a solution here, but I am really the wrong
person to essentially be negotiating for what the MRC does or doesn't need
or how they can rejigger their systems.  Again I think I can guess pretty
accurately at what MRC or Company XYZ Anti-clickfraud squad might need,
but if you are asking specifics or how to change what they do - I'd go to
the horses mouth.  Does anyone object to bringing the MRC into the
process?

-Brooks

--

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com<http://kbmg.com>
brooks.dobbs@kbmg.com<mailto:brooks.dobbs@kbmg.com>



This email ­ including attachments ­ may contain confidential information.
If you are not the intended recipient,
do not copy, distribute or act on it. Instead, notify the sender
immediately and delete the message.



On 10/26/12 4:47 AM, "Rigo Wenning" <rigo@w3.org<mailto:rigo@w3.org>> wrote:

On Thursday 25 October 2012 15:40:10 Dobbs, Brooks wrote:
It may be that it is concluded that accrediting measurement is
incompatible with DNT, but I would suggest that this is an
outcome with exceedingly broad reaching consequences.

There is a big eco-system. But we can't just do nothing because a
change here would affect changes there. I would hope that we can do
DNT so that it is feasible with MRC. Ed has hinted that maybe MRC
can be implemented in a way that is more privacy friendly and thus
acceptable even under DNT:1. I hear Kimon saying that they have done
their homework already and measure without personal data. Maybe a
simple tweak will help. Can we compare IAB EU way to the others?

Nobody ever said that this endeavor will be simple. But again, if as
is fits, fine. If we need to tweak, we have to identify what. To
know, we need to know what personal identifiers they use. I hear
Brooks saying "IP" but there may be other identifiers. Nobody wants
to end measuring. But we have to resolve a conflict here between
measuring (and accuracy) against an expressed will of not being
followed and put into a dossier.

Brooks do you happen to know what MRC collects? Or is this too
sensitive for a public mailing-list?

Rigo

Received on Friday, 26 October 2012 18:43:14 UTC