- From: David Wainberg <david@networkadvertising.org>
- Date: Tue, 04 Sep 2012 20:51:32 -0400
- To: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <5046A214.1010107@networkadvertising.org>
This fulfills ACTION-246
(http://www.w3.org/2011/tracking-protection/track/actions/246), which
relates to ISSUE-45
(http://www.w3.org/2011/tracking-protection/track/issues/45).
There are problems with the current proposed approach to issue 45. The
current version does not accommodate implementation distinctions based
on, for example, geography/jurisdiction, business model, or technology.
It also creates unnecessary and counter-productive legal landmines that
will spur companies to avoid implementing the full spec. We can provide
for making legal commitments without this unwanted result.
I think the first point should be obvious. There will be a tremendous
diversity of organizations, business models, and technologies to which
DNT may be applied, either voluntarily or compulsorily, under a
diversity of regulatory regimes. The spec needs to accommodate this
diversity.
The more important point is that, if we make the mistake of tying the
server response (the header or WKL) to a broad, legally-binding
representation that goes well beyond the specific meanings of the
responses, end-users will lose out because companies will avoid
implementing the response mechanisms. The reality is that companies who
may otherwise be eager to implement DNT will avoid making
representations that could be construed in overly broad ways, that may
be ambiguous, or that otherwise are potentially misaligned with what
they do. Instead, companies will seek to make representations that
unambiguously describe their practices. We should facilitate this, not
make it difficult.
Note that I am definitely not saying that companies should be able to
act contrary to what they represent in the response mechanism(s). That,
however, is not a problem we need to solve. Companies will be held to
account for any such misrepresentations anyway, regardless of what the
spec says. And if the available responses are sufficiently precise and
adequately defined, I think companies will implement them.
This proposal solves both problems. It will provide for the enforceable
statement that the working group is aiming for, but it will also allow
needed flexibility for servers operating under various regulatory
regimes, and would do so especially for servers operating under multiple
regulatory regimes. And, most important, it would create a mechanism
whereby companies can clearly and accurately say what they do and then
do what they say.
The proposal is the following:
* /The compliance spec remains silent on the matter/
* /Add a required "compliance" field to the tracking status resource
in the TPE, where the value indicates the compliance regime under
which the server is honoring the DNT signal./
* /The value of the compliance field is a 3-5 letter token indicating
the applicable regulatory regime. Allowed tokens could include
3-letter country codes, e.g. USA, GBR, NLD, or designations for
voluntary regimes, e.g. W3C, DAA, NAI, IABEU. My understanding is
that an organization like IANA can manage a list of tokens in order
to prevent collisions./
Received on Wednesday, 5 September 2012 00:52:02 UTC