Re: Another agenda item for Boston

>> I think the TPWG should focus on what we agree to achieve: find 
>> consensus for a workable DNT.

Since the proposal for the API is a technical discussion, I do not see 
why we could not at least make some time for it on the F2F agenda and 
have Mike walk us through the principles and characteristics of his 


Kimon Zorbas schreef op 2013-02-06 23:01:
> Mike,
>  European law is not about tracking, but as you elaborate further
> down about storing data on a device (so the E-Privacy Directive). I do
> not think W3C should be responding to legislation. However, if people
> want this (at least you support to agree on a DNT that implements the
> proposed EU data protection regulation), we should stall the process,
> until the law is adopted.
>  You seem to suggest drafts proposed are sure to be accepted. But no
> one knows what the legislator will finally adopt. Just legislative
> history from hundreds of years of legislating.
>  Also, see the example of NL, where a very tough opt-in was adopted
> to transpose the E-Privacy Directive and later the same politicians
> that went for this tough approach were asking to lighten its
> enforcement...
>  I think the TPWG should focus on what we agree to achieve: find
> consensus for a workable DNT.
>  Kind regards,
>  Kimon
> ----- Reply message -----
>  From: "Mike O&apos;Neill" <>
>  To: "Shane Wiley (yahoo)" <>, "&apos;Mike
> O&apos;Neill&apos;" <>, "&apos;Peter
> Swire&apos;" <>, "&apos;Matthias Schunter (Intel
> Corporation)&apos;" <>
>  Cc: "" <>, ""
> <>
>  Subject: Another agenda item for Boston
>  Date: Wed, Feb 6, 2013 9:21 pm
> Shane,
> The requirement in Europe for consent for tracking is highly unlikely
> to change. It is primarily a continuation of the existing Data
> Protection and Data Privacy Directives which both require consent for
> processing. The latter also says that identifiers (e.g. cookies) can
> be stored in browsers without informed consent only if they are
> required to solely fulfil a service explicitly requested by the user.
> The requirement for consent has overwhelming support across Parliament
> and that is unlikely to be overturned by the Council even if there was
> a majority there, which there is not.
> That is the reality whatever the lobbyists tell you.
> It is very worthwhile for the group to discuss how both the DNT
> compliance and technical spec. will interact across jurisdictions. The
> web is now global and can only become more so.
> Mike
> FROM: Shane Wiley []
>  SENT: 06 February 2013 17:19
>  TO: Mike O'Neill; Peter Swire; 'Matthias Schunter (Intel 
> Corporation)'
>  CC:;
>  SUBJECT: RE: Another agenda item for Boston
> Mike,
> While I agree that we should have some time to discuss the Global
> Considerations document and Rigo’s efforts in that area, I don’t
> believe it’s worthwhile for the group to review a suggestion to align
> with a draft regulation that is already undergoing significant change
> since your original proposal (trying to hit a moving target
> prematurely). Let’s save that conversation for mailing list and/or a
> call to sort through the details (especially as we see the draft
> regulation slow its rate of material change). Fair?
> - Shane
> FROM: Mike O'Neill []
>  SENT: Wednesday, February 06, 2013 10:13 AM
>  TO: Peter Swire; 'Matthias Schunter (Intel Corporation)'
>  CC:;
>  SUBJECT: Another agenda item for Boston
> Hi Peter, Matthias
> Can we have an item on the agenda for Boston to discuss European
> compliance issues and the suggestions in the API I submitted on 29th
> (action-346 also attached to this).
> I think this is very relevant to the compliance debate on
> de-identification in view of the requirement for an “automatic
> mechanism” for signalling consent for pseudonymous identifiers called
> for in the draft GDPR. It is also important to address issues arising
> from third-parties operating in different jurisdictions from the
> first-party data controller, which will occur often. This is
> especially important for us in Europe because the compliance spec. may
> have different descriptions of such things as permitted use and
> differentiate between first and third parties in a way incompatible
> with European data protection law.
> Thanks
> Mike

Received on Thursday, 7 February 2013 10:39:30 UTC