27 answers have been received.
Jump to results for question:
The Digital Advertising Alliance and other groups have submitted a package of proposed changes to the Editors Draft (also known as the "June Draft".). See PDF of proposed changes, as amended on July 9. This package proposes changes to the definitions of "tracking", "de-identified", "de-linked", and third-party compliance. It deletes any requirement to shift to no unique identifier where that is reasonably available.
Under either option, there would be subsequent consideration in the Working Group of change proposals. The focus of this Call for Objections is to determine the base text, and consideration subsequently of change proposals will be shaped by which text is used as the base going forward.
This Call for Objections is a step in our "Getting to Closed".
If you have an objection to one or more of these proposed options, please describe your objection via this poll with clear and specific reasoning. (The purpose of the poll is not to gather a count.) Responses are requested by 5pm Pacific Time on Friday, July 12, 2013.
Option A: Adopt DAA proposal as base
Adopt the DAA proposal as base text, including to make the proposed changes to definitions of "tracking", "de-identified", "de-linked", and third-party compliance, and to delete any requirement to shift to no unique identifier where that is reasonably available.
See amended text of the DAA proposal on the wiki.
If you have an objection to this option, please describe your objection, with clear and specific reasoning.
|Responder||Objections to Option A: Adopt DAA proposal as base|
|David Singer||Please see http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0122.html for a detailed analysis. We object on both content and process grounds. |
We do not believe that the major changes to de-identification and the definition of tracking are either an improvement or sufficiently precise to be watertight. We're not sure what aspects of the DAA draft are considered to be independent edits, and which linked, and without explanation of the edits, it's difficult to know what issues are being addressed.
The group already has a good collection of individual, explained, change proposals on the June draft and adopting an unexplained replacement wholesale will set us back rather than advancing us. If this is not adopted, however, we nonetheless urge the authors to reduce it to separate, explained, change proposals to the June draft.
|Jeffrey Chester||The DAA proposal fails to protect the privacy of the global Internet user community. It does not reflect the Principles the Federal Trade Commission, in its March 2012 privacy report, called for when designing and implementing a DNT system. Those guiding DNT principles for US consumers are: "a Do Not Track system should be implemented universally to cover all parties that would track consumers. Second, the choice mechanism should be easy to find, easy to understand, and easy to use. Third, any choices offered should be persistent and should not be overridden if, for example, consumers clear their cookies or update their browsers. Fourth, a Do Not Track system should be comprehensive, effective, and enforceable. It should opt consumers out of behavioral tracking through any means and not permit technical loopholes. Finally, an effective Do Not Track system should go beyond simply opting consumers out of receiving targeted advertisements; it should opt them out of collection of behavioral data for all purposes other than those that would be consistent with the context of the interaction." |
The DAA proposal permits the targeting of users relying on data collected from their interaction--in essence a form of Online Behavioral Advertising that DNT is supposed to empower Internet users to control. It is not simple, transparent and contains numerous loopholes. Users are forced to go through several steps to express their choice involving ad delivery and collection--which is still subject to be overridden. It is unworkable for users--and not suitable for further W3C review.
|Richard Weaver||We support Option A (the DAA proposal as base text)|
|Rob van Eijk||The DAA proposal is of great concern to the Article 29 Data Protection Working Party. I will therefore file a formal objection against option A, according to the procedure . |
First, the fact that Online Behavioral Advertising in general and (re)targeted ads specifically would fall outside the scope of the W3C DNT standard due to the narrow definition of tracking under the DAA proposal.
Second, the DAA proposal makes privacy by design dependent of the expression of a user not wanting to be tracked. In my view, privacy by design must be accessible to all internet users, regardless of any expression or choice mechanism.
These shortcomings have serious implications for user privacy. Supporting the DAA proposal would send the wrong signal when it comes to privacy and consumer expectations. The DAA proposal does not meet the criteria set out by the FTC and does not provide the building blocks for consent that are required in the EU. Although the current opt-out cookie would adhere to the principle of collection limitation, the two systems of DNT and Your AdChoices would merely co-exist. Under the current DAA proposal, Do Not Track would have no added value in comparison with the current Your AdChoices program.
Besides these two concerns there are many other important issues that have been identified by various stakeholders that will not be open for negotiation under the packaged DAA proposal.
Rob van Eijk
|Mike O'Neill||We object to Option A because:|
The main thrust of the DAA proposal is it allow companies to continue to build a permanent profile of everybody based on their web activity irrespective of the state of the DNT signal.
The only requirement on servers receiving DNT on data collection is that either or both:
• the URIs they collect must be transformed in such a way that they cannot be exactly reconstituted. If this is done then unique identifiers such as cookie UIDs in their raw form may be associated in the data set. Data transformed in this way is outside the scope of the Do Not Track standard because it is then not covered by the DAA’s restricted definition of “tracking. This “not tracking” data may be collected by first and third parties, and freely shared between them as long as the other party also implement similar transformations. What would constitute a valid transformation is unclear but examples of such transformations given by Shane include extraction of profile scores and a unique key based on a cryptographic hash of the URI. In the former the continuous concatenation of distinct scores based on web activity will inevitably single-out individuals, and in the latter visits to the same resource can be detected by matching the unique hashes. Unique hashes have a k-anonymity of 1 but even if they are later disallowed as a “no tracking” transformation the addition of multiple scores lets k tend to unity anyway.
