See also: IRC log
<aleecia> chair: aleecia, schunter
<aleecia> Compliance is mostly housekeeping with one discussion on consent you might be interested in
<aleecia> specifically, Issue-69, three proposals for what it means to give consent to be tracked. See http://www.w3.org/TR/tracking-compliance/#consent -- do we have any consensus here?
<aleecia> also going through auditing proposal, http://lists.w3.org/Archives/Public/public-tracking/2012Mar/0419.html
<npdoty> a reminder on how to identify yourself: http://www.w3.org/2001/12/zakim-irc-bot.html#callers
<npdoty> and how to get Zakim to remember you in the future
<npdoty> scribenick: jchester2
<NAI> This is Charlie Simon from the NAI - I'm calling in from Skype and cannot associate by phone
<Chris> Chris Mejia from IAB also calling from Skype- cannot associate for phone
<aleecia> We have minutes from 2/29 - 4/4 listed as draft, some of which we've approved on prior calls. If you have any issues with the minutes leading up to the f2f in DC, please raise them. Otherwise, we will approve them.
<npdoty> I still need to do cleanup on our f2f minutes
<npdoty> I plan to do so this week and then I'll send them out
<ifette> are there link to the minutes?
<ifette> the present list is rather lacking...
<aleecia> Review of overdue action items:
<ifette> not sure if we care
<jchester> Looking forward to overdue action items
Ian: present list doesn't reflect all participants
Nick: I'll do clean-up of minutes and attendee list
Ian: referring to 4 April call
Nick: will do clean-up on 4 April.
<npdoty> sorry, yes, I think I need to do some cleanup in order to get the correct Present lists etc. for past teleconference minutes
<aleecia> Action-104, Amy Colando, drafting text for fraud/defense: Even though issue-24 is not closed, I think we can close this action, at least for now. We seem to be working up the stack a layer on permitted uses in general at the moment.
Overdue action items, clean-up. Action 104, Amy on call?
<JC> No she won't join today
<aleecia> Action-120, Alexandros Deliyannis, web-wide exception API: It appears this action is done (see http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0076.html) but issue-113 is still in discussion, I believe. Should we close the action?
<trackbot> ACTION-177 -- Thomas Lowenthal to add an API to let a site request a web-wide exception -- due 2012-04-19 -- OPEN
Alex: identified a problem with issue Item 120 associated with. There is text for Issue 138
Mattias: suggest we close 120 and focus on new issue.
<aleecia> Action-131, Roy Fielding, Use case for user agent requests on tracking status resource: looks like this is still open, could use an update on status.
<npdoty> and a new action, action-177, to do a proposal on the original question
Roy: Action 131 still open. More work coming. Another week.
<trackbot> ACTION-131 -- Roy Fielding to sketch use case for user agent requests on tracking status resource -- due 2012-04-03 -- OPEN
Mattias: we opened a # of actions and we need dates added.
<aleecia> Action-135, Shane Wiley, detail use case for issue-111 (dnt:2): this has been closed and reopened once. I *think* it should now be closed, but will hear from Shane to be sure.
<aleecia> action-135 to move to pending review
Shane: we have draft text on DNT header
Tom: Does pending review status says we have proposed text
... Is this issue still open because we no text for it.
Mattias: We have to put this issue in pending rveiew because there is text.
<npdoty> can someone point us to the text proposal for 135? just having a link in the action would be helpful here
<WileyS> Fair - we have framing text but not proposed final text
<npdoty> so, we can re-assign to Matthias to send out a specific text proposal?
<aleecia> Action-139, Tom Lowenthal, reword "affirmatively clicking" to something more general than clicking: this has been open 6 weeks. Would someone other than Tom be willing to pick it up? Shouldn't be too hard, should get done, but we need to get this out of lingering.
