W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

RE: Proposed California Law affecting DNT

From: Craig Spiezle <craigs@otalliance.org>
Date: Thu, 28 Mar 2013 22:30:42 -0700
To: <public-tracking@w3.org>
Cc: <ifette@google.com>, "'John M. Simpson'" <john@consumerwatchdog.org>
Message-ID: <06c801ce2c3e$8ef3f430$acdbdc90$@otalliance.org>
Once there agreement of what DNT means, I would like to understand any issues (pro or con) on a privacy policy making the assertion of them honoring DNT or asserting they do not.  In either case I tend to think it is good to have disclosure and transparency.  Comments?  








From: John M. Simpson [mailto:john@consumerwatchdog.org] 
Sent: Thursday, March 28, 2013 10:23 PM
To: ifette@google.com
Cc: public-tracking@w3.org Group WG
Subject: Re: Proposed California Law affecting DNT


I am just reporting what I have been told.


John M. Simpson

Consumer Advocate

Consumer Watchdog

Tel: 310-392-7041


On Mar 28, 2013, at 7:47 PM, Ian Fette (イアンフェッティ) <ifette@google.com> wrote:

And how does one contact an actual user given an ip? That ip could be a nat with 50 computers behind it, or 5000. And its not like you can just call up an ip and say "please tell the user I have a great offer for them..." so I'm really not sure in what context this is used to contact a user, unlike an email address or phone number...

On Mar 28, 2013 7:10 PM, "John Simpson" <john@consumerwatchdog.org> wrote:

AG's folks tell me their interpretation is broader than traditional PII. Item 6 is:

"(6) Any other identifier that permits the physical or online contacting of a specific individual."

They say they they understand that provision to include an IP address and a device ID.



On Mar 28, 2013, at 5:02 PM, Ian Fette (イアンフェッティ) <ifette@google.com> wrote:

Two thoughts,


1, it seems the language of the bill is a bit confused around who is doing what, specifically it talks about the first party honoring the request to not "track", with an added obligation to explicitly call out the special circumstance where the website somehow enforces restrictions on third parties (by technical or contractual means?!)


2, hey, it defines tracking! And the tracking seems to be defined as the collection of PII such as name, email, or social security number (specifically defined on page 3 line 19 forward).


On Thu, Mar 28, 2013 at 4:53 PM, John Simpson <john@consumerwatchdog.org> wrote:



The California Attorney General is sponsoring a bill that could be of interest to our working group. It is AB 370 introduced by Assemblyman Al Muratsuchi.  I've attached it as a PDF file.  I'm not sure that the current language exactly accomplishes what the AG's office tells me is their intent, but here is what I was told they want to do:


The bill would amend existing California law requiring privacy policies to require that a commercial website would have to include in its privacy policy whether or not it honors a Do-Not-Track message.  The intent, I was told, is to increase transparency and shift some of the responsibility for Do Not Track on to consumer-facing 1st party sites.


The idea is that a 1st party website could not claim it honored Do Not Track if it allowed or knew it had 3rd parties on its site that engaged in tracking.


The bill offers this definition of tracking:


"The term "online tracking" means the practice of collecting personally identifiable information about and individual consumer's online activities over time and across different Web sites and online services."


I thought you would be interested.


Best regards,





John M. Simpson

Privacy Project Director

Consumer Watchdog

2701 Ocean Park Blvd., Suite 112

Santa Monica, CA, 90405

Tel: 310-392-7041

Cell: 310-292-1902

www.ConsumerWatchdog.org <http://www.consumerwatchdog.org/> 









Received on Friday, 29 March 2013 05:31:15 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC