Re: Proposed Text for Local Law and Public Purpose


To the extent you're saying we need to step back out of the trees for a 
minute and look at the forest, I agree. We've gotten bogged down 
debating the specifics of MRC. The larger issue is the need to retain 
data for verifying that ads were served in compliance with contractual 
terms. While there seems to be consensus at a high level that this is a 
legitimate purpose, there is debate about the scope, and there is 
concern about creating a big loophole via which companies could contract 
their way out of DNT. On the latter, industry participants agree in 
spirit, as long as we accommodate the appropriate scope, but we can't 
seem to come to agreement on the language.

On the problem of scope, I'm not sure how much of the problem is a 
philosophical divide and how much is a misunderstanding. The issue boils 
down to the value of the advertising. The ability to measure and verify 
online advertising is a huge component of its value. We tend to focus on 
the value of targeting the ads in the first place. But, regardless of 
how or whether the ad was targeted, take away the measurement after the 
fact and you've decimated the value. Regardless of the MRC, or any other 
group that establishes /minimum/ standards for measurement, what we're 
saying is that as you degrade the ability to measure, you degrade the 
value of the ads.

Some will bristle at this because they see it as asking to trade privacy 
for dollars, but we've not had the conversation about the intended, or 
unintended, consequences of DNT. When we do, we can explore what are the 
benefits and trade-offs we want.


On 10/26/12 2:13 PM, Lauren Gelman wrote:
> Can someone explain exactly why this matters?  Is it the "compliance 
> with other rules" language?  If so I suggest we cut this section all 
> together.  No company needs an exception in a voluntary standard to 
> comply with local laws.  And let individual companies figure out how 
> compliance with DNT affects any other obligations (current or 
> future)-- which they are going to do based on business needs and risk 
> no matter what is written here.
> It seems this is a hot of hoopala, and a lot of hoops, over something 
> that is going to have very little practical value.  If my client has a 
> Congressionally mandated compliance requirement, legal requirement, 
> receives a valid law enforcement request, etc. it's going to matter 
> very little to me what DNT says about it.
> Lauren Gelman
> BlurryEdge Strategies
> 415-627-8512
> On Oct 26, 2012, at 7:59 AM, Dobbs, Brooks wrote:
>> Rigo,
>> I appreciate you trying to find a solution here, but I am really the 
>> wrong
>> person to essentially be negotiating for what the MRC does or doesn't 
>> need
>> or how they can rejigger their systems.  Again I think I can guess pretty
>> accurately at what MRC or Company XYZ Anti-clickfraud squad might need,
>> but if you are asking specifics or how to change what they do - I'd go to
>> the horses mouth.  Does anyone object to bringing the MRC into the
>> process?
>> -Brooks
>> -- 
>> Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
>> Wunderman Network
>> (Tel) 678 580 2683 | (Mob) 678 492 1662 | <>
>> <>
>> This email  including attachments  may contain confidential 
>> information.
>> If you are not the intended recipient,
>> do not copy, distribute or act on it. Instead, notify the sender
>> immediately and delete the message.
>> On 10/26/12 4:47 AM, "Rigo Wenning" <> wrote:
>>> On Thursday 25 October 2012 15:40:10 Dobbs, Brooks wrote:
>>>> It may be that it is concluded that accrediting measurement is
>>>> incompatible with DNT, but I would suggest that this is an
>>>> outcome with exceedingly broad reaching consequences.
>>> There is a big eco-system. But we can't just do nothing because a
>>> change here would affect changes there. I would hope that we can do
>>> DNT so that it is feasible with MRC. Ed has hinted that maybe MRC
>>> can be implemented in a way that is more privacy friendly and thus
>>> acceptable even under DNT:1. I hear Kimon saying that they have done
>>> their homework already and measure without personal data. Maybe a
>>> simple tweak will help. Can we compare IAB EU way to the others?
>>> Nobody ever said that this endeavor will be simple. But again, if as
>>> is fits, fine. If we need to tweak, we have to identify what. To
>>> know, we need to know what personal identifiers they use. I hear
>>> Brooks saying "IP" but there may be other identifiers. Nobody wants
>>> to end measuring. But we have to resolve a conflict here between
>>> measuring (and accuracy) against an expressed will of not being
>>> followed and put into a dossier.
>>> Brooks do you happen to know what MRC collects? Or is this too
>>> sensitive for a public mailing-list?
>>> Rigo

Received on Friday, 26 October 2012 19:06:00 UTC