- From: David Wainberg <david@networkadvertising.org>
- Date: Thu, 06 Sep 2012 16:08:09 -0400
- To: Rigo Wenning <rigo@w3.org>
- CC: Shane Wiley <wileys@yahoo-inc.com>, "public-tracking@w3.org" <public-tracking@w3.org>, "Grimmelmann, James" <James.Grimmelmann@nyls.edu>
Rigo, I always appreciate your thoughtful analyses. However, this analysis assumes DNT is a mechanism for negotiating consent. I do not see it that way. It is, rather, a mechanism for communicating a user's preference. DNT:1 is a user's preference, not an offer in a contract negotiation. The communication back regarding how the server honors that preference (or doesn't) provides transparency, and, as raised in ISSUE-45, a "regulatory hook." -David On 9/6/12 3:50 PM, Rigo Wenning wrote: > Shane, > > I'm reluctant to explain, because people feel like I sound like a > broken record before the understanding comes. I had that experience > in the past research projects. Keep that in mind. I doubt, we should > phone. > > On Thursday 06 September 2012 11:13:16 Shane Wiley wrote: >> Could you explain why a Server couldn't respond to a DNT:1 signal >> with the compliance regime they are upholding in the context of >> honoring that user's DNT:1 signal? > You get the answer by translating the signals exchanged back into a > human readable context. The DNT protocol starts with a user > preference expression. The compliance document fills the content of > that preference expression. "DNT:1" as a string is rather > meaningless without the assumption that it expresses the user's > expectation that a service complies with the things given in the > compliance Specification. The Service can only respond ack or nack > to that. Every other response is actually a new offer for a > different agreement. In other words, you enter into a new > negotiation. Now the Service has not accepted the terms offered by > the User and offers new terms (DNT:1 OBA). In this case, the user > would respond that his preference is DNT:1 GER. This will give you > so many semantic mismatches that it will end in a meaningless > exchange of messages. The french call it dialog of the deaf. >> If a user in the UK sends a DNT:1 signal to a Server in Ireland, >> couldn't the Server reply to the DNT:1 that it is both honoring >> the DNT:1 signal and following the EDAA code of conduct to do so? >> How does this break EU law? > What we do here is very independent of EU Law. We take EU Law into > account to provide a useful tool that EU Law can take up to > accomplish things in certain areas (consent expression). But DNT > itself is not a means to express compliance to EU Law. Because it > starts with the user preference. And because EU data protection law > is too complex to express compliance in a simple tools like DNT. And > because the user preference is the center of all our considerations. > > If compliance and followed practice is in the center of our > attention, we would start the protocol by having the service stating > their followed practices to the user. That's P3P. The fundamental > difference is the starting point. In DNT, the service has a choice > whether or not to continue the interaction under the user's > preference. In a compliance regime (we follow OBA) the user has to > get information to be able to chose whether to continue or not. The > latter is the third step in DNT we call exception mechanism. > > So if you want to express compliance other than "I honor the user's > well defined preference", we have to change the protocol to have the > service start the exchange. We may marry both in the future. We have > done P3P 10 years ago (and times have changed). Now lets do DNT and > only then marry the two. David's attempt to marry them now is > technologically unwise and complexes a situation that is already so > complex that often even experts have trouble to fully understand > what this is all about. So one thing at a time please... > > Rigo >
Received on Thursday, 6 September 2012 20:08:38 UTC