Re: Another agenda item for Boston

Mike,

European law is not about tracking, but as you elaborate further down about storing data on a device (so the E-Privacy Directive). I do not think W3C should be responding to legislation. However, if people want this (at least you support to agree on a DNT that implements the proposed EU data protection regulation), we should stall the process, until the law is adopted.
You seem to suggest drafts proposed are sure to be accepted. But no one knows what the legislator will finally adopt. Just legislative history from hundreds of years of legislating.

Also, see the example of NL, where a very tough opt-in was adopted to transpose the E-Privacy Directive and later the same politicians that went for this tough approach were asking to lighten its enforcement...

I think the TPWG should focus on what we agree to achieve: find consensus for a workable DNT.

Kind regards,
Kimon

----- Reply message -----
From: "Mike O&apos;Neill" <michael.oneill@baycloud.com>
To: "Shane Wiley (yahoo)" <wileys@yahoo-inc.com>, "&apos;Mike O&apos;Neill&apos;" <michael.oneill@btinternet.com>, "&apos;Peter Swire&apos;" <peter@peterswire.net>, "&apos;Matthias Schunter (Intel Corporation)&apos;" <mts-std@schunter.org>
Cc: "rob@blaeu.com" <rob@blaeu.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Subject: Another agenda item for Boston
Date: Wed, Feb 6, 2013 9:21 pm



Shane,

The requirement in Europe for consent for tracking is highly unlikely to change. It is primarily a continuation of the existing Data Protection and Data Privacy Directives which both require consent for processing. The latter also says that identifiers (e.g.  cookies) can be stored in browsers without informed consent only if they are required to solely fulfil a service explicitly requested by the user. The requirement for consent has overwhelming support across Parliament and  that is unlikely to be overturned by the Council even if there was a majority there, which there is not.

That is the reality whatever the lobbyists tell you.

It is very worthwhile for the group to discuss how both the DNT compliance and technical spec. will interact across jurisdictions. The web is now global and can only become more so.

Mike

From: Shane Wiley [mailto:wileys@yahoo-inc.com]
Sent: 06 February 2013 17:19
To: Mike O'Neill; Peter Swire; 'Matthias Schunter (Intel Corporation)'
Cc: rob@blaeu.com; public-tracking@w3.org
Subject: RE: Another agenda item for Boston

Mike,

While I agree that we should have some time to discuss the Global Considerations document and Rigo’s efforts in that area, I don’t believe it’s worthwhile for the group to review a suggestion to align with a draft regulation that is already undergoing significant change since your original proposal (trying to hit a moving target prematurely).  Let’s save that conversation for mailing list and/or a call to sort through the details (especially as we see the draft regulation slow its rate of material change).  Fair?

- Shane

From: Mike O'Neill [mailto:michael.oneill@btinternet.com]
Sent: Wednesday, February 06, 2013 10:13 AM
To: Peter Swire; 'Matthias Schunter (Intel Corporation)'
Cc: rob@blaeu.com<mailto:rob@blaeu.com>; public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: Another agenda item for Boston

Hi Peter, Matthias

Can we have an item on the agenda for Boston to discuss European compliance issues and the suggestions in the API I submitted on 29th (action-346 also attached to this).

I think this is very relevant to the compliance debate on de-identification in view of the requirement for an “automatic mechanism” for signalling consent for pseudonymous identifiers called for in the draft GDPR. It is also important to address issues arising from third-parties operating in different jurisdictions from the first-party data controller, which will occur often. This is especially important for us in Europe because the compliance spec. may have different descriptions of such things as permitted use and differentiate between first and third parties in a way incompatible with European data protection law.

Thanks


Mike