• The unique identifiers are replaced by another potentially unique identifier, and the URIs are “de-identified” by the removal of other personally identifying information. Data transformed in this way is covered by the DAA definition of “tracking”, because the original URI can be reconstructed, so remains in scope but may only be used for permitted purposes. Because the replacement of one unique identifier with another is a null and in no way limits the collecting party from associating further data from the user , and another party with access to the raw data stream can track anyway, this is a pointless step. It is unlikely anyway that this procedure would be carried out by many, because the “not tracking” alleviation is much wider and corresponds with current industry practice, and would be no burden to implement if not.
In both these transformations unique identifiers are retained and can be used to connect subsequent web activity by a particular person to data about them already retained. If the data is transformed so it is classed as “not tracking” there is no limit on how long this data can be retained and appended to, and no restriction with whom it is shared because it is out of scope.
What is more, even if the minor information reduction inherent in “not tracking” or “de-identified” data is accepted, there is no way for users to verify it has been done, as it relies on non-transparent administrative and operational procedures. Regulators would find it very hard to audit such procedures on one company never mind a whole ecosystem, and since their existence extends little value for privacy they probably would not bother.
If this proposal is used as a basis we would have the “null” standard Peter warned us about. People who have taken the trouble to find out about and set their browsers Do Not Track setting would have their wishes ignored, and end up still being profiled, behaviourally targeted, retargeted by unknown parties and potentially discriminated against. The loss of trust would be disastrous for the web, internet based commerce and also the advertising industry.
|Alan Chapell||I support moving forward with the DAA proposal as the baseline for the WG as it offers the most likely possibility that consumer privacy interests will be served while minimizing anti-competitive concerns.|
|John Simpson||Consumer Watchdog objects to using the DAA proposal as a base text for a number of reasons. First, from a process perspective, the way in which it was presented was deeply flawed. Members of the working group were asked to submit change proposals to the existing June Draft (aka Editors Draft) with discussion and justification of our reasons. Many acted in good faith. The DAA group instead chose to submit an entire document as a package with virtually no explanation or justification for its text. It is simply wrong that the DAA proposal has now acquired special standing and legitimacy when those who offered it did not follow the established procedures.|
Second, Consumer Watchdog objects to the DAA document because its text is flawed and confused. As has become clear in repeated email chains this week and on our conference call, the text does not clearly, concisely and accurately reflect to the average reader what in many cases the proposers say is their intent. This is perhaps the result of producing text under a tight deadline, but such a flawed document ought not be considered a base for further work.
Finally, Consumer Watchdog objects to the intent of the DAA proposal as we understand it, although that intent is often not clear by simply reading the proposed text. "Do Not Track" should mean that profiles about users are not built when the DNT:1 message is sent. The DAA proposal, by introducing an unacceptable definition of "tracking" would allow this and would allow online behavioral advertising when DNT:1 is sent. This is unacceptable. The language around de-identification is inadequate. And the removal of the requirement of not using unique identifiers when other techniques are "reasonably available," removes a modest privacy friendly requirement without justification or explanation.
Consumer Watchdog objects in the strongest terms to using the "DAA proposal" as base going forward.
|Chris Pedigo||The Online Publishers Association (OPA) has been actively engaged in the W3C process for nearly two years to develop a viable and effective Do Not Track (DNT) standard. In this work, the OPA has frequently urged that the W3C working group develop a standard that reasonably meets the expectations of a consumer who has chosen to send a DNT signal while also allowing necessary flexibility for good-faith entities in the internet ecosystem to comply and innovate. In this regard, while we support portions of the industry-coalition proposal, we are concerned that this proposal would not meet with consumer expectations by allowing 3rd parties to continue serving behaviorally-targeted advertising to consumers who have activated DNT. We look forward to continuing to work with W3C participants to develop a viable standard that meets the needs of consumers and industry.|
|Jonathan Mayer||Objections detailed here: http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0366.html|
|Justin Brookman||The eleventh hour Digital Advertising Alliance proposal marks a fundamental deviation from the years of effort within this working group to develop a meaningful, consensus DNT standard. CDT objects to Option A: Adopt DAA proposal as base.|
Permitting Behavioral Targeting of DNT:1 users
Since 2007, Do Not Track has been conceived as a one-stop option to turn off cross-domain web tracking and the associated personalization (https://www.cdt.org/privacy/20071031consumerprotectionsbehavioral.pdf). For years, the axes of this debate have been Do Not Collect versus Do Not Target, and over time and within the group, both sides had made meaningful concessions toward the other. At the very least, it was understood that DNT:1 would turn off ad targeting; the debate centered around what could be collected and retained for a narrow set of other permitted uses.
The DAA's recently proposed definition of tracking is cryptic, but discussion on the mailing list and on calls indicates that its drafters believe that the language would allow the use and retention of behavioral data for interest-based targeting, including retargeting. Moreover, industry would be able to retain for targeting (and any other) purpose any information about visited webpages, so long as the precise .url from which it was derived was not discernible. Thus, companies could log precise descriptions of the content of every webpage visited if so desired, offering little to no incremental privacy protection, as it is the *content* of the webpages we view, not the technical web address, which is personal and sensitive. (Indeed, urls often expire over time, eventually directing to "Page Not Found" instead of the original content, whereas a description of the .url's content could in some cases be more persistent.)
