The "Contract for the Web" aims to protect privacy, but its privacy rules
are inadequate — similar to the European Union's GDPR.
There are cities in Europe and the US that require motorists to enter
the car's license plate number to pay for parking. Cities say they
chose this method because it is efficient — but its byproduct is to
impose an additional system of massive surveillance on a large fraction
of the population.
The most sensitive data about you are your daily activities: where you
go, what you do there, and who you talk with. Machine learning can
deduce many important things about you from these data. It can identify
dissidents, whistleblowers, and journalists.
It is useless to try to prevent abuse of these data with rules about
using them. Personal data, once collected, will be misused. Businesses and states will push to misuse them, and China shows
where that will lead.
Thus, adequate rules to protect privacy must ensure nobody collects
these data about you except under a court order that specifies you.
In particular, adequate rules would clearly prohibit using massive
surveillance to collect parking fees. So we can judge any proposed
rules by checking whether they would certainly prohibit that.
The Contract for the Web offers no certainty of this, so it is not
adequate.