RE: ISSUE-45 ACTION-246: draft proposal regarding making a public compliance commitment from Shane Wiley on 2012-09-05 (public-tracking@w3.org from September 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 5 Sep 2012 15:50:55 -0700
To: Jonathan Mayer <jmayer@stanford.edu>
CC: "rob@blaeu.com" <rob@blaeu.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C80262071796C8@SP2-EX07VS02.ds.corp.yahoo.com>

Jonathan,

There are 4 business practices listed – you can count them anyway you like.  The real issue here is the necessary, minimal business operations to keep the Internet running.

- Shane

From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Wednesday, September 05, 2012 3:45 PM
To: Shane Wiley
Cc: rob@blaeu.com; public-tracking@w3.org
Subject: Re: ISSUE-45 ACTION-246: draft proposal regarding making a public compliance commitment

Shane,

You don't get credit for rearranging headings. As Justin put it in Bellevue, "Combining multiple permitted uses into a newly named permitted use is not a reduction in permitted uses."

Cheers,
Jonathan

On Thursday, September 6, 2012 at 12:09 AM, Shane Wiley wrote:
Rob,

Just as a point of clarity, the list of Permitted Uses was reduced to 4 in the last proposal. :-)

Security/Fraud, Finance/Audit, Frequency Capping, Debugging

('Aggregate Reporting' is out of scope but requires retention to meet the outcome so that angle was addressed in the proposal)

- Shane

-----Original Message-----
From: Rob van Eijk [mailto:rob@blaeu.com]
Sent: Wednesday, September 05, 2012 3:03 PM
To: Shane Wiley
Cc: public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: RE: ISSUE-45 ACTION-246: draft proposal regarding making a public compliance commitment

Hi Shane,

Tnx, CC is on the list now.

Creating a hook to DNT responses for EU users is a path worth exploring. But if it is enough to be off the hook remains to be seen.

On top of voluntary compliance spec more substance is needed to make a voluntary framework legally compliant in the EU. As you know there are big obstacles that devide our positions, such as and not limited to: Do not Collect versus Do not target, the issue of the initial setting and the prevention of dataflows with high entropie identifiers when it comes to ever growing list of permitted uses.

mvg::Rob

Shane Wiley schreef op 2012-09-05 23:27:
Rob,

Several dimensions here:

1. You had shared (and we had agreed) that the current C&S document
does NOT address EU compliance issues (in Seattle) 2. You have
publically conveyed key elements of the TPE that can be reused in the
context of EU compliance (basically, ensuring we have all of the
appropriate ingredients but we may follow a different recipe in the
EU)
(...)

- Shane

-----Original Message-----
From: Rob van Eijk [mailto:rob@blaeu.com]
Sent: Wednesday, September 05, 2012 2:18 PM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: RE: ISSUE-45 ACTION-246: draft proposal regarding making a
public compliance commitment

Hi Shane,

If you mean the one on how to make the operational uses work in terms
of proportinality/subsidiarity, that has been posted already.

In case you mean another conversation, please remind me offlist first.

Rob

Shane Wiley schreef op 2012-09-05 23:01:
Rigo - Agreed there is need for more discussion of EU compliance with
respect to DNT. Yahoo! received one of the highest P3P compliance
scores in some research that Lorrie Cranor's team executed a few
years ago. Despite that review, we believe that standard to be
horribly broken and in need of significant repair (or simply put out
to pasture).

Rob - I've had separate conversations with you on this topic. Would
you be willing to share your point of view here?

Thank you,
Shane

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org]
Sent: Wednesday, September 05, 2012 1:51 PM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Cc: Shane Wiley; John Simpson; Justin Brookman
Subject: Re: ISSUE-45 ACTION-246: draft proposal regarding making a
public compliance commitment

On Wednesday 05 September 2012 13:01:47 Shane Wiley wrote:
there are already significant issues developing and the C&S document
isn't addressing EU concerns directly.

Shane, if you want to convey compliance to EU regulations, P3P is a
better option (it has explicit semantics about that). I think that
DNT is an ack of a user preference that is well defined. This user
preference may also get some traction in the EU market (hopefully)
and serves a certain purpose there (usable consent mechanism). But I
don't think it should convey EU data protection regulation
compliance. I think the latter would be a good topic for the DNT-NG
Workshop.

Rigo

Received on Wednesday, 5 September 2012 22:51:33 UTC