Allowing behavioral targeting and retargeting would run strongly counter to a consumer's reasonable expectations in turning on Do Not Track, and this standard should not allow it. If the trade associations' argument is that the Do Not Track signal cannot be reliably trusted as a signal of user intent, then it makes no sense to offer vague "data hygiene" in response to it any more than it does an end to targeted ads. Rather, companies should adopt strong data hygiene practices for *all* users, and find a reliable way to honor browser-based tracking and targeting opt-out requests (rather than relying entirely on the flawed DAA opt-out approach: for more on that, see https://www.cdt.org/files/pdfs/Brookman-DNT-Testimony.pdf).
While this concept is not new to the group, DAA's proposed deidentification language is unworkable, especially as the literal text does not match the proffered explanations for what it is intended to achieve. However, several conversations with working group members lead me to believe that DAA expects that deidentification can be achieved when a data set is still operationally linkable to a person or device (in order to conduct longitudinal research on how users browse the web over time), however internally the company prohibits some (but not all?) employees from access to the linked data sets. This definition runs counter to the FTC (and DAA's own) guidance on deidentification, as well as any common sense notion of the concept. Under DAA's approach, data may be retained indefinitely so long as *eventually* it is fully delinked. This model does not provide complete protection to the threat of data breach or internal misuse, or much protection at all to compelled disclosure pursuant to a subpoena or law enforcement request. While some companies may adopt innovative practices that make accessing data associated with a unique identifier impractical (or at least unscalable), it is my understanding that that would not be required under the standard (though the language is rather imprecise).
We also object to the deletion from the June Draft of reasonable data minimization efforts and a prohibition on using unique identifiers if alternative solutions are reasonable available. Rather, these requirements should arguably be included within the "data hygiene" that should be afforded to all users, but certainly to users who express a preference not to be tracked across websites.
I do not believe that threats that the June Draft will not be adopted justify the implementation of a weak, inchoate standard that violates reasonable consumer expectations. We should continue to negotiate a consensus standard along the lines discussed over the past two years which can then be enforced by self-regulatory bodies, data protection authorities, and browsers or other user agents.
|Vinay Goel||As mentioned on the mailing list, Adobe objects to this proposal’s current definition of service provider because it places strict limitations on a service provider’s ability to provide (siloed) services to more than one party. The DAA proposal leveraged the service provider definition provided by the Editor’s draft. The editors of this proposal acknowledged via the weekly call that Adobe’s proposed amendments will be addressed before the standard is finalized once there is direction on if this proposal is the base.|
|Amy Colando||Microsoft wishes to focus its written submission on process, as we are focused on the most effective way to move forward discussions while ensuring that important issues are identified and discussed. We welcome the constructive dialogue to date.|
The June draft was published specifically to be the catalyst to uncover the remaining issues with the text. Microsoft and other members of the group worked hard against this draft and we have identified all the remaining issues for which there is at least one person in the group who disagrees with the text. We had expected the decision process to be followed (a call for counter proposals followed by a survey if there was no amicable consensus reached) on each issue.
It is not clear which issues may still be discussed and resolved in this fashion if the DAA proposal is chosen as the starting point. It is not clear which of the issues identified against the June proposal are considered settled and which may still be discussed (or whether there will be an opportunity to raise new issues that didn’t arise out of the June proposal).
While we agree with many of the text changes in the DAA text, many of which relate to issues separately identified against the June draft, we don’t see a reason why issue-specific changes can’t be submitted against the June draft, rather than merged together. Issues from the DAA text should be carefully considered as important feedback from major potential implementers of DNT.
In its current form, the DAA text appears to be susceptible to multiple interpretations, and we believe a clear and consistent standard will benefit the web. If the DAA text is used as base text, there are new substantive issues that we would raise.
|Sid Stamm||Mozilla doesn't believe the DAA proposal aligns with user expectations of a Do Not Track feature and it is a step in the wrong direction for any privacy technology. The new proposed language is vague and requires much work to make it clear how it addresses consumer privacy. Without this clarity, it appears to be overly permissive and would yield very little in the reduction of tracking for users who send DNT:1. If we create a spec that accomplishes very little, we will be giving consumers who use this feature a false sense of privacy when they over-estimate what a weak DNT does.|
Many people are activating DNT because they want unauthorized data collection and tracking to stop. Making a weaker standard where collection continues as-is and compliant service providers only claim to use the data for fewer things would clearly be ignoring these widespread pleas. Even if it's "easier to obtain mass adoption", the DAA proposal is not a fair treatment of peoples' Do Not Track requests.
Yes, the June Draft still has work ahead towards consensus, but it represents a lot of thoughtful input over the past 2+ years that we believe is a stronger basis for continuing our work and better indicator of group consensus than the DAA proposal.
Procedurally, the DAA draft features fundamental and significant unbaked changes to our previous focus. If we keep hearing new proposals and taking up radical changes, we will have to start obtaining consensus again on underspecified parts by objecting to specific language and revising. Large and sudden shifts (especially when confronted with short deadlines during vacation season) use more time to digest and understand specific points of change and is unnecessary when the same points of change could be tackled using the issue system.
|Aleecia McDonald||My fundamental objection to this proposal is that it does not fulfill the TPWG Charter, which opens:|
"The mission of the Tracking Protection Working Group, part of the Privacy Activity, is to improve user privacy and user control by defining mechanisms for expressing user preferences around Web tracking and for blocking or allowing Web tracking elements."
This proposal does not address providing user controls to block or allow tracking, by design. The DAA has been honest about their position: since they are currently seeing 20% DNT:1 rates now, and expect that to climb higher, they cannot voluntarily agree to bind their members to forgoing revenue from DNT:1 users. Therefore, DAA can only live with a version of DNT that could just as easily apply to non-DNT:1 users, and can only live with a version of DNT that does not place any effective limits on tracking. This is a logical outcome, and these parameters are reflected in the DAA proposal. I respect the DAA's honesty about their position while noticing that DAA cannot accept a version of DNT that fulfills our charter.
