- From: Rigo Wenning <rigo@w3.org>
- Date: Thu, 27 Sep 2012 10:29:42 +0200
- To: Nicholas Doty <npdoty@w3.org>
- Cc: Alan Chapell <achapell@chapellassociates.com>, public-tracking@w3.org, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
Nick, On Wednesday 26 September 2012 15:49:14 Nicholas Doty wrote: > I think what Alan is getting at is that there may be some data > retention not required by financial reporting laws that we would > consider consistent with an expressed DNT preference. For > example, retaining the IP address of users who see an ad would be > done in order to prove to a third-party auditing/trade > organization that ads of a certain type are not shown to users in > a particular country. In some countries, IP addresses are considered personal data. And the music industry's success in the pursuit of file sharing youngsters via recording of IP addresses rather proofs them right. Collecting personal data under DNT:1 for long term storage, tracking and positive/negative discrimination is against all goals this effort started with. A permitted use would go directly against the overall stated goals. This will be hard to explain to the outside world. Now if some country has a law requiring long time storage of IP addresses for targeting and filtering of communications, this is covered by our provision "law prevails" and does not need a permitted use. If it is a contractual obligation, this obligation can't be fulfilled in the DNT:1 mode. A provision should be added to that contract. Or an exception should be triggered. But I don't see any reason for a permitted use here. I also have some slight doubts whether the requirements of PCMCP are in line with EU data protection rules, but I haven't looked deeply into their rules either. Rigo
Received on Thursday, 27 September 2012 08:30:09 UTC