15:52:03 RRSAgent has joined #dnt 15:52:03 logging to http://www.w3.org/2012/05/30-dnt-irc 15:52:11 Zakim has joined #dnt 15:52:15 Zakim, this will be dnt 15:52:15 ok, aleecia, I see T&S_Track(dnt)12:00PM already started 15:52:25 chair: aleecia 15:52:28 npdoty has joined #dnt 15:52:41 Zakim, who is on the phone? 15:52:41 On the phone I see aleecia, npdoty 15:52:50 regrets+ schunter, chester, sstamm 15:52:53 hi Nick! 15:52:59 setting up the agenda 15:53:06 agenda? 15:53:26 +eberkower 15:53:26 agenda+ Selection of scribe 15:53:29 + +1.781.472.aaaa 15:53:35 rrsagent, make logs public 15:53:38 rrsagent, pointer? 15:53:38 See http://www.w3.org/2012/05/30-dnt-irc#T15-53-38 15:53:38 646 654 is eberkower 15:54:07 yay! 15:54:40 agenda+ Any comments on minutes, http://www.w3.org/2012/05/09-dnt-minutes and http://www.w3.org/2012/05/16-dnt-minutes 15:54:54 Zakim, aaaa is samsilberman 15:54:55 +samsilberman; got it 15:54:59 agenda+ Quick check that callers are identified 15:55:02 alex has joined #dnt 15:55:14 agenda+ Review of overdue action items: https://www.w3.org/2011/tracking-protection/track/actions/overdue 15:55:18 efelten has joined #dnt 15:55:36 agenda+ Reminders on f2f dates 15:55:40 +efelten 15:55:52 BrendanIAB has joined #dnt 15:55:56 agenda+ Introduction of http://www.w3.org/2011/tracking-protection/global-considerations.html 15:56:16 +hefferjr 15:56:22 agenda+ Revisit action-190 (Allowed uses of protocol data in first N weeks 15:56:41 agenda+ Initial discussion around new issue-148, What does DNT:0 mean? 15:57:00 agenda+ Initial discussion around new issue-149, Compliance section for user agents 15:57:07 + +1.919.388.aabb 15:57:08 +yosuke 15:57:17 Zakim, who is on the phone? 15:57:17 On the phone I see aleecia, npdoty, eberkower, samsilberman, efelten, hefferjr, +1.919.388.aabb, yosuke 15:57:30 agenda+ If we time allows, Roy has proposed a new text for what "collection" should mean (action-166) 15:57:56 Anna has joined #dnt 15:58:30 aclearwater has joined #dnt 15:58:31 Zakim, yosuke is really BrendanIAB 15:58:31 +BrendanIAB; got it 15:58:35 agenda+ Announce next meeting & adjourn 15:58:37 Zakim, aabb is Anna_Long 15:58:37 +Anna_Long; got it 15:58:39 agenda? 15:59:11 Meeting: Tracking Protection Working Group teleconference 15:59:14 +??P48 15:59:14 chair: aleecia 15:59:19 WileyS has joined #DNT 15:59:20 agenda: http://lists.w3.org/Archives/Public/public-tracking/2012May/0308.html 15:59:34 + +49.431.98.aacc 15:59:41 Chris_IAB has joined #dnt 15:59:43 +aclearwater 15:59:52 Chris Mejia of the IAB just joined via Skype 15:59:56 ninjamarnau has joined #dnt 16:00:08 sorry, have to stay on mute as I'm in a conference at FTC 16:00:15 Zakim, ??P48 is Chris_IAB 16:00:15 +Chris_IAB; got it 16:00:22 Joanne_ has joined #DNT 16:00:23 In email, the agenda has two number three items. Sorry about that. 16:00:36 Hi Chris, thanks for the note. I'm glad you can listen in. 16:00:45 +WileyS 16:00:49 vincent_ has joined #dnt 16:00:53 +Joanne 16:01:01 + +1.202.496.aadd 16:01:21 +??P62 16:01:33 +??P63 16:01:35 vinay has joined #dnt 16:01:42 npdoty, could be me. not sure 16:01:44 +[Google] 16:01:45 Zakim, P62 is schunter 16:01:45 sorry, schunter, I do not recognize a party named 'P62' 16:01:52 Zakim, next agendum 16:01:52 agendum 1. "Selection of scribe" taken up [from aleecia] 16:01:56 ifette has joined #dnt 16:01:56 Zakim, ??P62 is schunter 16:01:56 +schunter; got it 16:01:59 +jmayer 16:02:03 Zakim, aacc is ninjamarnau 16:02:03 +ninjamarnau; got it 16:02:05 zakim, P63 is vincent_ 16:02:05 sorry, vincent_, I do not recognize a party named 'P63' 16:02:06 jmayer has joined #dnt 16:02:07 Zakim, who's on the phone? 