While not mentioned in the normative text in option A, discussion clarified that this proposal:
- places no limits on data collection
- does not consider proportionality
- does allow companies to send a signal that they comply with DNT:1 while continuing to track, profile, and display targeted ads to DNT:1 users
- places fewer restrictions than the DAA's existing opt-out program, which is already deemed too limited by regulators in the US and EU.
Under this proposal, there would be no substantive improvement in privacy for DNT:1 users. Therefore, if we adoption option A, while users would express a preference not to be tracked, that preference would be violated even as companies claim DNT compliance. I cannot live with a proposal to create a Recommendation that is a deceptive practice. Users would believe they made a choice to request privacy, believe it was honored by companies that send a DNT acknowledgement, but in reality would have no practical privacy benefits to DNT:1.
To add insult to injury, this proposal would create a confusing mess of requirements for companies to comply with. Not only is there scant privacy benefit, there is cost to companies trying to understand what it means to hash a unique identifier. Small companies would be particularly disadvantaged by a needlessly-complex system that gives the illusion of progress.
To address what few specifics are written down, please see points 1-4 below.
(1) Tracking has been unacceptably narrowed to the point of twisting the word beyond recognition in a plain English use. In this proposal's definition, tracking only applies to "browsing activity." This means that, for example, using information gathered from email would not be "tracking," and appears to put all apps out of scope. The TPWG has had a consensus agreement to the contrary for over two years, and the co-chairs have not agreed to re-open this as an issue, so the definition of tracking is not viable.
Furthermore, "browsing activity" is limited to only refer to the list of domains or URLs visited. That means that noting the content a user has viewed is considered not to be tracking; it is only the URL itself that is implicated in DNT. This is an intentional loophole. If URLs are at issue, and perhaps they should be, we could do a far better and easier implementation: simply add a section to the Compliance draft of "send no referer data." Most browsers already have that functionality built today, and it would do a far better job of protecting data transfer between sites.
Back to the definition, even this limited view of "browsing activity" is not considered tracking unless it is "across non-affiliated websites." We have no definition of "affiliated," but based on the definition of party in the base document, presumably affiliates must be "commonly owned and commonly controlled," leaving users to wade through an ever-changing list of acquisitions and mergers, which are no longer to be one click away but could be buried on a corporate website. Again we have privacy theater: companies face the burden of keeping their brands up-to-date, while users will face an insurmountable barrier in the time it would take to read all of these new forms of notice.
Last, we have had drafts on tracking for quite some time. While they did not entirely align, they were very far from this limited approach. This is not the basis upon which we have proceeded for the past nearly three years.
There is not enough well-drafted text here to be certain what is intended, which suggests we are rushing to judgement prematurely (and/or the authors were late, either way.) Based on discussions, the idea is that companies receiving an incoming DNT:1 signal could continue to perform any action they like, including creating profiles and serving targeted ads, provided they hash the original unique identifier. Put another way, the idea is to replace a persistent random number with another persistent random number. There is explicitly no expectation of rotating hash keys. As such, this has no serious privacy advantage: swapping one GUID for another GUID does not make a user any less identifiable. But it does put a burden on companies to architect a new system. I cannot live with a system that has cost to business yet no gain on privacy. This is inefficient on every level.
(4) Third party
We have a limit that a "...third party MUST NOT track outside of the Permitted Uses and any explicitly granted exceptions." However, with tracking imagined to just be URLs that cross business conglomerates, this is not much of a limitation at all. Third parties would be free to buy, sell, and combined data, online and offline. This is another loophole so large as to make the DNT recommendation pointless.
Because this draft does not address the mission of the TPWG as established in the group's charter, it is out of order to consider it. We have wasted enormous resources and time on a proposal that could never have been accepted by charter. Better we realize that now than after a failed Recommendation. Imagine trying to explain to cynical users what DNT would mean under this approach. The harm this proposal would do to user trust online is incalculable.
|Dan Auerbach||We object to the DAA proposed text. The text lacks basic clarity, and takes positions which would seem to allow the status quo of data collection and retention to continue almost completely unabated for users who have set DNT:1. The grossly insufficient privacy protections provided by the DAA proposal are totally unacceptable.|
Full comments available here: http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0381.html
Option B: Continue from Editors' draft as base
Continue to have the Editors' Draft as base text, and decide not to adopt the set of changes listed in Option A.
If you have an objection to this option, please describe your objection, with clear and specific reasoning.
|Responder||Objections to Option B: Continue from Editors' draft as base|
|Jeffrey Chester||The Editors' Draft will need to be seriously strengthened to serve as a vehicle that enables a user to make a meaningful DNT decision.|
|Chris Mejia||I object to this option because I do not believe that this proposal stands any reasonable chance for widespread industry adoption, while the DAA's proposal, materially unaltered, will likely be adopted industry-wide. Obviously wide-spread adoption of the DAA proposal would represent a meaningful step forward for user privacy.|
|Rob van Eijk|
|Shane Wiley||In response to the Call for Objections (ISSUE-215) to determine whether the June Draft developed by the co-chairs and W3C -or- the DAA Proposal (amended version of the June Draft) should be used as the baseline for amendment efforts going forward, Yahoo! believes the DAA Proposal is a more appropriate starting point for the working group for the following reasons:|
1. Adoption: The cornerstone of success for any W3C standard is that it is widely adopted by the desired elements of the online ecosystem it is meant to address. The June Draft doesn’t provide for a framework that will likely be adopted by much, if any, of the online ecosystem that relies on advertising to monetize their free services – which is the vast majority of online user engagement today. The working group should appropriately leverage the option that has the greatest chance of mass, global adoption which is the DAA proposal.
