- From: Nick Doty <npdoty@w3.org>
- Date: Tue, 17 Mar 2015 18:23:54 -0700
- To: David Singer <singer@apple.com>
- Cc: "fielding@gbiv.com" <fielding@gbiv.com>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-Id: <B16C13E0-B0E4-419D-9E79-FB39C500346C@w3.org>
On Mar 16, 2015, at 3:36 PM, David Singer <singer@apple.com> wrote: > >> On Mar 16, 2015, at 15:08 , Nick Doty <npdoty@w3.org> wrote: >> >>>> 7. Legal Compliance >>>> >>>> Notwithstanding anything in this recommendation, a party MAY collect, use, >>>> and share data required to comply with applicable laws, regulations, and >>>> judicial processes. >>> >>> I still think this section is silly, but *shrug* ... Normally, I would >>> expect such a party to be non-compliant due to powers that be, rather >>> than compliant by escape clause. >> >> I believe I am also in the *shrug* category on this particular point, but I believe we settled on this language because some people in the Working Group found it important and some people in the Working Group didn't care. > > As I said before, I think we’re confusing two things here. > > a) If laws, regulations or a judicial process force me to do something other than this compliance spec., should I do them? > That’s the silly question: of course. > > b) Having done what they require, can I still claim compliance with the specification? > That’s what this paragraph seems to allow (‘MAY’). I think we should say nothing, or even have a track status for ‘he MADE me do it’. However, as we know, you can be forced to do something and also forced not to admit you are doing it. > > I therefore tend to think that that ‘MAY’ above should be changed; ‘laws, regulations and judicial processes take precedence over this specification’ (you don’t say!) I think the expressed problem with that is that it meant that if an organization were occasionally compelled by legal process to share information that the organization would generally be prohibited from sharing while claiming compliance with this document, then that organization could never claim compliance. While the idea of a tracking status value for compelled disclosure is interesting (cf. HTTP status code 451), I'm not sure it would be very meaningful for users since in many cases of disclosure, the site wouldn't know ahead of time (or at the time that the tracking status is checked) whether data would subsequently be disclosed. Nick
Received on Wednesday, 18 March 2015 01:24:06 UTC