Re: ACTION-390: alternative UA affordances for DNT choice

Thanks Rigo. I'm not sure this is simply a case of lawyerly myopia. More
below.


On 4/25/13 8:21 PM, "Rigo Wenning" <rigo@w3.org> wrote:

>Alan, 
>
>I was waiting for that question because it looks at the world with the
>eyes of a lawyer :)
>
>The text does not have to target the user agent. "User agent" is just
>something that can initiate an HTTP request. So "user agent" is nothing
>that can be liable.

I'm not looking to establish liability. Rather, I'm trying to establish
accountability. And in order to establish accountability, we need to
understand who are the entities that are turning DNT on. If the entities
that enact DNT are not able to ensure that the user has been notified of
DNT functionality, then I'd like to understand who IS responsible in your
view. 

The entity that enacts DNT MUST meet some bar of informed consent -- If we
don't have a requirement to that effect in this spec, we'll have lots of
DNT signals floating around with few users understanding what that means.

> 
>
>What you're looking for are statements of conformance.

No - I want to understand who is responsible for ensuring that DNT
functionality is clearly described in line with privacy by design
concepts. 

>My software is 
>conformant to the the Tracking Protection Standard. Now the implementer
>has to show that the user is informed before making a decision to be
>conformant, however this software informs the user (the MP3 player may
>read it out to you). The fact that a legal entity is making claims of
>conformance without informing the user is the connection you need for
>liability.

I'm sorry Rigo, but I'm just not understanding. Who here is the
implementer here?

> 
>
>So talking about the "user" instead of the "user agent" actually does
>the trick. So you need to find a wording that addresses the requirements
>from a user perspective. What do we need to provide -at least- to the
>user to be conformant. This somewhat satisfies Ed's use case and David's
>remarks.


I think we're in agreement re: the User must be informed. We can word the
requirement from the pov of the User if you'd like, but I don't think that
changes the fact that SOME 'thing' sends a DNT header. That thing may be a
browser or other User agent, a piece of software, a refrigerator, a
carrier pigeon, etcŠ The spec needs to have some requirement that those
things that turn on DNT have a responsibility to meet some baseline
standard of informed consent. Otherwise, we don't have a standard that is
meaningful for anyone.




> 
>
> --Rigo
>
>On Thursday 25 April 2013 14:14:12 Alan Chapell wrote:
>> Thanks Rigo. 
>> 
>> Let me ask what may appear to be a dumb question. In your view, who is
>> responsible for ensuring informed consent - if not the User Agent?
>
>

Received on Friday, 26 April 2013 16:40:24 UTC