16:02:07 On the phone I see aleecia, npdoty, eberkower, samsilberman, efelten, hefferjr, Anna_Long, BrendanIAB, Chris_IAB, ninjamarnau, aclearwater, WileyS, Joanne, +1.202.496.aadd, 16:02:07 ... schunter, ??P63, [Google], jmayer 16:02:12 scribenick: ninjamarnau 16:02:13 +vinay 16:02:14 Zakim, Google has ifette 16:02:15 +ifette; got it 16:02:17 zakim, ??P63 is vincent_ 16:02:17 +vincent_; got it 16:02:17 Zakim, next agendum 16:02:18 agendum 1 was just opened, npdoty 16:02:25 Zakim, close agendum 1 16:02:25 agendum 1, Selection of scribe, closed 16:02:25 I see 10 items remaining on the agenda; the next one is 16:02:25 2. Any comments on minutes, http://www.w3.org/2012/05/09-dnt-minutes and http://www.w3.org/2012/05/16-dnt-minutes [from aleecia] 16:02:29 Zakim, take up agendum 2 16:02:32 agendum 2. "Any comments on minutes, http://www.w3.org/2012/05/09-dnt-minutes and http://www.w3.org/2012/05/16-dnt-minutes" taken up [from aleecia] 16:02:37 justin has joined #dnt 16:02:42 aleecia: first item: Comments on the minutes? 16:02:55 q+ 16:03:01 ack npdoty 16:03:07 +bilcorry_ 16:03:16 +alissa 16:03:20 hwest has joined #dnt 16:03:33 + +1.408.423.aaee 16:03:35 ... if names and institutions should be changed, please contact us. 16:03:43 +hwest 16:03:46 from last week and just posted last night, these minutes are also available http://www.w3.org/2012/05/23-dnt-minutes 16:03:49 fielding has joined #dnt 16:03:51 Zakim, take up agendum 3 16:03:51 agendum 3. "Quick check that callers are identified" taken up [from aleecia] 16:04:11 Zakim, take up agendum 4 16:04:11 agendum 4. "Review of overdue action items: https://www.w3.org/2011/tracking-protection/track/actions/overdue" taken up [from aleecia] 16:04:29 +fielding 16:04:31 ... item: overdue action items: 16:04:38 ACTION-187 due 2012-06-06 16:04:38 ACTION-187 Write text for ISSUE-99 around identity providers as first or third parties, DUE May 5 2012 due date now 2012-06-06 16:05:11 aciton-196 due today 16:05:18 action-196 due today 16:05:18 ACTION-196 Draft text on whether url shorteners are first or third parties due date now today 16:05:40 action-160? 16:05:40 ACTION-160 -- Peter Eckersley to work with Shane on common ground on unlinkability normative/non-normative text -- due 2012-05-23 -- OPEN 16:05:40 http://www.w3.org/2011/tracking-protection/track/actions/160 16:06:09 Chris_ has joined #dnt 16:06:13 johnsimpson has joined #dnt 16:06:22 +hefferjw 16:07:02 Chris_PedigoOPA has joined #dnt 16:07:12 already updated 16:07:15 ACTION-187? 16:07:15 ACTION-187 -- Ian Fette to write text for ISSUE-99 around identity providers as first or third parties, DUE May 5 2012 -- due 2012-06-06 -- OPEN 16:07:15 http://www.w3.org/2011/tracking-protection/track/actions/187 16:07:16 need 1 week 16:07:17 +johnsimpson 16:07:21 action: Wiley to follow-up with Peter or otherwise post current draft to the list for Unlinkability due 6/4 16:07:21 Created ACTION-207 - Follow-up with Peter or otherwise post current draft to the list for Unlinkability due 6/4 [on Shane Wiley - due 2012-06-06]. 16:07:21 Nick, how do we get ISSUE 143 on the agenda for a call before our next face-to-face; industry feels this is a critical component for consumer education and for industry to comply... 16:07:22 WileyS: Action 160 will be drafted soon. Probably until Monday. Working together with Peter. 16:07:56 tedleung has joined #dnt 16:07:58 apologies for joining late. very heavy traffic even for southern california... 16:08:28 +tedleung 16:08:30 Chris_IAB, let's follow up with the chairs offline for agenda issues 16:08:37 +Chris_PedigoOPA 16:08:48 + +1.215.286.aaff 16:08:52 susaisrael has joined #dnt 16:09:10 susanisrael has joined #dnt 16:09:17 I'm about a quarter of the way through the document 16:09:23 aleecia: action 178 - WileyS and Tom wanted to draft something that includes the two proposals. Tom was not able to do this and dropped out of it. I asked some people to step in. In the meantime WileyS and I started working on this. 16:09:28 I'm still hoping to have it out by the end of the week 16:09:32 kj has joined #dnt 16:09:36 dsinger has joined #dnt 16:09:38 ... action 178 can be closed unless someone steps in. 16:09:39 Aleecia - I have in IRC :-) 16:09:41 Great, let's talk on friday 16:10:06 bilcorry has joined #dnt 16:10:08 zakim, aaee is [Apple] 16:10:08 +[Apple]; got it 16:10:14 zakim, [Apple] has erikn 16:10:14 +erikn; got it 16:10:18 Zakim, mute me 16:10:18 bilcorry_ should now be muted 16:10:20 zakim, [Apple] has dsinger 16:10:20 +dsinger; got it 16:10:21 action-150? 