Re: ISSUE-45 ACTION-246 Clarified proposal on compliance statements from David Wainberg on 2012-10-29 (public-tracking@w3.org from October 2012)

From: David Wainberg <david@networkadvertising.org>
Date: Mon, 29 Oct 2012 14:18:48 -0400
To: Shane Wiley <wileys@yahoo-inc.com>
CC: John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <508EC888.8060803@networkadvertising.org>
Hi John,

I'll echo Shane's points, but add that like other undecided issues in 
the standard, this an option that's on the table, has a fair amount of 
support, and will continue to be discussed, so should be represented in 
the current drafts.

-David

On 10/29/12 2:13 PM, Shane Wiley wrote:
>
> John,
>
> This is still a single specification but provides for regional 
> variance in communicating the user which policy their DNT will be 
> honored under.  W3C is still a valid response but this would allow 
> E/DAA to be a valid response as well.
>
> - Shane
>
> *From:*John Simpson [mailto:john@consumerwatchdog.org]
> *Sent:* Monday, October 29, 2012 2:05 PM
> *To:* David Wainberg
> *Cc:* public-tracking@w3.org
> *Subject:* Re: ISSUE-45 ACTION-246 Clarified proposal on compliance 
> statements
>
> David,
>
> I'm puzzled here.  I don't think the WG is anywhere near consensus on 
> the concept that the spec should provide servers with an opportunity 
> to select what DNT regime they are following.  My impression is that 
> we are working to develop a single specification. This suggestion 
> seems to undercut that concept.
>
> Best regards,
>
> John
>
> ----------
>
> John M. Simpson
>
> Consumer Advocate
>
> Consumer Watchdog
>
> 2701 Ocean Park Blvd., Suite 112
>
> Santa Monica, CA,90405
>
> Tel: 310-392-7041
>
> Cell: 310-292-1902
>
> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
>
> john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>
> On Oct 29, 2012, at 9:57 AM, David Wainberg wrote:
>
>
>
> Editors -- can we please add these options to the two docs?
>
> TPE: Add a required "compliance" field to the tracking status resource 
> in the TPE, where the value indicates the compliance regime under 
> which the server is honoring the DNT signal. In 5.5.3 of the TPE:
>
> /    A status-object MUST have a member named _compliance_ that 
> contains a single compliance mode token./
>
>
> TCS:
>
> /Compliance mode tokens must be associated with a legislative or 
> regulatory regime in a relevant jurisdiction, or with a relevant and 
> established self-regulatory regime./
>
> On 10/9/12 9:22 AM, David Wainberg wrote:
>
>     ACTION-246
>     (http://www.w3.org/2011/tracking-protection/track/actions/246),
>     which relates to ISSUE-45
>     (http://www.w3.org/2011/tracking-protection/track/issues/45).
>
>     Hello all,
>
>     This is a clarification of my previous proposal
>     (http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0012.html).
>     I'm launching it on a fresh thread, because the previous one got a
>     bit wild and off-topic.
>
>     Recall that this arose out of the problem of how or where parties
>     may or must make statements regarding their DNT compliance. One
>     proposal, which many of us strongly objected to, was to make
>     provision of the tracking status resource in and of itself an
>     assertion of compliance with the DNT spec. That proposal was a
>     replacement for an initial proposal to require a public statement
>     of compliance, but without specifying where or how that statement
>     must be made.
>
>     The problems with these proposals are that the one is overly
>     strict, does not provide any flexibility, and sets up a legal
>     landmine that companies will avoid by not providing the WKL, and
>     the other is too loose; it allows for potentially unlimited
>     variation in how companies honor DNT and where and how they make
>     their commitments to do so.
>
>     This proposal solves these problems by requiring a statement in
>     the status resource regarding compliance with /one of a limited
>     set of DNT variations/. Although I understand the desire for and
>     attractiveness of a single universal specification for DNT
>     compliance, the reality is that we will have to accommodate some
>     variation based on, e.g., business model, geography, etc. Examples
>     of this problem arose during the Amsterdam meeting. If we want to
>     ensure wide adoption and enforceability of DNT, this is the way to
>     do it.
>
>     The proposal is the following:
>
>     Add a required "compliance" field to the tracking status resource
>     in the TPE, where the value indicates the compliance regime under
>     which the server is honoring the DNT signal. In 5.5.3 of the TPE:
>
>     /    A status-object MUST have a member named _compliance_ that
>     contains a single compliance mode token./
>
>     From here, I look to the group for discussion regarding how and
>     where to define compliance mode tokens. My initial version of this
>     proposal suggested looking to IANA to manage a limited set of
>     tokens to prevent collisions. I think there was some
>     misunderstanding and concern about how this would work. No --
>     companies should not just create their own arbitrary values. My
>     view is that each token must have a well-defined and
>     widely-accepted meaning. How's this:
>
>     /Compliance mode tokens must be associated with a legislative or
>     regulatory regime in a relevant jurisdiction, or with a relevant
>     and established self-regulatory regime./
>
>     I'm open to other ideas for this.
>
>     Cheers,
>
>     David
>
Received on Monday, 29 October 2012 18:19:16 UTC