<trackbot> ACTION-139 -- Thomas Lowenthal to improve wording of 3.9 "Meaningful Interaction" to avoid "affirmatively clicking" and make sure that "clicking" is replaced with something more general. -- due 2012-04-04 -- OPEN
<jmayer> Is this ACTION mooted by our new proposal?
Action 139. Reword clicking concept. Looking for more general language. Anyone volunteer to take action on wording?
<jmayer> I don't think we required "clicking" anywhere.
<ifette> ACTION-139 due May 14 2012
<trackbot> ACTION-139 Improve wording of 3.9 "Meaningful Interaction" to avoid "affirmatively clicking" and make sure that "clicking" is replaced with something more general. due date now May 14 2012
<justin> clicking is not required under current def
<aleecia> Action-150, Ninja Marnau, EU legal implications of *: last we heard, Ninja and Shane were working on this together. Status now?
<WileyS> Should add this to new document
<npdoty> "Global Considerations"
WileyS: Question is whether this issue should go to new document---global considerations--move to discussion there. Waiting for developments.
<npdoty> I thought this also had implications for our API design on * vs origin/origin
<trackbot> ACTION-174 -- Ninja Marnau to write up implication of origin/* exceptions in EU context -- due 2012-04-19 -- OPEN
<WileyS> I think that is something different
<aleecia> Action-151, JC Cannon, personalization for logged in: has this been overtaken by new action items from the f2f?
Item 151, JC on personalization for logged in
Aleecia: There are open actions they make this irrelevant says Aleecia. (JC agrees.) 151 closed.
<aleecia> Action-152, Shane Wiley, logged in means consent: has this been overtaken by new action items from the f2f?
<aleecia> Action-156, Heather West, change to "permitted uses" and "user granted exceptions": Heather's done some editorial work, this may be done. Status?
<WileyS> We have draft text before the group
Same for 152.
<WileyS> Open item is for non-normative text to be drafted with Justin
<npdoty> well, we have text from Shane on 152, we can just make that pending review/closed because Shane has completed it
<WileyS> Nick, Justin and I owe the group non-normative text to support the normative text with examples
Action 156. Heather and Erica has done a lot of work--very close to done.
<aleecia> Action-107, Amy Colando, action is closed with a no text proposal
<aleecia> Action-123, Jeff Chester, response to 1st/3rd proposal: closed, as per WG call prior to f2f
<aleecia> Action-124, Amy Colando, draft alternate 1st/3rd proposal: closed, likewise overtaken by events
<aleecia> Action-141, Rigo Wenning, text around user agents and consent: leaving open, untouched. Rigo completed this action, to a bit of disagreement on the list. I think Rigo will not be able to make the call. We should pick this topic up and see if we can get a resolution on the next call he joins.
<aleecia> Action-162, Erica Newland, remove note from section 5.3 now that we have consensus: status?
<aleecia> Action-165, Ian Fette, geoloc compliance, non-normative text: status?
<npdoty> WileyS, is that action 179? or should we open a new action on justin regarding that?
<aleecia> Action-166, Heather West, updating text on "collection" &c: status?
<trackbot> ACTION-165 -- Ian Fette to draft example text around using the Geolocation API for non-normative text on "Geolocation compliance" section in Compliance -- due 2012-04-18 -- OPEN
<ifette> ACTION-165 due April 25 2012
<trackbot> ACTION-165 Draft example text around using the Geolocation API for non-normative text on "Geolocation compliance" section in Compliance due date now April 25 2012
Action-165. Status request for Ian
Ian: need another week.
Aleecia: We can change requirement for F2F so we have six weeks, rather 8 weeks, notice.
<WileyS> Objection - we need 8 weeks
<Chapell> eight weeks would be much better
<Chris> agree with Shane; 6-weeks is very short notice
<NAI> agree with Shane et al. - please leave at eight weeks.
<Chris> 8-weeks is also tight, but doable
<rvaneijk> Aleecia, have you had contact with DG INFSO ?
<jchester> I think we need to meet earlier so we can show public we are making serious progress.
