User:Sidstamm/Notes April 2012 East Coast Tour
10-12 April: W3C Tracking Protection Working Group F2F
The working group met and discussed open issues, proposals for compliance, and there was a rep from the European Commission there to figure out if what the group was developing would be sufficient for the Article 29 Working Group's "cookie directive."
The biggest area of contention on the tech spec is the exceptions API. Most of the rest of the discussion surrounds the compliance specification (how to comply with DNT) and edge cases of allowed tracking like anti-fraud, accounting, rate limiting, etc.
13 April: NYU Law School Mobile Privacy event
This event was mainly attorneys and law professors talking about mobile privacy and regulation/self regulation around mobile tracking, location, and network privacy. I participated on a panel about regulation vs. self regulation.
My talking points for the panel:
- Self regulation is similar to standards - open and participatory.
- Transparency is crucial and leads to a self-correcting industry (due to varied external pressure).
- This helps address the "privacy gap"
- If users don't understand what they agree to, site behavior involving their data is not legitimate
- If organizations clearly share how they operate, then they can be held accountable
- Technology moves fast; challenge of making good laws is keeping up with two orthogonal fields (policy and tech)
- Mandating restrictions on any technology in law will result in outdated and ineffective regulations. (Regulate behavior, not tools)
- Legislative debate can raise the profile of issues and help motivate progress
- it may not be necessary to have legislation, but the discussion about it can identify where a self-regulatory mechanism works and where it needs to be improved.
Notes I took away from the panel:
- Skeptics of self-regulation think it may not be sufficiently complete, may not cover all companies who refuse to participate, and has weak oversight.
- Possibly business incentives fail
- The US market is currently being shaped by foreign rules and regulations since we have none.
- We need a strong backdrop of legal rights (according to skeptics of self-reg)
- Regulation needs to come up a level and be less specific/low-level
- There's a disparity between what industries want and what the public wants -- perhaps self-reg won't work.
- Co-regulation is an interesting direction: government approval of a self-reg program and a state-run oversight group.
- The CDT is worried that legislation will not keep up with any technology.
- but they concede that self-regulation hasn't worked so far.
- Suggests co-regulation might work
- Calls for regulation of acts, not platforms or technology.
- The CDT asserts users have a right to know what's going on with their data and their presence.
- In the mobile space, MANY of the players are not consumer facing!
- Similar to online display ads.
- There may be a trade-off in self-regulation between transparency and the ability for stakeholders to be candid
13-15 April: Wall Street Journal Data Transparency Codathon
OMG this was awesome.
The opening night talks seemed to get the audience fired up. It was a high-energy weekend.