- From: David Wainberg <david@networkadvertising.org>
- Date: Wed, 31 Oct 2012 13:54:28 -0400
- To: Joseph Lorenzo Hall <joe@cdt.org>
- CC: Lauren Gelman <gelman@blurryedge.com>, Shane Wiley <wileys@yahoo-inc.com>, John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <509165D4.8000500@networkadvertising.org>
Let's move this discussion to the other thread: "ISSUE-45 managing compliance mode tokens" On 10/30/12 10:46 AM, Joseph Lorenzo Hall wrote: > Is there a way to have as little variation as possible? I've only seen > the EU/US discussion as a *necessary* variation, but I can imagine > people have ideas for others. > > And would each token be completely specified in the compliance spec? > (so that users would be able to know what a "US/DAA" response means in > terms of commitments made by the party serving that response?) > > best, Joe > > On Oct 29, 2012, at 15:13, David Wainberg > <david@networkadvertising.org <mailto:david@networkadvertising.org>> > wrote: > >> Lauren, that is a possible token. As explained in the top post on >> this thread >> (http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0154.html) >> this will, in a fully transparent way, accommodate the variation we >> will necessarily see in the way companies are able to honor DNT. >> >> On 10/29/12 2:55 PM, Lauren Gelman wrote: >>> >>> Does that mean a US/DAA "token" is permitted under the language? >>> >>> Lauren Gelman >>> BlurryEdge Strategies >>> 415-627-8512 >>> >>> On Oct 29, 2012, at 11:46 AM, David Wainberg wrote: >>> >>>> Hi Lauren, >>>> >>>> I think in general I think it will be hard for companies to >>>> speculate whether or how they'll honor DNT before the specs are >>>> done. Once there are defined standards, then companies will be able >>>> to determine what is applicable for their business. >>>> >>>> -David >>>> >>>> On 10/29/12 2:30 PM, Lauren Gelman wrote: >>>>> Shane. Does this permit a US/DAA "token" and would Yahoo use that >>>>> one or the W3C one this group is developing? >>>>> >>>>> Lauren Gelman >>>>> BlurryEdge Strategies >>>>> 415-627-8512 >>>>> >>>>> On Oct 29, 2012, at 11:13 AM, Shane Wiley wrote: >>>>> >>>>>> John, >>>>>> This is still a single specification but provides for regional >>>>>> variance in communicating the user which policy their DNT will be >>>>>> honored under. W3C is still a valid response but this would >>>>>> allow E/DAA to be a valid response as well. >>>>>> - Shane >>>>>> From: John Simpson [mailto:john@consumerwatchdog.org] >>>>>> Sent: Monday, October 29, 2012 2:05 PM >>>>>> To: David Wainberg >>>>>> Cc: public-tracking@w3.org <mailto:public-tracking@w3.org> >>>>>> Subject: Re: ISSUE-45 ACTION-246 Clarified proposal on compliance >>>>>> statements >>>>>> David, >>>>>> I'm puzzled here. I don't think the WG is anywhere near >>>>>> consensus on the concept that the spec should provide servers >>>>>> with an opportunity to select what DNT regime they are following. >>>>>> My impression is that we are working to develop a single >>>>>> specification. This suggestion seems to undercut that concept. >>>>>> Best regards, >>>>>> John >>>>>> ---------- >>>>>> John M. Simpson >>>>>> Consumer Advocate >>>>>> Consumer Watchdog >>>>>> 2701 Ocean Park Blvd., Suite 112 >>>>>> Santa Monica, CA,90405 >>>>>> Tel: 310-392-7041 >>>>>> Cell: 310-292-1902 >>>>>> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org> >>>>>> john@consumerwatchdog.org <mailto:john@consumerwatchdog.org> >>>>>> On Oct 29, 2012, at 9:57 AM, David Wainberg wrote: >>>>>> >>>>>> >>>>>> Editors -- can we please add these options to the two docs? >>>>>> >>>>>> TPE: Add a required "compliance" field to the tracking status >>>>>> resource in the TPE, where the value indicates the compliance >>>>>> regime under which the server is honoring the DNT signal. In >>>>>> 5.5.3 of the TPE: >>>>>> >>>>>> A status-object MUST have a member named compliance that >>>>>> contains a single compliance mode token. >>>>>> >>>>>> >>>>>> TCS: >>>>>> >>>>>> Compliance mode tokens must be associated with a legislative >>>>>> or regulatory regime in a relevant jurisdiction, or with a >>>>>> relevant and established self-regulatory regime. >>>>>> >>>>>> >>>>>> On 10/9/12 9:22 AM, David Wainberg wrote: >>>>>> ACTION-246 >>>>>> (http://www.w3.org/2011/tracking-protection/track/actions/246), >>>>>> which relates to ISSUE-45 >>>>>> (http://www.w3.org/2011/tracking-protection/track/issues/45). >>>>>> >>>>>> Hello all, >>>>>> >>>>>> This is a clarification of my previous proposal >>>>>> (http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0012.html). >>>>>> I'm launching it on a fresh thread, because the previous one got >>>>>> a bit wild and off-topic. >>>>>> >>>>>> Recall that this arose out of the problem of how or where parties >>>>>> may or must make statements regarding their DNT compliance. One >>>>>> proposal, which many of us strongly objected to, was to make >>>>>> provision of the tracking status resource in and of itself an >>>>>> assertion of compliance with the DNT spec. That proposal was a >>>>>> replacement for an initial proposal to require a public statement >>>>>> of compliance, but without specifying where or how that statement >>>>>> must be made. >>>>>> >>>>>> The problems with these proposals are that the one is overly >>>>>> strict, does not provide any flexibility, and sets up a legal >>>>>> landmine that companies will avoid by not providing the WKL, and >>>>>> the other is too loose; it allows for potentially unlimited >>>>>> variation in how companies honor DNT and where and how they make >>>>>> their commitments to do so. >>>>>> >>>>>> This proposal solves these problems by requiring a statement in >>>>>> the status resource regarding compliance with one of a limited >>>>>> set of DNT variations. Although I understand the desire for and >>>>>> attractiveness of a single universal specification for DNT >>>>>> compliance, the reality is that we will have to accommodate some >>>>>> variation based on, e.g., business model, geography, etc. >>>>>> Examples of this problem arose during the Amsterdam meeting. If >>>>>> we want to ensure wide adoption and enforceability of DNT, this >>>>>> is the way to do it. >>>>>> >>>>>> The proposal is the following: >>>>>> >>>>>> Add a required "compliance" field to the tracking status resource >>>>>> in the TPE, where the value indicates the compliance regime under >>>>>> which the server is honoring the DNT signal. In 5.5.3 of the TPE: >>>>>> >>>>>> A status-object MUST have a member named compliance that >>>>>> contains a single compliance mode token. >>>>>> >>>>>> From here, I look to the group for discussion regarding how and >>>>>> where to define compliance mode tokens. My initial version of >>>>>> this proposal suggested looking to IANA to manage a limited set >>>>>> of tokens to prevent collisions. I think there was some >>>>>> misunderstanding and concern about how this would work. No -- >>>>>> companies should not just create their own arbitrary values. My >>>>>> view is that each token must have a well-defined and >>>>>> widely-accepted meaning. How's this: >>>>>> >>>>>> Compliance mode tokens must be associated with a legislative >>>>>> or regulatory regime in a relevant jurisdiction, or with a >>>>>> relevant and established self-regulatory regime. >>>>>> >>>>>> I'm open to other ideas for this. >>>>>> >>>>>> Cheers, >>>>>> >>>>>> David >>>>>> >>>>>> >>>> >>>> >>> >>
Received on Wednesday, 31 October 2012 17:55:00 UTC