<JC> I can't make Europe trip
<fielding> CA, please
<WileyS> Aleecia, you have multiple folks on the chain saying they need 8 weeks. No way I can do Brussels again in 8 weeks.
<rvaneijk> West coast works for me too.
<hwest> I can't make early June
<jmayer> The EU deadline for DNT is June.
<johnsimpson> europe looks very difficult
<johnsimpson> zakim mute me
<jmayer> Seriously, you can't plan travel six weeks in advance?
<WileyS> I have travel planned for the next 6 weeks already.
<ifette> jmayer, the problem isn't finding flights or hotels, the problem is that people have exisitng commitments
<aleecia> Action-56, Kevin Trilli, auditing compliance text. In DC we did not take this up because people had not had time to review the proposal. If Kevin or Alex are on the call, I will ask for a summary of their proposal for issue-21: http://lists.w3.org/Archives/Public/public-tracking/2012Mar/0419.html [I'm particularly confused by "TSLs"; I think this is just a very bad name space collision.]
<jmayer> ifette, that's a date issue
<jmayer> Fix: float several dates in June
<ifette> jchester, sorry -- I asked Zakim who was making noise and it pointed to an unidentified number which turned out to be you. Nothing personal.
<WileyS> Don't well known URIs and Response Headers cover this?
<aleecia> tom, pointer?
<scribe> unknown: There are mechanisms for audit and monitoring to ensure compliance. Removing from spec doesn't may sense. Enabling may statement. Linkage in user agent.
UNKNOWN_SPEAKER: Having organaizations providing list of compliant DNT players
<tl> aleecia, what are you asking for a pointer to?
<johnsimpson> Kevin, Do you have text?
Tom: there isn't need for additional auditing compliance in the spec.
<npdoty> I think the proposal was for a field to indicate that a particular authority has done a particular type of auditing.
Tom: no objection to adding field or set of fields for auditing. Doesn't think much more addition needed here.
<rvaneijk> You could probably also use the DNT-extension for audit
<WileyS> "enjoys auditing" :-)
Tom: We need to ask whether this is needed in version 1.
<WileyS> Sounds like TPLs again <cringe>
Alex: Clarification. This proposal is focused on external entity that you trust and have a mechanism on user agent to bring in a third party.
<johnsimpson> Is there text on this?
<aleecia> TPLs was a crazy naming problem, imho
<aleecia> text is still: http://lists.w3.org/Archives/Public/public-tracking/2012Mar/0419.html
Jonathan: there will be a # of methods that can be used for auditing and what's needed will shift over time.
... We should say silent on this issue, but can have a best practices doc.
<Chapell> +1 to Mayer - we should stay silent on the specs around auditing and consider having an outside document around best practices
<fielding> It would not be difficult to add an optional field "auditor" with link as value even if it is not included in version 1
<tl> fielding, Exactly.
<npdoty> +1 to fielding, a link is easy and can provide validation if you de-reference it
<jmayer> Then this seems a TPE issue.
<tl> Agreed, jmayer.
Tom: Nothing stopping auditors and parties working out what should be in uri.
<fielding> we don't need name
Tom: propose we add 2 fields to the spec--auditor name and auditor uri.
<schunter> We need to allow multiple auditors.
<jmayer> schunter, ok, auditor array
Kevin: agree that will be sufficient as baseline.
<npdoty> fielding, agreed, auditor URI should make it easy for interested user agents to determine the auditor's real world name
<WileyS> Agreed - Yahoo! has multiple auditors that are attached to practices that may stem from DNT activities (DNT itself, financial audits, etc.)
<tl> I have no objection for an array of URIs.
<tl> yes, action me
<fielding> jmayer, yep -- an array makes sense
This belongs in TPE spec as well. Tom will do next pass on this issue and check with Kevin.
<Chris> there are multiple auditors already working in this space, on the advertising front
<npdoty> ACTION: lowenthal to draft specific field proposal for optional auditors (with Kevin) [recorded in http://www.w3.org/2012/04/18-dnt-irc]
<trackbot> Created ACTION-185 - Draft specific field proposal for optional auditors (with Kevin) [on Thomas Lowenthal - due 2012-04-25].
<aleecia> Action-61, Tom Lowenthal, public commitments: we were postponing issue-45 until we had greater clarity on the TPE aspects of the response. Are we ready to pick this all back up again?
<trackbot> ACTION-61 -- Thomas Lowenthal to write no-change proposal for ISSUE-45 -- due 2012-02-03 -- CLOSED
<fielding> tl, then we should call it "audits"
<trackbot> ISSUE-45 -- Companies making public commitments with a "regulatory hook" for US legal purposes -- pending review
Tom: believe this issue is almost resolved. His action-61 is closed.
<npdoty> we're talking about http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#enforcement
<justin> That non-normative addition would be a good idea.
<justin> I can do it
Jonathan: by having response header, also fulfilled requirement.
<npdoty> action-186: related to issue-45
<jmayer> My thoughts on a consent standard, if the group gets there, are on the list.
<justin> OK, will send to you after I revise.
<npdoty> action-186: tl has volunteered to help, and has opinions
Tom will work with Justin on this.
<aleecia> Action-49, Shane, about permitted uses. I think the definitions proposed here are already incorporated in the two major proposals, though I also think we heard from Rob that tighter definitions would be quite helpful. Suggestion: we close this action and review text as part of the proposals.
<trackbot> ACTION-49 -- Shane Wiley to propose what the operational carve-outs for 188.8.131.52.1 (e.g. debugging by 3rd party) are -- due 2012-01-31 -- PENDINGREVIEW
<WileyS> Agreed - modifying/adding non-normative text now
<rvaneijk> I sent WileyS a mail, will wait for that.
<aleecia> Action-72, Kathy Joe, text for issue-25, issue-74 on permitted uses: this action is done, but I think this is getting folded into the larger proposals. There's no "postponed" state for actions, and I don't want to close it quite yet -- leaving it as pending review seems the least wrong option this week.
<rvaneijk> s/crusial/would be quite helpful/
<trackbot> ACTION-72 -- Kathy Joe to review aleecia's draft on issue-25, issue-74 -- due 2012-02-06 -- PENDINGREVIEW
Having discussions on higher level on permitted uses.
<aleecia> Action-137, Tom Lowenthal, targeting based on registration: listed as pending review but does not link to an email thread. Status?
<trackbot> ACTION-137 -- Thomas Lowenthal to draft alternate proposal on first-party targeting based on registration information -- due 2012-03-10 -- PENDINGREVIEW
<aleecia> so action-72 goes to open
<aleecia> and action-137 goes to closed
Tom: we can close this item.
<aleecia> Action-73, action-74, action-76, action-77, action-78: these were the five views from Belgium (remember to forget me, etc.) Several of them have been incorporated in other ways. I suggest we close these now.
<WileyS> Agreed - these can be closed as the text is already in the proposals
<johnsimpson> you can close these. we are beyond that
Agreement we can close these five.
<aleecia> Issue-99, How does DNT work with Identity providers: I think we're in broad agreement that identity providers are not first parties. Looking to make sure I am correct, and looking for someone to take an action item to write this down.
<hwest> I'm not sure that was the sense of the group, but I haven't been paying as close attention
<npdoty> aleecia: I think we have agreement that identity providers aren't first parties, just need to write this down?
<WileyS> Unless they somehow obtain explicit, informed consent - I believe we all agree they are 3rd party outside of the specific logging transaction
<WileyS> Agree with what Tom just said.
Tom: Identity providers can be both 1st and 3rd party.
<hwest> tl, happy to help/take a look at that.
<jchester> I would also like to help on this.
<aleecia> Issue-88, different rules for ad impressions and interactions: I do believe we can close this as "yes." Impressions -> 3rd party, interactions -> 1st party.
<ifette> ACTION: lowenthal to write text for ISSUE-99 around identity providers as first or third parties, DUE May 5 2012 [recorded in http://www.w3.org/2012/04/18-dnt-irc]
<trackbot> Created ACTION-187 - Write text for ISSUE-99 around identity providers as first or third parties, DUE May 5 2012 [on Thomas Lowenthal - due 2012-04-25].
<ifette> ACTION-187 due May 5 2012
<trackbot> ACTION-187 Write text for ISSUE-99 around identity providers as first or third parties, DUE May 5 2012 due date now May 5 2012
<npdoty> action-187: heather and jeff both volunteered to help review
<trackbot> ACTION-187 Write text for ISSUE-99 around identity providers as first or third parties, DUE May 5 2012 notes added
Agreement on issue 88. closed
<aleecia> Issue-69, three proposals for what it means to give consent to be tracked. See http://www.w3.org/TR/tracking-compliance/#consent -- do we have any consensus here?
<aleecia> The term “affirmative, informed consent” is used throughout this document. While this terminology may ultimately be modified, some options for explaining the underlying idea are presented below:
<aleecia> 3.9.1 Option 1
<aleecia> "Affirmative, Informed Consent to be Tracked" means consent given by an affirmative action such as clicking a consent box in response to a clear and prominent request to ignore a "Do Not Track" setting that is distinct and separate from any other notifications or requested permissions.
3 proposals slightly different suggestions for what needed for affirmative informed consent.
<aleecia> 3.9.2 Option 2
<aleecia> "Affirmative, Informed Consent to be Tracked" has been obtained when a mechanism to provide for or facilitate the acquisition and storage of permission to ignore the header has been made available to the user and the user has meaningfully interacted with the mechanism in a way that makes clear her intent to grant this permission.
<aleecia> 3.9.3 Silence
<aleecia> The hope is that this option will ensure consistency with EU regulations; it may not unless notice is included.
<aleecia> No definition, other than explicitly leaving the definition of consent to local rules.
<ifette> not EU regulations but local regulations
<WileyS> In discussion we're using "explicit, informed consent" and Justin and I have an action to backfill this with non-normative text
<ifette> I am still suggesting silence as an option
<WileyS> +1 for Silence
Aleecia: does anyone have a suggestion? silence is an option.
<hwest> +1 silence
<npdoty> "The term "affirmative, informed consent" is used throughout this document." ... but then it isn't used throughout the document?
<jchester> I don't think we should rely on such proposals as local approach that would allow silence.
<npdoty> WileyS, agree, if we're just talking about consent for out-of-band override of DNT header, I thought Justin was writing up "explicit, informed consent" with you
<rvaneijk> The FTC has been very specific on affirmative and explicit consent
<WileyS> First choice is "silence" on this topic and allow legal frameworks to determine what is valid user consent.
<WileyS> Second choice is the text I'm working with Justin on
Tom: agree with Mattias. We should define consent standard for DNT.
<johnsimpson> Agree with Matthias and Tom. Need a standard in the spec.
<justin> Can we park this until WileyS and I have a proposed alternative?
<npdoty> +1 to justin
<rvaneijk> FTC uses "Express affirmative consent"
There is need for concrete proposals.
<justin> We have proposals, but discussions have pushed us in a new (consensus!) direction
<justin> No . . .
Shane: suggest another approach--speak to valid user consent. Use global compliance doc to go into detail. Rather than construct new psuedo legal construct.
Tom: we aren't creating a new legal construct that is part of rule system we are constructing.
<WileyS> But the URI doesn't attempt to set rules on what is a valid representation - the consent discussion does
<fielding> I suggest that if we define consent, we should also define browser UI
There is additional work to be done and we will all review.
<aleecia> Housekeeping changes - again please let me know if I got anything wrong:
<aleecia> Issue-28 was closed adopting the text from action-58; closed action-58.
