Re: June Draft of the DNT compliance spec

Hi Peter and staff,

Thanks for all of the time/effort you guys have put into this.  Quick question on the definition of Service Provider.  What is your/the group's opinion on deleting the word only in (1) below?  My concern over the word only is that the service provider acts on behalf of many clients, not just one.  And, the service provider may in fact be a data controller (collecting/using data for its own purposes) on its own sites for its own marketing programs.  I know I'm being picky here, but to me, the word 'only' suggests that the service provider can act on behalf of one company only.  As a suggested change, would you/the group be okay with '(1) is acting as a data processor on behalf of the client;'?  I'm open to other suggested changes as well that makes it clear that a service provider may have other operations (and yes, I realize that when the company is not operating as a data processor on behalf of the client, then it takes on its own set of rules and cannot rely on the rules placed upon the client).


Copied definition:

"An outsourced service provider is considered to be the same party as its client if the

service provider:

1. acts only as a data processor on behalf of the client;

2. ensures that the data can only be accessed and used as directed by that client;

3. has no independent right to use or share the data except as necessary to ensure

the integrity, security, and correct operation of the service being provided; and

4. has a contract in place that outlines and mandates these requirements."

-Vinay

From: Peter Swire <peter@peterswire.net<mailto:peter@peterswire.net>>
Date: Monday, June 10, 2013 7:47 AM
To: "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: June Draft of the DNT compliance spec
Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Monday, June 10, 2013 7:47 AM

To the Working Group:

            Attached please find a June Draft of the compliance spec.  The spec is also available at:

http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.html

This draft builds directly on the Consensus Action Summary from the Sunnyvale F2F.  Working closely with W3C staff, and based on numerous discussions with members of the WG, this June Draft is my best current estimate of a document that can be the basis for a consensus document in time for Last Call.

            The June Draft includes a number of grammatical and stylistic edits to various provisions of the previous working drafts.  These sorts of edits were done in hopes of adding clarity and good writing to the provisions.  In the spirit of humility, W3C staff and I recognize that members of the WG may spot substantive objections to these stylistic edits – let us work within a constructive spirit of the working group process to examine and, where appropriate, make changes to these edits.

            The Draft also addresses the four task areas included in the Consensus Action Summary.  In proposing language in the June Draft, my intent and belief was to make good substantive judgments about an overall package that may achieve consensus, as well as item-by-item judgments about what is substantively most defensible within the context of the WG.  Clearly, the group will need to work through each piece of the text, members can suggest alternatives, and we will need to determine where and whether consensus exists.

            The June Draft contains normative text but not non-normative text.  In part, this reflects my view that we have the best chance to work constructively on a relatively short amount of normative text.  Proposed non-normative text can be proposed for provisions in time for Last Call.  As a potentially useful alternative, W3C has various mechanisms for publishing notes or other documents that illuminate a standard.  The best time for detailed discussion of most non-normative text quite possibly will be after Last Call.

            The June Draft discusses only items that the W3C WG can address.  Clearly, the actions of others on these issues may be relevant to the overall outcome.  For instance, the DAA has discussed changes to its code, including on its market research and product development exceptions.   There has been discussion of a potentially useful limit on any blocking of 3d party cookies for sites that comply withDNT.  There may also be new and useful technical measures that would be important to the future of advertising in a privacy-protective manner.  The text here, as indicated, addresses what would be within the compliance spec itself.

            W3C staff and I are working on further explanatory materials that will seek to clarify the changes here, and link the June Draft to the issues on the WG site.

            The regular call this Wednesday will be an opportunity for the Group to have an initialdiscussion of the June Draft.  To give everyone a chance to review this material, we will not be seeking to close compliance issues during this Wednesday’s calls.

            Thank you,

            Peter



Prof. Peter P. Swire
C. William O'Neill Professor of Law
Ohio State University
240.994.4142
www.peterswire.net

Beginning August 2013:
Nancy J. and Lawrence P. Huang Professor
Law and Ethics Program
Scheller College of Business
Georgia Institute of Technology

Received on Monday, 10 June 2013 16:04:03 UTC