2. Opt-In Default: The working group originally agreed the DNT standard should NOT create a de-facto “opt-in” for online tracking (primarily interest based advertising). In fact, in one of the only formally recognized decisions by the working group we agreed DNT should not be turned on by default and should only activated as a conscious, express action by a user. The ease at which injecting the DNT:1 signal in headers (Mozilla states it took only 13 lines of code), the lack of technical mechanisms to ensure this only occurs by user action, and the proliferation of signals coming from browser add-ons, privacy tools, anti-virus applications, network intermediaries such as WiFi access points and routers, and others, leads many technical experts on all sides of the table (consumer advocate, browser vendor, and industry) to predict DNT:1 rates above 50% - possibly even above 80%. The June Draft suggests that a user online experience could not be modified if the DNT:1 signal were present – and when combined with the expected rate of DNT:1 headers (with or without user knowledge) – leads to the Opt-In Default environment we all agreed is not an appropriate starting point.
3. Tracking: The June Draft Tracking definition is overly broad and difficult to interpret for both what is and is not considered to be within scope of DNT. The DAA Proposal is simpler, crisper, and easy to logically follow as a starting point for all subsequent decisions that need to be made with this critical definition in mind.
4. De-Identification: The June Draft does not fully reflect the tri-state de-identification approach that has evolved through group discussion since the introduction of the June Draft as a method to provide further enhanced user privacy and data protection for Permitted Uses, including those that have had significant debate within the working group such as Market Research and Product Development. The DAA Proposal provides a superior grounding point (terms are admittedly still under debate) to continue this vital discussion.
5. Unique Identifiers: Its understood there is a general desire to address many elements of online consumer privacy in a single pass through the DNT effort but we must resist the temptation to “pile on” in this forum and reserve some of this issues for parallel efforts outside of this particular working group. Unique IDs, their setting, collection, and utility is one such topic that is best reserved for a different discussion such that HTML cookies, LSOs such as Flash Cookies and HTML 5 Persistent Stores, Browser Fingerprints, and future possible innovations in online IDs can be appropriately addressed in their entirety. The DAA Proposal appropriately removes this element to create a better starting point to focus our efforts.
|Keith Scarborough||ANA objects to this option because the Editors' Draft would seriously undermine the availability of a broad range of digital content and services that provide value for both consumers and marketers. As such, it would create a W3C standard that could not be implemented across the industry. We are founding members of the DAA and continue to believe the DAA proposal, as base text, strikes the appropriate balance and could be widely adopted across the entire digital ecosystem.|
|Alan Chapell||I respectfully object to this working group continuing to work from the Editor's draft as base for reasons outlined in the attached link.|
|John Simpson||This is not an objection to using the June Draft (aka Editors Draft) as a basis for working toward a Last Call Document by the end of July, although there are substantial process questions about how the document was developed. It is, rather, an observation that in Consumer Watchdog's view the June Draft text still needs significant improvements and in some important areas the addition of clear non-normative explanations and use cases. Without those explanations, the document runs the serious risk of papering over substantial differences in interpreting what the normative language means. That would serve no one well. As a final thought, given the large differences in approach demonstrated by the submission from DAA, I find it extremely difficult to see a way forward that produces a Last Call document by our deadline.|
|Brad Kulick||I object to "Option B: Continue from Editors' draft as base" as it is less equipped than Option A to sustain further discussions and refinements that would lead to a supported outcome by the tracking protection working group. More pointedly, it lacks necessary potential for adoption, protections against signal abuse, and a balanced approach to privacy while preserving a healthy and competitive marketplace. It is unlikely to lead to an outcome that would produce meaningful change to consumer privacy.|
|Brooks Dobbs||I object to the June draft on a number of grounds. These include:|
- Adoption. As a veteran of the P3P effort, I am very sympathetic to the importance that actual adoption means in providing effective protections. The June draft is far less likely to achieve significant adoption.
- Attention to non-compliance issues. While all participants and both proposals recognize the existence of non-compliant UAs, only the industry proposal offers a meaningful standard that can exist in a world where the specific compliance requirements of DNT:1 signals sent by UAs are at best uncertain.
- Avoidance of scope creep. The June draft, even after defining tracking, appears to create compliance requirements which go further than dealing with "tracking". This is particularly the case with respect to 3rd party geolocation. While certainly geolocation data is a potential privacy concern, it is being addressed in other forums. Consideration within DNT creates a conflict with the definition of "tracking" in that Geolocation decisioning occurs within the context of a single network interaction, taking it out of the scope of tracking considered by the proposal
- De-identification. The June draft does not capture a practical process towards de-identification, which must include technical, administrative and procedural components as outlined in the industry proposal.
- Net effect. IMHO we must not miss the forest for the trees. If in the name of providing consumer protection we undermine the ecosystem responsible for providing free online content crucial to web users, we have not achieved a successful outcome. The industry proposal provides protection for both personal privacy and personal utility, while the June draft misses this balance.
|David Wainberg||Dear Chairs,|
I offer here my objections to Option B. I sincerely thank you for your hard work, and for your consideration of my views.
