- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 02 Oct 2012 09:54:33 +0200
- To: Alan Chapell <achapell@chapellassociates.com>
- Cc: Mike Zaneis <mike@iab.net>, David Wainberg <david@networkadvertising.org>, Nicholas Doty <npdoty@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
On Monday 01 October 2012 19:49:37 Alan Chapell wrote: > The only thing you and I agree upon here is that you can't provide > the smoking gun. (: ... which is a personal limitation, not an absolute one. We can go ask the DPAs and people who are closer to the day by day cases to provide us with some really creepy stories. But I think sometimes misunderstandings are considered a feature. > > More belowŠ > > >Oh, Airline XYZ can only do so because they have bought the > >profile that tells them I can afford the higher price... - just > >as an example - That we do not address first parties is > >irrelevant for the EU and a sign of careful nudging of the US > >community. > > In my experience, it would be unlikely (at best) that airline > XYZ.com would operate in the way that you're suggesting. We need > to distinguish what is POSSIBLE in theory from what is PRACTICAL. The question is not about what you guess the airline would do (it was a broker). The point is that they collected data for the purpose stateful service and used it for price discrimination. This is a consumer protection issue. This is my point, not more. If you collect data to determine that somebody is from the UK, you may well give them a different price. Or you may exclude Germans from Youtube because of licensing battles between GEMA and Google. And as soon as there is an issue, people will route around. If the incentive is strong enough, the masses will move. Look at the download statistics of adblock plus. If you're not seen to honor privacy choices (and continue to do business, thus my call for innovation), the consumers will IMHO react with data blocking. I can show you the tools. This is very easy and effective. You prefer that? At some point in time, the arms race will hit the limit of the legislation around hacking (the consumer's computers) > > So if this is your example of harm, you may want to keep looking (: The harm is the undue price discrimination because of superior knowledge that has its roots in the data collection. Again, I don't know what harm you're looking for. Your exemption is not "use IP addresses to show PCMCP that the user that got the ad is from the UK". Your exemption is: "Whatever code of conduct fits me best will trump the user's stated preference". This allows to continue to build profiles despite the DNT:1 header being present. With a good profile you can predict people and manipulate them. This is why targeted advertisement is so much more effective and expensive. There are a gazillion other examples. Even a constitutional court said some 28 years ago that the creepiness created by those profiles has a harming dimension that justifies societal intervention. So it is not just me and my imagination. And you come here, take one of my funny examples and declare: "There is no harm!". While it is right to question limitations, it is also right to question data collection. While my example may be a bit thin (I shouldn't have provided one, just point you to a large collection, Ninja's office has one) its thinness can't be taken as an argument to question the collection limitation principle in general as introduced by the OECD in 1981. > >> >2/ Democratic values > >[...] > > If you put the third party intermediaries out of business - by > definition the marketplace will be smaller. If the only option for SMEs to survive would be unlimited data collection for financial reporting, this would be a sinister outlook, indeed. > >Because there is a fundamental transatlantic divide. We have that > >even internally. While the eastern part believes that the > >availability of organized personal data is very prone to abuse, > >the western part believes that it is all about use limitations. > >Give the data to the junkie but say: "do not use!". Some > >believe, some don't. Note that those legitimate exceptions are > >law in EU. Self regulation has to re-invent those. For the > >unregulated, this is a test whether we can find a reasonable > >compromise without the formal democratic process. > > I have no idea what you mean here Normal, you are part of the divided landscape and you haven't tried looking beyond your own side of things. This is all about collection limitations and quick transformations of personal data collected to remove the personal context. Mainly, large collections of personal data are seen as an intrinsic danger. > But while we're on the subject > of providing arguments for your assertions, I'd invite you to > provide a specific argument of harm that addresses the request > for exemptions. If the XYZ.com is the best you can do, well... Google for Censilia and Zensursula. You'll find a filtering system for control of information streams with large scope creep (also active in the US and Canada I think). I said already 2 times: Governments and others would love to have national Internets they can control. The more you collect data, the more you can control people. You say: But I promise not to control people with that data. Others may say, avoid the collection in the first place, especially if the users has asked you not to collect. In Egypt, they found ways around very quickly. You haven't answered that argument yet. The problem with your exemption is that it can be believed to be the portal for collection scope creep even under DNT:1. The more I see the intensity of the fight, the more I'm inclined to believe in the scope creep here. How can it be avoided that you create the contractual obligations that allows you to collect data under exemptions as before regardless of the DNT header? > >I see the polls that indicate that over 56% of Europeans erase > >_all_ their cookies at least once a month. 25% weekly (from the > >top of my head, search for eurobarometer). > > > >2002, the industry thought: "danger banned, no privacy provisions > >in the US, move on". And the browsers thought: "we manage > >cookies by blocking tools". Ten years after, we are back to the > >core semantic problem: "Can I trust your assertions?". What does > >that tell me? Everybody has to optimize in some direction. > >That's what this effort is all about. I have to optimize in the > >direction of excellence... And putting in question the bases of > >the effort for financial reporting is against my optimization > >target. And there, your wording was much better (and stronger) > >than mine. > > Thank you. Its interesting that you reference P3P. Do you believe > that P3P was a success? It was a huge success for the industry to avoid legislation in the US. It was a huge browser-failure. And it was a respectable scientific success as all newer policy and data handling research is still very often based on the P3P statement vocabulary. I don't think all browsers will repeat the same mistakes. IMHO, the changes without DNT would change your business more than I ever could with my emails and discussion. I'm trying to find a middle ground and new ways to allow for the same business with less data to avoid that bump. I try to help. If this leads into the trenches, it is unfortunate. Rigo
Received on Tuesday, 2 October 2012 07:55:13 UTC