- From: Yianni Lagos <ylagos@futureofprivacy.org>
- Date: Tue, 21 May 2013 11:03:19 -0400
- To: Jonathan Mayer <jmayer@stanford.edu>
- Cc: Nicholas Doty <npdoty@w3.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <CABaGCrcPYQVHw5FAsdbj1sGQaOsT3AQpp-gmvP1c-LKSuttBbg@mail.gmail.com>
Hello,
Peter has asked me to draft point-by-point comments to Jonathan's post
about the issues list. Below please find my thinking behind the recently
circulated issues list. We plan to discuss on Wednesday's call.
All the best,
Yianni
On Sun, May 19, 2013 at 10:29 PM, Jonathan Mayer <jmayer@stanford.edu>wrote:
> Yianni and Nick,
>
> Thanks for taking the lead on cleaning up the issue tracker. Much needed..
>
> Some thoughts on particular changes:
>
> -ISSUE-24 (fraud prevention) is flagged for PENDING REVIEW because of "no
> recent discussions"… but we spent an entire session at the last F2F on
> security and fraud! The group remains at an impasse on whether
> prospectively tracking users for fraud prevention (or security precautions)
> is acceptable. If competing text proposals were more explicitly in the
> draft, I would be comfortable going to PENDING REVIEW.
>
The discussions at the F2F were about the benefits of unique identifiers
for security and fraud prevention. We are opening up a new issue
explicitly for the discussion of unique identifiers.
>
> -ISSUE-191 (non-normative de-identification) should not be merged into ISSUE-188
> (definition of de-identification). There is a substantial disagreement in
> the group about whether to give clear examples on de-identification,
> independent of what the definition is. Dan and John have been particularly
> active on this topic.
>
Examples are important to the definition of de-identification and those
discussions can continue under ISSUE-188.
>
> -I'm hesitant to cram ISSUE-132 (intermediaries), ISSUE-150 (multiple
> user agents), ISSUE-151 (exception API requirement), ISSUE-163
> ("twist[ed]" user preferences), and ISSUE-177 (non-user agent compliance)
> into ISSUE-194 (user consent). We may decide to address these issues
> explicitly and independently. Or we may decide that they can all be
> addressed with a single, high-level provision. Either way, I think we'd be
> remiss to drop precision in viewpoints and historical context. If there
> were a way to flag ISSUE dependencies or sub-ISSUEs, that could be ideal
> here.
>
Issue 150, 163, and 177 are still in the raised category with no action
items and no text. There have been no action items under issues 132, 151,
and 194.
>
> -I believe ISSUE-184 was about whether a first-party website can condition
> access to a service on consent to tracking by third parties. Many U.S.
> participants (myself included) appear comfortable allowing these practices.
> Some EU participants (including Walter and Rob) expressed concerns. I
> wouldn't move the topic to PENDING REVIEW until we have at least a little
> live discussion and competing proposals in text.
>
The issue is still in the raised category with no discussion, action items,
or text proposed. We can open this issue if text is proposed.
>
> -I'm not certain why, but the only "collection" definition (ISSUE-16) in
> the current draft includes a vague carveout for "transient" retention.
> That certainly doesn't reflect consensus. If the editors add an option
> without that caveat, I would support moving to PENDING REVIEW.
>
If others have the same concern, we should add another option or note in
the Editors’ draft.
>
> -Many participants, myself included, only offered to to include affiliates
> in the first party definition (ISSUE-10) if there were concessions on
> substantive privacy limitations. Those concessions have not materialized..
> I would not agree to move ISSUE-10 from OPEN to PENDING REVIEW unless the
> draft includes an alternative text proposal that does not include
> affiliates.
>
If others have the same concern, we should add another option or note in
the Editors’ draft.
>
> -On ISSUE-31, there are two separate topics. First, do we have a global
> minimization requirement—and if so, how rigorous is it? Second, what are
> the (presumably heightened) minimization and transparency requirements if a
> website exceeds a specified retention period? We shouldn't conflate these
> two topics; I would suggest creating a new ISSUE for the latter and
> renaming the former for clarity.
>
There is stable text around a global minimization requirement, and still
debate around including any specified retention period.
>
> Best,
> Jonathan
>
> On Wednesday, May 15, 2013 at 10:21 PM, Nicholas Doty wrote:
>
> As mentioned on the call today, we've been looking at cleaning up the
> issues and actions in our tracker to more accurately represent the state of
> work and focus on issues and actions where the group is actively working.
> This represents some cleanup, merging of related issues, creation of a new
> issue, closing of a couple issues.
>
> Attached in HTML format, with each relevant issue, its current state, what
> action to be taken with it, and a note or explanation. (Yianni has done
> more of the work here, with a little help from me; I've formatted it
> hopefully so everyone can view it usefully.)
>
> For the actions, I've proposed which to close or keep open, with a note
> where relevant, and a handful of these I'm just not sure the status of.
> Those that remain open we will mostly need to create new due dates for, and
> then follow through on completing those. If you have an action here that
> actually has been completed or pre-empted, just let us know.
>
> Comments welcome.
>
> Thanks,
> Nick
>
> Attachments:
> - action-issue-cleanup.html
>
>
>
Received on Tuesday, 21 May 2013 18:39:39 UTC