Re: ISSUE-45 ACTION-246: draft proposal regarding making a public compliance commitment

On 9/5/12 6:13 PM, Jonathan Mayer wrote:
> I think this thread is quickly headed offtrack.  Let's pop the stack.
> ISSUE-45 is about:
> 1) whether a compliant website must make a public representation about 
> its compliance status, and
> 2) if so, what form that representation must take.
And this proposal addresses both of those points.
> We have two different proposals:
> 1) a compliant website MUST make a representation about its compliance 
> status (at minimum using the means specified in the TPE document), and
> 2) silence (i.e. a compliant website MAY make a representation about 
> its compliance status, presumably stripping out the TPE compliance 
> status semantic).
Three proposals. 1) was preexsting. 2) was proposed on the call two 
weeks ago. 3) was generated in response to an action item assigned to me 
on that call to address problems with 1).
> ISSUE-45 is *not* about:
> 1) allowing a website to both be in compliance with Do Not Track and 
> pick and choose parts of the Compliance standard, nor
> 2) providing a mechanism in the TPE specification for signaling 
> selective adherence to the Compliance standard or adoption of entirely 
> different policies.
No one said it was.
> If advertising industry participants really want to press their luck 
> with these topics, newly announced over a year into our efforts, the 
> working group can decide whether to accept them as raised ISSUEs.  I 
> concur with the assessments others have offered: these suggestions 
> trend towards reneging on a central premise of Do Not Track 
> negotiations, and a splintered Do Not Track standard is a terrible 
> outcome for all stakeholders.  I'm certain everyone in the group now 
> has adequate experience to recognize that a protracted discussion 
> would be time-consuming and unproductive.
A few points on this. First, please explain what you mean by 
participants pressing their luck? The implication is that participants 
from the advertising industry should feel lucky to get whatever 
concessions you choose to dole out. I'm offended by this. We're here 
with you as equal participants trying to hammer out a standard that is 
viable and useful.

Moreover, there is no single industry that you're negotiating with. 
There is an enormous diversity of businesses and other organizations 
that are supported to some extent by advertising. Many/most of them have 
been unrepresented in this process: e.g. small publishers, or 
advertisers of any size. And many/most of those could be severely 
impacted by DNT. We are trying to work together to come up with 
something that everyone will be willing and able to live with. But don't 
think that because you've hashed this out with 6 or 10 people who work 
in the industry, you're getting buy-in from the whole world. When this 
is done, we'll all need to sell this outside this working group.

More important, it's unfortunate that you see this as a negotiation, 
where you're wheeling and dealing to win as much as you can. There's a 
whole world of people out there whose livelihoods are at stake, and who 
will have to buy into this. If we want this to be a success, it has to 
be reasonable for them to implement. In the end, I'll have to go to 
companies and make a case for why this is the standard I helped develop 
and why they should implement it. It won't be enough to say, "well this 
is what I agreed with Jon Mayer that you'd do, so you're stuck with it." 
I would hope that you'd be sensitive to that, and that you'd have the 
patience to take the time to get it right.

> On Thursday, September 6, 2012 at 12:02 AM, Rob van Eijk wrote:
>> Hi Shane,
>> Tnx, CC is on the list now.
>> Creating a hook to DNT responses for EU users is a path worth
>> exploring. But if it is enough to be off the hook remains to be seen.
>> On top of voluntary compliance spec more substance is needed to make a
>> voluntary framework legally compliant in the EU. As you know there are
>> big obstacles that devide our positions, such as and not limited to: Do
>> not Collect versus Do not target, the issue of the initial setting and
>> the prevention of dataflows with high entropie identifiers when it comes
>> to ever growing list of permitted uses.
>> mvg::Rob
>> Shane Wiley schreef op 2012-09-05 23:27:
>>> Rob,
>>> Several dimensions here:
>>> 1. You had shared (and we had agreed) that the current C&S document
>>> does NOT address EU compliance issues (in Seattle)
>>> 2. You have publically conveyed key elements of the TPE that can be
>>> reused in the context of EU compliance (basically, ensuring we have
>>> all of the appropriate ingredients but we may follow a different
>>> recipe in the EU)
>> (...)
>>> - Shane
>>> -----Original Message-----
>>> From: Rob van Eijk []
>>> Sent: Wednesday, September 05, 2012 2:18 PM
>>> To: <>
>>> Subject: RE: ISSUE-45 ACTION-246: draft proposal regarding making a
>>> public compliance commitment
>>> Hi Shane,
>>> If you mean the one on how to make the operational uses work in terms
>>> of proportinality/subsidiarity, that has been posted already.
>>> In case you mean another conversation, please remind me offlist
>>> first.
>>> Rob
>>> Shane Wiley schreef op 2012-09-05 23:01:
>>>> Rigo - Agreed there is need for more discussion of EU compliance
>>>> with
>>>> respect to DNT. Yahoo! received one of the highest P3P compliance
>>>> scores in some research that Lorrie Cranor's team executed a few
>>>> years
>>>> ago. Despite that review, we believe that standard to be horribly
>>>> broken and in need of significant repair (or simply put out to
>>>> pasture).
>>>> Rob - I've had separate conversations with you on this topic. Would
>>>> you be willing to share your point of view here?
>>>> Thank you,
>>>> Shane
>>>> -----Original Message-----
>>>> From: Rigo Wenning []
>>>> Sent: Wednesday, September 05, 2012 1:51 PM
>>>> To: <>
>>>> Cc: Shane Wiley; John Simpson; Justin Brookman
>>>> Subject: Re: ISSUE-45 ACTION-246: draft proposal regarding making a
>>>> public compliance commitment
>>>> On Wednesday 05 September 2012 13:01:47 Shane Wiley wrote:
>>>>> there are already significant issues developing and the C&S
>>>>> document
>>>>> isn't addressing EU concerns directly.
>>>> Shane, if you want to convey compliance to EU regulations, P3P is a
>>>> better option (it has explicit semantics about that). I think that
>>>> DNT
>>>> is an ack of a user preference that is well defined. This user
>>>> preference may also get some traction in the EU market (hopefully)
>>>> and
>>>> serves a certain purpose there (usable consent mechanism). But I
>>>> don't
>>>> think it should convey EU data protection regulation compliance. I
>>>> think the latter would be a good topic for the DNT-NG Workshop.
>>>> Rigo

Received on Thursday, 6 September 2012 13:31:02 UTC