Re: ACTION-212: Draft text on how user agents must obtain consent to turn on a DNT signal from Justin Brookman on 2012-11-13 (public-tracking@w3.org from November 2012)

From: Justin Brookman <justin@cdt.org>
Date: Tue, 13 Nov 2012 17:34:33 -0500
To: public-tracking@w3.org
Message-ID: <50A2CAF9.4060200@cdt.org>

The working group has been using the term explicit and informed consent 
<http://www.w3.org/2011/tracking-protection/track/issues/143> to ensure 
that a user understands that they are performing a certain action (e.g., 
turning on DNT, or granting an exception to DNT), not to mandate a 
description of all the potential consequences of this action.  If I give 
my explicit and informed consent to Etsy to spend $500 on a 
one-of-a-kind Thundercats t-shirt, that should not require that Etsy 
provide me with information about the need to save for retirement or the 
fact that a Thundercats t-shirt may decrease my odds of attracting a 
suitable mate.

Would you support a parallel requirement that any request for a 
user-granted exception be accompanied by a link to a list of the parade 
of horribles that privacy advocates could generate about why they are 
concerned about third-party data collection? Remember, the group 
previously agreed that we are going to be equally prescriptive when it 
comes to specifying how "explicit and informed" consent must be for both 
turning on DNT and granting exceptions to the signal.  That agreement 
was designed in part as a buffering mechanism against these sorts of 
impractical and heavy handed requirements.

Justin Brookman
Director, Consumer Privacy
Center for Democracy & Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
tel 202.407.8812
fax 202.637.0969
justin@cdt.org
http://www.cdt.org
@CenDemTech
@JustinBrookman

On 11/13/2012 4:46 PM, David Wainberg wrote:
> Hi Justin,
>
> On 11/13/12 2:06 PM, Justin Brookman wrote:
>> but requiring disclosure about an unproven parade of horribles in 
>> advance is not something that a technical standards setting body 
>> should be contemplating.
> I believe we've already agreed that the DNT signal should reflect the 
> user's explicit and informed consent. Doesn't the informed piece of 
> that equation require explanation of the effects of DNT? But I can see 
> that if you do not believe that provisions in this spec will have 
> negative effects for the internet and internet users, then you 
> wouldn't see the need for informing users of such negative effects. 
> So, what do we need to do to convince you? Once we're on common ground 
> about that, then maybe we can have a more productive conversation 
> about how best to inform users.
>
> -David
>
>

Received on Tuesday, 13 November 2012 22:35:03 UTC