<tl> WileyS, The URI specifies what you can and can't put in it.
<aleecia> Issue-6 was closed; closed action-101 to revise issue-6.
<WileyS> Tom, Only very broadly, if the Consent definition is equally "very broad" then we may be okay
<aleecia> Action-103, Frank Wagner, EU controller v. data processor language: this action is done. We've agreed to move the text to the Global Considerations document. Closed action-103, added an action against me to migrate the text from issue-14 into the (does not exist yet) Global Considerations text.
<aleecia> Issue-26, providing data to 3rd parties and consent: comments say we closed it and why, yet it remained open. Closed now.
<WileyS> Tom, That may be too detailed as that prescribes a specific UI treatment
<WileyS> Tom, Wait to see our proposed text and see if we can find the consensus line here
<tl> WileyS, Agreed.
schunter: Please check the issue tracker--everything should be up to date.
<trackbot> ISSUE-59 -- Should the first party be informed about whether the user has sent a DNT header to third parties on their site? -- open
<ifette> yes :)
<tl> Resolved by JS API, no?
No one has proposed anything in this area. Proposal to close unless people comment.
<fielding> tl, we would need an example in spec
Shane: this requires polling on every single user sessions, so they have proposed under Issue-111, would give first party info that is poll worthy occuring.
<npdoty> in that case, do we need two different issues for this?
Ian: this is connected to issues related to site and web-wide exceptions.
<WileyS> Web-Wide, Site-Wide, and possibly "Site-Specific"
<npdoty> agree to close 59
Matthias: suggest we continue this discussion on Item-111
<npdoty> we have agreement, for example, that the first party is getting a header
<johnsimpson> works for me
<ifette> ISSUE-111: subsumes issue 59
<trackbot> ISSUE-111 Signaling state/existence of site-specific exceptions notes added
<npdoty> tl, are you chairing this call?
Roy: Issue-137 is part of incorporating action involving tl.
<npdoty> fielding, which action is it that should be attached to issue-137?
<npdoty> +1 to everyone busy working on the spec :)
<trackbot> ISSUE-138 -- Web-Wide Exception Well Known URI -- closed
Alex: Issue 138 may be marked as closed, can we please review.
<WileyS> Alex, agreed - this should be at pending review, correct?
Aleecia: we are be sent Doodle poll for next F2F. By Friday response.
<Chris> September is good
<WileyS> LOL - a bit of a gross overstatement :-)
<rvaneijk> Also, the EU is going to decide if DNT is going to lead to compliance or not... in JUNE...
<alex> Yes issue-138 should be pending review
<rvaneijk> ... and currently it doesn't.
<WileyS> Perhaps the EU will need to give the working group a few more months rather come up with arbitrary deadlines
Aleecia: We need last call doc out for review, so we need a final f2f
<npdoty> +1 to alex, i think issue-138 is distinct
<rvaneijk> WileyS, the deadline has been there for a year now.
<jchester> We need to meet and deliver to global public a meaningful W3C DNT system. We need to meet soon for f2f.
<aleecia> Personally, I'd also like to get my life back. Perhaps others agree...
<WileyS> Agreed - but the work may take longer than 1 year. What was so magical about 1 year?
<aleecia> we're already slipping past that 1 year
<npdoty> schunter: will clean this up, add more text from the email itself, move to pending review
<WileyS> Aleecia, I'm more concerned with "getting it right" than getting my life back - as if we don't get it right, I'll lose more of my life longer-term
tl: have we agreed to permit unidentified users on call?
<rvaneijk> WileyS, The industry now needs, by this June, to develop and deliver a standard that governs the consequences when a user does select not to be tracked, and meets other key features (http://blogs.ec.europa.eu/neelie-kroes/usa-do-not-track/#more-1488)
<WileyS> Rob, the difficulty is that this process isn't led by "industry" therefore the delay