We should not use the June Draft (currently also known as the editors' draft) as the basis for moving forward. The approach in the June Draft, because it is not tailored to a specific problem, is over-broad such that, if implemented, it would be harmful to the diversity of content producers on the Internet today, and would not provide a commensurate net privacy benefit to consumers. It is, therefore, not likely to gain wide adoption. Because the June draft's approach is so misaligned with desirable outcomes, and is especially and disproportionately unfavorable for the intended implementers (third party advertising businesses), it is the wrong basis for ongoing work. On the other hand, the alternate proposal on the table, which is tailored to an identified privacy concern, balances competitive interests, and is seemingly more likely to be adopted, offers a much more realistic path forward.
Detailed objections to using the June Draft:
1. Improper focus and over-breadth. The approach in the June Draft conflates tracking with the customization of online ads and content. Proposals, such as the low-entropy cookie idea from the EFF or the alternative browsing history/de-identification approach, demonstrate that customization is not necessarily privacy-intrusive, and that it may be possible to have a balanced and tailored approach that advances privacy while preserving competition and gaining a high rate of adoption.
2. Harm to competition. The approach of the June Draft would impair competition in the Internet economy, without a positive net impact for online privacy. (In fact, it may ultimately harm consumers by reducing competition and thus raising costs and limiting availability of online content and services.) Third party online advertising businesses, by creating low barriers to entry for new ad-supported content and services, have been key drivers in the proliferation of independent and niche content on the Internet. A viable approach would attempt to tailor policy to specific, identifiable privacy concerns, while balancing other interests, and avoiding unintended consequences. But the June Draft does not do this, and so is unworkable.
3. Low adoption. Because of these problems with the approach in the June Draft, it is not likely to gain widespread adoption among third party online advertising businesses.
|Jonathan Mayer||Objections detailed here: http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0366.html|
|Peter Kosmala||The American Association of Advertising Agencies (4A's) respectfully objects to the adoption of the Editor's Draft as the base text for the Tracking Protection Working Group specification for DNT. |
We feel quite strongly that the Editors draft, were it to become adopted as the baseline, would undermine the fundamental models of business and information exchange that have come to define the Internet. It would compromise the benefits of content and services that consumers clearly enjoy. The Editors draft draws overly broad conclusions on potential privacy harms and does not sufficiently distinguish between content and advertising delivery in contemplating solutions. Further, this proposal encourages a system whereby privacy decisions are made preemptively and not as the genuine expression of informed consumer choices.
The industry consensus proposal (aka "the DAA proposal") strikes an equitable balance between effective privacy protection and a framework for broad industry adoption of an implementable standard. This proposal and its associated amendments advances more focused and concise definitions of key terms and concepts such as "tracking", "de-identified", "de-linked", and "third-party compliance" that are essential to a functional framework. It offers a thoughtful and workable "tri-state de-identification" model for handling data that squarely addresses many lingering concerns such as data used for market research or product development purposes. This proposal already includes the contributions and investment of many key entities in the marketplace and, under the auspices of the DAA, offers the immediate enforceability of practices under a program long established.
4A's recognizes and appreciates that much work has been committed to the tracking protection working group effort by multiple parties and over several years. For this work to truly reach fruition --and for it to result in the broad adoption that is the core of every W3C effort and charter-- we must move from the Editors draft to adopt the Industry proposal for successful deployment of a standard that can actually be widely deployed and enforced and which supports, not quells, further innovation for consumers to enjoy. We are thankful to participate as a W3C member in the working group effort as well as for the opportunity to voice our objection in this forum.
|Ronan Heffernan||Nielsen objects to the use of the June Draft as the basis for further efforts of the working group, because it harms the World-Wide Web ecosystem by precluding essential audience measurement methodologies that benefit all parties. The DAA proposal, with the addition of an Audience Measurement Permitted Use, as submitted by ESOMAR represents a more solid basis.|
|Vinay Goel||Adobe objects to (1) the limitations this draft places upon a parties’ use of service providers; and (2) the excessively broad definition of tracking that implies all websites track.|
(1) is the same as our objection under Option A (see above).
(2) Aside from third party anonymization services, all HTTP servers retain an access log for longer than the current network interaction, even if it is only for off-line statistics and system monitoring for security or capacity planning. Users do not consider such basic service operations to be tracking, nor would they expect a DNT:1 signal to mean that they can traverse the Internet with a cloak of invisibility. Likewise, system performance optimizations, such as layered caching within the service, is often based on browser characteristics (such as window size) or implied user preferences (such as content language) that might indeed be unique to a single client; a service has no way of ensuring that such data is not unique at the time it is cached, since it is not being stored for the purpose of later tracking.
The goal of the Tracking Protection protocol (and the intended effect of its requirements) is to turn off anything that intentionally follows a user's activity across multiple unaffiliated sites. That is the privacy concern we are attempting to address in this protocol: actions which link a user's activity at one site with their activity at some other site that the user believes to be distinct. Our definition of tracking (and hence what Do Not Track means) must correspond to what we are requiring be turned off within the Compliance spec. Otherwise, the specification is inherently misleading.
Regardless of the above objections, implementation of DNT must be based on the principle that it represents an explicit choice of the user, such that the user can turn it on or off based on their own preferences and not some vendor default, installer preference, or network imposed mechanism. If client-side implementations fail to honor that principle of user preference, then there is no remaining motivation for sites to implement Option B.
|Rachel Thomas||The Direct Marketing Association (DMA) thanks the W3C staff and the TPWG Co-Chairs for providing the June W3C Draft (“Editors’ Draft”) and for all of the work that went into creating the document. However, DMA respectfully objects to the Editors’ Draft because we do not believe it provides a sufficient basis to reach a final standard that will both enjoy wide adoption and provide a significant privacy gain for consumers. |
DMA’s objections to the Editors’ Draft center around the following concerns:
1.) The Editors’ Draft is unlikely to gain widespread adoption.
The entities primarily covered by the proposed Do Not Track (DNT) standard are unlikely to adopt and comply with the approach in the Editors’ Draft because it is overly broad and anti-competitive. It would severely curtail online businesses and e-commerce without a commensurate privacy benefit to consumers.
The industry consensus proposal(the “DAA Proposal”) presents a solution that can be implemented and adopted by industry while providing a net gain in consumer privacy. The balanced and narrowly tailored approach laid out in the industry consensus proposal solves specific privacy concerns while maintaining competition and a diverse Internet economy and so is much more likely to gain widespread adoption – and ultimately benefit consumers with a net privacy gain through better data hygiene. Indeed, if Digital Advertising Alliance (DAA) were to back the industry consensus proposal with independent enforcement, those actions would foster adoption of the standard even further.
In contrast, the Editors’ Draft does not present a solution that can be implemented and adopted by industry. Without this, the Editors’ Draft fails to meet one of the W3C’s own key elements of “success” – the ability to gain wide adoption. In failing to gain widespread adoption, we believe that a standard built from the Editors’ Draft would create confusion in the marketplace rather than providing a net privacy gain for consumers.
2.) The Editors’ Draft will harm competition in the industry.
Specifically impeding competition in the Internet economy – all without a positive net benefit to users' privacy.
3.) The definition of “tracking” in the Editors’ Draft is overly broad.
The definition of “tracking” in the Editors’ Draft is too broad and difficult to interpret for both what is and is not considered to be within the scope of “Do Not Track” (DNT). In contrast, the industry consensus proposal is simple and easy to follow as a starting point for all subsequent decisions that need to be made with this critical definition in mind.
4.) The Editors’ Draft Fails to Put Choice and Control in the Hands of Consumers.
Whereas the industry consensus proposal ensures that choice remains with the consumer, the Editors’ Draft would allow a large volume of non-browser, non-user activated DNT signals to proliferate in the online ecosystem.
DMA appreciates the opportunity to participate in finding a consensus solution that will result in a net privacy gain for consumers through the Tracking Protection Working Group, and thanks the chairs and staff for their continued work in leading this process.
|Jeff Wilson||Peter, Matthias, and W3C staff: Thank you for the opportunity to provide this feedback. We respectfully object to continuing with the Editors'/June draft as base text (and prefer to move forward with the industry proposal) for the following reasons:|
1. The June draft prohibits targeting and customization methods that are executed in an anonymous and privacy-friendly manner (e.g. aggregate scoring.)
2. The June draft lacks the "tri-state" de-identification process. The tri-state process promotes the responsible use of data and sets a high bar for data hygiene and privacy best practices. Similar approaches have been tested and proven in other industries (e.g. use of de-identified PHI under HIPAA; http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/) and we see no reason they cannot be successfully implemented here.
3. The definition of Tracking in the June draft is too broad, as it encompasses any network interaction regardless of party type. Under this definition, virtually all first party publisher websites engage in tracking - even simple sites with no third party calls or objects. This will likely create confusion for implementers since first party retention and use is ultimately out of scope. Further, the "or can be" qualifier in the June draft definition opens up the problem of implementers having to consider highly theoretical/fantastic re-identification scenarios.
4. The June draft does not meaningfully address the problem of DNT:1 signal proliferation. As a practical matter, most entities are unlikely to implement when faced with little/no monetization prospects on 25-50% (or more) of their traffic.
|Luigi Mastria||Transparency, user choice and use limitations are hallmarks of good privacy design. Full comments available here: http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0367.html|
|Jack Hobaugh||NAI would like to thank W3C and the Co-Chairs for providing the June W3C Draft (“June Draft”). NAI recognizes and appreciates the work of the Co-Chairs and W3C staff. With that said, NAI respectfully objects to moving forward with the June W3C Draft because the alternative proposed text provides a better and more efficient foundation for future discussion. The editors’ June draft, in contrast, does not provide a sufficient basis to build upon to develop a final consensus standard that can be widely adopted and provide a net privacy gain for consumers. To be sure, work and editing remains to be done on the DAA Draft, but that draft provides the better foundation for the development of a workable standard. |
Fundamentally, NAI objects to the June Draft because unlike the industry consensus June submission (AKA the DAA Proposal in this poll), the June Draft does not present a framework that can be implemented and adopted by the vast majority of stakeholders, thus failing one of the key elements for a successful W3C standard – adoption. Moreover, a standard that exists but cannot be adopted creates confusion in the marketplace and fails to provide any net privacy gain for consumers. As a self-regulatory body with nearly 100 member companies committed to honoring high standards and promoting the responsible collection and use of data, it is the hope of NAI that the W3C TPWG will produce a workable DNT standard that can not only be supported by NAI, but a standard that NAI would affirmatively encourage or even require its members to comply with. Such a result would be good for consumers and the health of the online ecosystem. The June Draft is far from such a framework for numerous reasons including the following:
1. Overly Broad: The June draft conflates “tracking” with the customization of online ads and content. Over the past two plus years the TPWG has wrestled with the definition of tracking. We are concerned that this interpretation is not consistent with the technical reality, and does not serve privacy aims. Proposals, such as browsing history aggregation scoring and de-identification, demonstrate that customization is not necessarily privacy-intrusive, and that it may be possible to have a well-balanced and tailored approach that advances privacy while preserving competition and gaining a high rate of adoption.
