Incompatible with guidance on other concerns

[jwrosewell]

The W3C guidance in relation to issues of markets and people's choices states “W3C does not … in any way restrict competition. W3C's policy is that its activities are conducted to the highest ethical standards and in compliance with all applicable antitrust and competition laws and regulations.”

The document groups entities into first and third party based on a singular view of a persons willingness or ability to trust or understand entities that operate within each of those groups. The document does not recognise that entities within those different groups may operate within the same market and therefore will compete with one another. If a technical standard, or a particular implementation that progresses as a technical standard after it has been widely deployed, is assessed against this document then it is possible that the technical standard will restrict competition. Given the lack of browser diversity, but wide diversity of web stakeholders and entities, it is highly likely such an outcome will and has occurred in practice.

The mitigations proposed may only be possible for some players within a market and not others. Gaining people’s consent for something is far easier when it is combined with the acceptance of terms associated with an essential service like the setup of an operating system, or use of a mapping product. Large vertically integrated companies that also operate web browsers will find implementing such mitigations easy in practice. However smaller players that are not vertically integrated will find such mitigations impossible.

Other mitigations my be more or less practical based on financial strength, available engineering skills, available engineers, legacy solutions, among other factors.

This is one example of documents produced within the W3C that incorporate a specific and narrow view of a single issue without considering all the issues that the all 4,000,000,000 stakeholders in the web care about. Other examples include Mitigating Browser Fingerprinting in Web Specifications and [Target Privacy Threat Model](Target Privacy Threat Model).

To resolve this conflict the W3C could adopt a single policy covering all issues. All W3C documents would then have policy positions removed and would simply reference the single unified W3C policy document. This remedy would not only deal with the issues raised in relation to this document, but also improve horizontal review as all matters of policy will be crystal clear and defined once. They would not be open to interpretation by individual participants.

As external stakeholders such as Partnership for Responsible Addressable Media (PRAM), the UK Competition and Market Authority (CMA) and European Commission among others, take a more active interest in the work of the W3C such an approach will also support better engagement with these stakeholders.

[lknik]

To resolve this conflict the W3C could adopt a single policy covering all issues. All W3C documents would then have policy positions removed and would simply reference the single unified W3C policy document.

I don't think that the security and privacy questionnaire is an appropriate target for a petition aimed at the W3C as an organisation. Perhaps try the AB representatives instead?

[hober]

I agree with @lknik; this request appears out of scope for this document. Were W3C to change its policies in a way that affected this questionnaire, we would of course update the questionnaire to reflect such a change.

[jwrosewell]

I will progress the issue via the AB as advised by @lknik.