W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > April 2001

Re: [Moderator Action] Re: [Moderator Action] Policy Standard

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 3 Apr 2001 01:08:43 +0200
To: James Wright <sirjames@jalyn.com>
Cc: www-p3p-public-comments@w3.org
Message-ID: <20010403010843.D1290@w3.org>
On Mon, Apr 02, 2001 at 12:58:20PM -0400, James Wright wrote:
> I was obviously a little irritated when writing that; but when you start
> putting in parts for disputes and who to bring legal action against - give
> me a break.  If I thought either were a possibility I'd leave it off or put
> your name on it.

The <Disputes> Element you cite was designed to work globally.
There is "third party" to address assurance parties, like seal
services. But this could also used for arbitration and mediation.
The law stuff is there for the europeans, that want to know,
whether they are protected by a law or not.
> Sure, it's more convenient for all the unscrupulous sites who sell user
> information to be able to post something that won't be actually read or
> formatted in a confusing manner that visitors wouldn't understand it if they
> did read it.

It forces also to reduce the complexity of declarations... 17
pages of legalese in a privacy policy aren't really an
improvement for privacy on the web.
> I see the point.  It's a great idea to do something that only 1% of all
> webmasters are going to understand... that opens up a new market for you to
> collect more information to sell!  And SPAMmers can now have my address and
> phone number instead of just sucking off the email address!  What a great
> concept!

Privacy never was simple. But I think it is still sufficiently
simple, that one can handle it. But the WG did not expect, that
the average user would code the XML angle-brackets by hand.

> Either the site collects information or it doesn't.  It sells off that
> information or it doesn't.  Why should there be a "this page does but that
> page doesn't"?  As it is, I'm still trying to figure out why sites which
> encourages you to download something that's free would need your name,
> telephone, address, date of birth, and everything else - even while
> 'claiming' that the information will not be shared with anyone else.

Imagine a shop, that let you surf over the product description
anonymously. But if you want to buy, they collect your address to
deliver. Voila, a very simple case, where you need to policies on
one site.

> So let's let the browsers decide and give the crooks a few more years of
> peace, right?
> Our policy has always been that we don't keep or share any information -
> it's used only for what you're submitting it for at the time.  Period.
> Black and white is much better on this subject than 14 million shades of
> gray; but when you intend to abuse, it makes more sense to write in as many
> possibilities for loopholes as possible, isn't it.

I think, the blocking tool approach (filter everything out/use
anonymizing tools) does not work anymore, if it get's
interactive. Today, it is very hard for you to position yourself
against others with less privacy-friendly site's. The concept of
P3P is to try to improve that. Privacy (not only) as a advantage
in marketing. The surveys show all a preference of users towards
more privacy-friendly services.

And a P3P Policy can also be black and white, straightforward,
simple. But complex big sites (not necessarily commercial) need a
more powerful language, that fit's their needs at some point. 

If you need more information, don't hesitate to contact me.


Rigo Wenning
W3C Privacy Activity Lead

> ----- Original Message -----
> From: "Rigo Wenning" <rigo@w3.org>
> To: "James Wright" <sirjames@jalyn.com>
> Cc: <www-p3p-public-comments@w3.org>
> Sent: Sunday, 01 April, 2001 15:10
> Subject: Re: [Moderator Action] Policy Standard
> > Dear M. Wright,
> >
> > thank you for your comment. But I can't fully understand your
> > remark. Could you please be more specific with your reproach,
> > that P3P is making "a legal joke" out of privacy policies? Could
> > you specify, why you think, not having a policy at all is better
> > than keeping your policy?
> >
> > Yours sincerely,
> >
> >
> > Rigo Wenning            W3C/INRIA
> > Policy Analyst          2004, Routes des Lucioles
> > mail:rigo@w3.org        F-06902 Sophia Antipolis
> > +33 (0)6 73 84 87 31    http://www.w3.org/
> >
> > On Sun, Apr 01, 2001 at 02:57:44PM -0400, James Wright wrote:
> > > We've had policies posted since 1992 which we strictly abide by and over
> the
> > > years we've seen "pay" policy sites start out by using it.
> > >
> > > But after reading through the P3P standards, I think we will seriously
> > > consider not having one at all.  You have succeeded in formally making
> it a
> > > legal joke.
> > >
> > >
> > >
> > >
> > >
> >
> >
Received on Monday, 2 April 2001 19:17:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:43:00 UTC