RE: ISSUE-45 ACTION-246: draft proposal regarding making a public compliance commitment

Yet it is a new issue and therefore should be considered under an existing issue which is highly related (such as Issue-45 where you initially made the suggestion for the option and then subsequently retreated on the suggestion – please see the full call minutes) or on a new issue.

- Shane

From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Wednesday, September 05, 2012 4:00 PM
To: Shane Wiley
Cc: rob@blaeu.com; public-tracking@w3.org
Subject: Re: ISSUE-45 ACTION-246: draft proposal regarding making a public compliance commitment

Shane,

Adding new ISSUEs so late in the process is quite extraordinary. If  participants furnish new use cases, the group can consider them.

As for my stance on these topics, I'd refer you to call minutes. I explicitly noted that I was not advocating a fractured Do Not Track standard.

Jonathan


On Thursday, September 6, 2012 at 12:21 AM, Shane Wiley wrote:

Jonathan,



If you’d like this to be opened as a new issue, that’s fine.  Since you proposed this as an option within the discussion of ISSUE-45 it felt appropriate to have the conversation in that context.



Nick – could you please open a new issue for “Public Compliance Commitment Options”?



Thank you,

- Shane



From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Wednesday, September 05, 2012 3:14 PM
To: rob@blaeu.com<mailto:rob@blaeu.com>
Cc: Shane Wiley; public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: Re: ISSUE-45 ACTION-246: draft proposal regarding making a public compliance commitment



I think this thread is quickly headed offtrack.  Let's pop the stack.



ISSUE-45 is about:

1) whether a compliant website must make a public representation about its compliance status, and

2) if so, what form that representation must take.



We have two different proposals:

1) a compliant website MUST make a representation about its compliance status (at minimum using the means specified in the TPE document), and

2) silence (i.e. a compliant website MAY make a representation about its compliance status, presumably stripping out the TPE compliance status semantic).



ISSUE-45 is *not* about:

1) allowing a website to both be in compliance with Do Not Track and pick and choose parts of the Compliance standard, nor

2) providing a mechanism in the TPE specification for signaling selective adherence to the Compliance standard or adoption of entirely different policies.



If advertising industry participants really want to press their luck with these topics, newly announced over a year into our efforts, the working group can decide whether to accept them as raised ISSUEs.  I concur with the assessments others have offered: these suggestions trend towards reneging on a central premise of Do Not Track negotiations, and a splintered Do Not Track standard is a terrible outcome for all stakeholders.  I'm certain everyone in the group now has adequate experience to recognize that a protracted discussion would be time-consuming and unproductive.



Jonathan



On Thursday, September 6, 2012 at 12:02 AM, Rob van Eijk wrote:

Hi Shane,



Tnx, CC is on the list now.



Creating a hook to DNT responses for EU users is a path worth

exploring. But if it is enough to be off the hook remains to be seen.



On top of voluntary compliance spec more substance is needed to make a

voluntary framework legally compliant in the EU. As you know there are

big obstacles that devide our positions, such as and not limited to: Do

not Collect versus Do not target, the issue of the initial setting and

the prevention of dataflows with high entropie identifiers when it comes

to ever growing list of permitted uses.



mvg::Rob



Shane Wiley schreef op 2012-09-05 23:27:

Rob,



Several dimensions here:



1. You had shared (and we had agreed) that the current C&S document

does NOT address EU compliance issues (in Seattle)

2. You have publically conveyed key elements of the TPE that can be

reused in the context of EU compliance (basically, ensuring we have

all of the appropriate ingredients but we may follow a different

recipe in the EU)

(...)



- Shane



-----Original Message-----

From: Rob van Eijk [mailto:rob@blaeu.com]

Sent: Wednesday, September 05, 2012 2:18 PM

To: public-tracking@w3.org<mailto:public-tracking@w3.org>

Subject: RE: ISSUE-45 ACTION-246: draft proposal regarding making a

public compliance commitment



Hi Shane,



If you mean the one on how to make the operational uses work in terms

of proportinality/subsidiarity, that has been posted already.



In case you mean another conversation, please remind me offlist

first.



Rob



Shane Wiley schreef op 2012-09-05 23:01:

Rigo - Agreed there is need for more discussion of EU compliance

with

respect to DNT. Yahoo! received one of the highest P3P compliance

scores in some research that Lorrie Cranor's team executed a few

years

ago. Despite that review, we believe that standard to be horribly

broken and in need of significant repair (or simply put out to

pasture).



Rob - I've had separate conversations with you on this topic. Would

you be willing to share your point of view here?



Thank you,

Shane



-----Original Message-----

From: Rigo Wenning [mailto:rigo@w3.org]

Sent: Wednesday, September 05, 2012 1:51 PM

To: public-tracking@w3.org<mailto:public-tracking@w3.org>

Cc: Shane Wiley; John Simpson; Justin Brookman

Subject: Re: ISSUE-45 ACTION-246: draft proposal regarding making a

public compliance commitment



On Wednesday 05 September 2012 13:01:47 Shane Wiley wrote:

there are already significant issues developing and the C&S

document

isn't addressing EU concerns directly.



Shane, if you want to convey compliance to EU regulations, P3P is a

better option (it has explicit semantics about that). I think that

DNT

is an ack of a user preference that is well defined. This user

preference may also get some traction in the EU market (hopefully)

and

serves a certain purpose there (usable consent mechanism). But I

don't

think it should convey EU data protection regulation compliance. I

think the latter would be a good topic for the DNT-NG Workshop.



Rigo