Re: update: action-324, public compliance texts (issue-45)

I think Tom and I may be able to combine our proposals. We'll sync.


On Wednesday, October 31, 2012, Aleecia M. McDonald wrote:

> From the call today:
> - there is active discussion but it is not clear that it will change any
> of the options below
> - Rigo has concerns at the regulatory level, but that seems more like
> objections to some proposals, rather than anything that changes the
> particular framework of the discussion
> - adding a 4th option of silence
> - holding off one week since NY and some of DC is without power
> Next up:
> - barring surprises we will enter a formal review period for these four
> options, starting a week from today, ending two days later
> - given how much advance notice everyone has, we should not need a lengthy
> time to write up objections.
> Thanks,
> Aleecia
> Four current options:
> (0) Silence
> (1) which is revised action-246 from David Wainberg
> TPE: Add a required "compliance" field to the tracking status resource
> in the TPE, where the value indicates the compliance regime under which
> the server is honoring the DNT signal. In 5.5.3 of the TPE:
> /    A status-object MUST have a member named /_/compliance/_/that
> contains a single compliance mode token//./
> TCS:
> /Compliance mode tokens //must be associated with a legislative or
> regulatory regime in a relevant jurisdiction, or with a relevant and
> established self-regulatory regime./
> (2) which is action-61 from Tom Lowenthal
> The response header is a clear commitment, which comes with all the
> associated regulatory consequences. When an organization sends the
> response header, they are making a specifically articulated promise
> about their conduct in response to this request from this user.
> With a required response header, nothing else is required to satisfy
> this issue.
> (3) which is action-62 from Jonathan Mayer (and possibly Shane)
> Operative text:
> A party MUST make a public commitment that it complies with this standard.
> Non-normative discussion:
> A "public commitment" may consist of a statement in a privacy policy, a response header, or any other reasonable means.  This standard does not require a specific form of "public commitment."
>  Aleecia

Received on Wednesday, 31 October 2012 18:05:37 UTC