2. Harm to competition: The approach of the June Draft would impede competition in the dynamic and diverse Internet economy that consumers across the globe have come to love and expect. Even worse is that this negative impact on competition would be accompanied by minimal, if any, net privacy benefit for consumers. By severely curtailing third-party technology companies, who for the most part use pseudonymous data and honor the highest self-regulatory standards, the June Draft would shift incentives toward more data collection with PII by the largest entrenched parties. The end result would be less competition and more data collected that can be easily associated with the user’s PII. In sum, big business wins and small business, entrepreneurs, the long tail publishers, and diversity of content lose.
3. Low adoption: The entities primarily covered by the proposed DNT standard won’t adopt and comply with the approach in the June Draft, because it is over-broad and anti-competitive, and would severely curtail online businesses and e-commerce without a commensurate privacy benefit to consumers. A balanced and narrowly tailored approach that solves specific privacy concerns while maintaining competition and a diverse Internet economy is much more likely to gain widespread adoption, and ultimately benefit consumers with a net privacy gain through better data hygiene.
4. The June Draft Does Not Provide Relief From the Proliferation of Illegitimate DNT Signals: Many of the DNT signals being sent today are not sent with the knowledge and choice of an informed user. The cost of adding DNT:1 to the HTTP header is very inexpensive from a technical perspective (13 lines of code) and permits the proliferation of DNT signals by hardware and software without a choice being made by the user. Examples of hardware and software that can set the DNT:1 signal without the user’s knowledge are browser add-ons, anti-virus software, access points and routers, network intermediaries, firewalls, etc. As W3C co-chair Matthias Schunter's acknowledged, we're seeing a proliferation of DNT signals "spraying" into the ecosystem. There is no technical way that we are aware of to differentiate between 1,000,000 DNT:1 flags set by 1,000,000 consumers who want to express a preference or as set by a plug-in or router.
5. The June Draft does not Reflect the Tri-State De-Identification Approach: The June Draft does not fully reflect the tri-state de-identification approach that has evolved through W3C Working Group discussions after the introduction of the June Draft. The Tri-State approach is a method to provide further enhanced user privacy and data protection for limited Permitted Uses. The DAA Proposal provides a superior foundation from which to continue this crucial discussion. It is also worth noting that an outcome of the May 6-8 W3C Face-to-Face was a “Consensus Action Summary,” in which there was agreement to further examine the tri-state approach. That examination, which is well underway, can best be continued with the DAA Proposal. By adding non-normative text and clarifications to the DAA Proposal, we believe we can reach consensus on a standard that improves consumer privacy and allows for innovation in the ad-supported Internet that consumers value. There is work to be done here and we intend to engage with all stakeholders in good faith.
6. The June Draft is Unclear and Conflates Opt-out Mechanisms with DNT (See section 7). As already recognized by other Working Group members, section 7 of the June Draft is confusing, as it is not clear as to the action necessary for an entity to comply with the specification when both a DNT signal and an Opt-Out mechanism is encountered. The DAA Proposal provides clear guidance to an entity on how to comply with the specification when the entity encounters various combinations of DNT signals and Opt-Out mechanisms.
7. NAI looks forward to working with all stakeholders at the W3C TPWG in good faith to further clarify the framework set forth in the DAA Proposal. We thank W3C for this opportunity to comment on the drafts. Consumer choice, responsible collection and use of information, robust competition, and the further development of a diverse, innovative, and dynamic Internet are all important goals and we are eager to build a standard that supports all of these objectives.
|Aleecia McDonald||The procedural issues with this draft are epic. A formal objection is not yet in order, but will be when the decision between these options occurs. In particular, I refer back to the valid proposal I submitted on time, which reflected the consensus of the group, http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0374.html. This proposal was inexplicably dismissed by the co-chairs, despite being fully in order. Meanwhile, the DAA did not follow stated procedures, and has their text considered as if it were a full proposal. We have lost time and momentum, and it is unclear if we have a sufficient path to consensus, but those are issues for another day.|
On substance, with a great deal of additional work issue-by-issue, it is not impossible to make this draft work, perhaps in 2014.
I re-submit comments I posted to the mailing list to no avail, where over a dozen TPWG members worked through the draft text: http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0162.html
I decline to invest further time until I have reason to think anyone other than the DAA has a voice in this process.
|Dan Auerbach||While the June Editor's draft represents a far more legitimate starting point for discussion than the DAA draft both in terms of substance as well as process, the June Editor's draft supplanted our long-standing editor's draft that had carefully tracked issues that have arisen over several years. We must be careful if we adopt the June Editor's draft not to bulldoze over longstanding disagreements but maintain the commitment to rough consensus among the various different interests present in the room.|
As the W3C notes about managing dissent in a process document:
“Groups should favor proposals that create the weakest objections. This is preferred over proposals that are supported by a large majority but that cause strong objections from a few people. As part of making a decision where there is dissent, the Chair is expected to be aware of which participants work for the same (or related) Member organizations and weigh their input accordingly.”
From full comments, available here: http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0381.html
The following persons have not answered the questionnaire:
Send an email to all the non-responders.