- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 19 Nov 2014 09:45:45 -0800
- To: Walter van Holst <walter.van.holst@xs4all.nl>
- Cc: public-tracking@w3.org
On Nov 19, 2014, at 7:06 AM, Walter van Holst wrote: > For the purpose of the conversation on the necessity of all this, I'd like to point at this document: http://www.iab.net/media/file/Global_meas_guidelines.pdf > > For audience measurement purposes industry groups are perfectly happy with process audit requirements (see paragraph 4, sub 2) for ad measurement, which reads as: Yes, because ad measurement is a financial records process and is audited as such by financial auditors with a hundred years or so legacy on what needs to be recorded and how the processes are reviewed. Even with that in mind, what it actually says is ... > 4. Auditing Guidelines > General > – > Third-party independent auditing is encouraged for all ad-serving applications used in the buying and selling process. *encouraged* is not a requirement. > Strangely enough, in this group all of a sudden none appears to understand the meaning of auditable in the context of DNT:1 data retained for purposes exempted under this standard? What I am asking for is not substantially different and definitely not more burdensome then what IAB suggests for ad measurement. We're simply talking about an analog to the process/controls audits mentioned above. The objection is simple enough: I have no idea what you are talking about and don't know anyone with experience who can tell me what it means, and thus I cannot agree to it being a requirement right now. I see no need to require something that is essentially for the business's own benefit, assuming someone does come along with a standard method of auditing procedures for handling data marked as DNT:1. This does not mean the business is less responsible for adhering to its own statements about DNT. What I expect is that some party who claims to adhere to DNT will eventually be inspected by regulators and found wanting, and at that time the regulator will post a list of deficiencies that can be used by auditing companies as the basis for coming up with expected guidelines and procedures specific to DNT. Then, companies will be pressed by their own lawyers to make their processes auditable along the same lines. This will iterate and repeat over many years as regulators and businesses figure out the right balance between auditability and responsible data destruction (for privacy). ....Roy
Received on Wednesday, 19 November 2014 17:46:09 UTC