Re: ISSUE-45 ACTION-246 Clarified proposal on compliance statements from David Wainberg on 2012-10-31 (public-tracking@w3.org from October 2012)

From: David Wainberg <david@networkadvertising.org>
Date: Wed, 31 Oct 2012 13:54:28 -0400
To: Joseph Lorenzo Hall <joe@cdt.org>
CC: Lauren Gelman <gelman@blurryedge.com>, Shane Wiley <wileys@yahoo-inc.com>, John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <509165D4.8000500@networkadvertising.org>
Let's move this discussion to the other thread: "ISSUE-45 managing 
compliance mode tokens"

On 10/30/12 10:46 AM, Joseph Lorenzo Hall wrote:
> Is there a way to have as little variation as possible? I've only seen 
> the EU/US discussion as a *necessary* variation, but I can imagine 
> people have ideas for others.
>
> And would each token be completely specified in the compliance spec? 
> (so that users would be able to know what a "US/DAA" response means in 
> terms of commitments made by the party serving that response?)
>
> best, Joe
>
> On Oct 29, 2012, at 15:13, David Wainberg 
> <david@networkadvertising.org <mailto:david@networkadvertising.org>> 
> wrote:
>
>> Lauren, that is a possible token. As explained in the top post on 
>> this thread 
>> (http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0154.html) 
>> this will, in a fully transparent way, accommodate the variation we 
>> will necessarily see in the way companies are able to honor DNT.
>>
>> On 10/29/12 2:55 PM, Lauren Gelman wrote:
>>>
>>> Does that mean a US/DAA "token" is permitted under the language?
>>>
>>> Lauren Gelman
>>> BlurryEdge Strategies
>>> 415-627-8512
>>>
>>> On Oct 29, 2012, at 11:46 AM, David Wainberg wrote:
>>>
>>>> Hi Lauren,
>>>>
>>>> I think in general I think it will be hard for companies to 
>>>> speculate whether or how they'll honor DNT before the specs are 
>>>> done. Once there are defined standards, then companies will be able 
>>>> to determine what is applicable for their business.
>>>>
>>>> -David
>>>>
>>>> On 10/29/12 2:30 PM, Lauren Gelman wrote:
>>>>> Shane.  Does this permit a US/DAA "token" and would Yahoo use that 
>>>>> one or the W3C one this group is developing?
>>>>>
>>>>> Lauren Gelman
>>>>> BlurryEdge Strategies
>>>>> 415-627-8512
>>>>>
>>>>> On Oct 29, 2012, at 11:13 AM, Shane Wiley wrote:
>>>>>
>>>>>> John,
>>>>>>  This is still a single specification but provides for regional 
>>>>>> variance in communicating the user which policy their DNT will be 
>>>>>> honored under.  W3C is still a valid response but this would 
>>>>>> allow E/DAA to be a valid response as well.
>>>>>>  - Shane
>>>>>>  From: John Simpson [mailto:john@consumerwatchdog.org]
>>>>>> Sent: Monday, October 29, 2012 2:05 PM
>>>>>> To: David Wainberg
>>>>>> Cc: public-tracking@w3.org <mailto:public-tracking@w3.org>
>>>>>> Subject: Re: ISSUE-45 ACTION-246 Clarified proposal on compliance 
>>>>>> statements
>>>>>>  David,
>>>>>>  I'm puzzled here.  I don't think the WG is anywhere near 
>>>>>> consensus on the concept that the spec should provide servers 
>>>>>> with an opportunity to select what DNT regime they are following. 
>>>>>>  My impression is that we are working to develop a single 
>>>>>> specification. This suggestion seems to undercut that concept.
>>>>>>  Best regards,
>>>>>> John
>>>>>>  ----------
>>>>>> John M. Simpson
>>>>>> Consumer Advocate
>>>>>> Consumer Watchdog
>>>>>> 2701 Ocean Park Blvd., Suite 112
>>>>>> Santa Monica, CA,90405
>>>>>> Tel: 310-392-7041
>>>>>> Cell: 310-292-1902
>>>>>> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
>>>>>> john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>>>>>>  On Oct 29, 2012, at 9:57 AM, David Wainberg wrote:
>>>>>>
>>>>>>
>>>>>> Editors -- can we please add these options to the two docs?
>>>>>>
>>>>>> TPE: Add a required "compliance" field to the tracking status 
>>>>>> resource in the TPE, where the value indicates the compliance 
>>>>>> regime under which the server is honoring the DNT signal. In 
>>>>>> 5.5.3 of the TPE:
>>>>>>
>>>>>>     A status-object MUST have a member named compliance that 
>>>>>> contains a single compliance mode token.
>>>>>>
>>>>>>
>>>>>> TCS:
>>>>>>
>>>>>>     Compliance mode tokens must be associated with a legislative 
>>>>>> or regulatory regime in a relevant jurisdiction, or with a 
>>>>>> relevant and established self-regulatory regime.
>>>>>>
>>>>>>
>>>>>> On 10/9/12 9:22 AM, David Wainberg wrote:
>>>>>> ACTION-246 
>>>>>> (http://www.w3.org/2011/tracking-protection/track/actions/246), 
>>>>>> which relates to ISSUE-45 
>>>>>> (http://www.w3.org/2011/tracking-protection/track/issues/45).
>>>>>>
>>>>>> Hello all,
>>>>>>
>>>>>> This is a clarification of my previous proposal 
>>>>>> (http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0012.html). 
>>>>>> I'm launching it on a fresh thread, because the previous one got 
>>>>>> a bit wild and off-topic.
>>>>>>
>>>>>> Recall that this arose out of the problem of how or where parties 
>>>>>> may or must make statements regarding their DNT compliance. One 
>>>>>> proposal, which many of us strongly objected to, was to make 
>>>>>> provision of the tracking status resource in and of itself an 
>>>>>> assertion of compliance with the DNT spec. That proposal was a 
>>>>>> replacement for an initial proposal to require a public statement 
>>>>>> of compliance, but without specifying where or how that statement 
>>>>>> must be made.
>>>>>>
>>>>>> The problems with these proposals are that the one is overly 
>>>>>> strict, does not provide any flexibility, and sets up a legal 
>>>>>> landmine that companies will avoid by not providing the WKL, and 
>>>>>> the other is too loose; it allows for potentially unlimited 
>>>>>> variation in how companies honor DNT and where and how they make 
>>>>>> their commitments to do so.
>>>>>>
>>>>>> This proposal solves these problems by requiring a statement in 
>>>>>> the status resource regarding compliance with one of a limited 
>>>>>> set of DNT variations. Although I understand the desire for and 
>>>>>> attractiveness of a single universal specification for DNT 
>>>>>> compliance, the reality is that we will have to accommodate some 
>>>>>> variation based on, e.g., business model, geography, etc. 
>>>>>> Examples of this problem arose during the Amsterdam meeting. If 
>>>>>> we want to ensure wide adoption and enforceability of DNT, this 
>>>>>> is the way to do it.
>>>>>>
>>>>>> The proposal is the following:
>>>>>>
>>>>>> Add a required "compliance" field to the tracking status resource 
>>>>>> in the TPE, where the value indicates the compliance regime under 
>>>>>> which the server is honoring the DNT signal. In 5.5.3 of the TPE:
>>>>>>
>>>>>>     A status-object MUST have a member named compliance that 
>>>>>> contains a single compliance mode token.
>>>>>>
>>>>>> From here, I look to the group for discussion regarding how and 
>>>>>> where to define compliance mode tokens. My initial version of 
>>>>>> this proposal suggested looking to IANA to manage a limited set 
>>>>>> of tokens to prevent collisions. I think there was some 
>>>>>> misunderstanding and concern about how this would work. No -- 
>>>>>> companies should not just create their own arbitrary values. My 
>>>>>> view is that each token must have a well-defined and 
>>>>>> widely-accepted meaning. How's this:
>>>>>>
>>>>>>     Compliance mode tokens must be associated with a legislative 
>>>>>> or regulatory regime in a relevant jurisdiction, or with a 
>>>>>> relevant and established self-regulatory regime.
>>>>>>
>>>>>> I'm open to other ideas for this.
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> David
>>>>>>
>>>>>>
>>>>
>>>>
>>>
>>
Received on Wednesday, 31 October 2012 17:55:00 UTC