RE: June Draft Proposal: Unknowing Collection

Jonathan,

I believe language of this strength will drive no one to implement DNT due to the high burden if party unknown to them places their content in a context they did not expect.  If a party did not intend and did not itself make the error of tracking in the incorrect context, then they should not have an obligation for retrospective application of DNT.  I agree if they themselves made this error then they should have the obligation for repair retrospectively.

As I don’t see this arising to the level of a security breach, I don’t see the value in forcing public disclosure, as again, this will drive many to not want to implement DNT due to the high burdens it comes with outside the already high-cost of implementation.

- Shane

From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Wednesday, June 26, 2013 8:15 AM
To: public-tracking@w3.org Group WG
Subject: June Draft Proposal: Unknowing Collection

I would propose clarifying and increasing the rigor of this section.
A party MUST make reasonable efforts to understand its information practices.  If a party learns that it collects information in violation of this standard, it MUST end that collection at the earliest practical opportunity.  If a party learns that it retains information in violation of this standard, it MUST delete that information at the earliest practical opportunity.  If a party learns that it uses information in violation of this standard, it MUST end that use at the earliest practical opportunity.  If a party learns that it shares information in violation of this standard, it MUST end that sharing at the earliest practical opportunity.

I would also consider a reporting requirement.
If a party discovers it has been in violation of this standard, knowingly or unknowingly, it must make a public disclosure of the violation.  A disclosure may be made in any reasonable manner, such as a prominent notice on a party's main website.

Received on Wednesday, 26 June 2013 17:12:16 UTC