16:10:21 ACTION-150 -- Ninja Marnau to analyse EU legal implications of exceptions to (thissite, *) -- due 2012-05-04 -- OPEN 16:10:21 http://www.w3.org/2011/tracking-protection/track/actions/150 16:10:43 action-174? 16:10:43 ACTION-174 -- Ninja Marnau to write up implication of origin/* exceptions in EU context -- due 2012-05-04 -- OPEN 16:10:43 http://www.w3.org/2011/tracking-protection/track/actions/174 16:10:57 Zakim, who is on the call? 16:10:57 On the phone I see aleecia, npdoty, eberkower, samsilberman, efelten, hefferjr, Anna_Long, BrendanIAB, Chris_IAB, ninjamarnau, aclearwater, WileyS, Joanne, +1.202.496.aadd, 16:11:01 ... schunter, vincent_, [Google], jmayer, vinay, bilcorry_ (muted), alissa, [Apple], hwest, fielding, hefferjw, johnsimpson, tedleung, Chris_PedigoOPA, +1.215.286.aaff 16:11:01 [Google] has ifette 16:11:01 [Apple] has dsinger 16:11:06 ninjamarnau: apology, was too busy for the last 5 weeks. would probably need 1 more week 16:11:23 Zakim, bilcorry_ is me 16:11:23 +bilcorry; got it 16:11:30 aleecia: okay, but if we can't do this in one more week we may have to close these issues 16:11:42 action-150 due 6/6 16:11:43 ACTION-150 Analyse EU legal implications of exceptions to (thissite, *) due date now 6/6 16:11:56 action-174 due 6/6 16:11:56 ACTION-174 Write up implication of origin/* exceptions in EU context due date now 6/6 16:12:14 susan israel is also on the call 16:12:17 FYI TO ALL: the IAB will be hosting a DNT education and feedback industry event on June 12th in NYC. We have invited Aleecia to present in her capacity as co-chair to this working group (still waiting for a reply); Shane Wiley will be presenting (confirmed); Mozilla was also invited (waiting for confirmation); industry panel will discuss implementation issues; If you are interested in attending this event or would like more info, please email chris.mejia@iab 16:12:28 aleecia: Action 170 on hwest? 16:12:33 is it still needed? 16:12:50 hwest: I need one more week. They are in progress. 16:13:09 ... I still want to include some changes 16:13:14 action-179? 16:13:14 ACTION-179 -- Shane Wiley to draft section on seriousness of the request for a user-granted exception (with ninja) -- due 2012-04-19 -- OPEN 16:13:14 http://www.w3.org/2011/tracking-protection/track/actions/179 16:13:17 Draft already sent 16:13:32 action-179 pending review 16:13:52 zakim, who is on the call? 16:13:52 On the phone I see aleecia, npdoty, eberkower, samsilberman, efelten, hefferjr, Anna_Long, BrendanIAB, Chris_IAB, ninjamarnau, aclearwater, WileyS, Joanne, +1.202.496.aadd, 16:13:56 ... schunter, vincent_, [Google], jmayer, vinay, bilcorry (muted), alissa, [Apple], hwest, fielding, hefferjw, johnsimpson, tedleung, Chris_PedigoOPA, +1.215.286.aaff 16:13:56 [Google] has ifette 16:13:56 [Apple] has dsinger 16:13:57 aleecia: Action 179 should go to pending review 16:14:17 zakim, aaff is susanisrael 16:14:17 +susanisrael; got it 16:14:17 Zakim, aaff is susanisrael 16:14:18 sorry, npdoty, I do not recognize a party named 'aaff' 16:14:35 Zakim, aadd is Dan_Caprio 16:14:35 +Dan_Caprio; got it 16:15:05 Zakim, next agendum 16:15:07 agendum 2. "Any comments on minutes, http://www.w3.org/2012/05/09-dnt-minutes and http://www.w3.org/2012/05/16-dnt-minutes" taken up [from aleecia] 16:15:18 Zakim, take up agendum 5 16:15:18 agendum 5. "Reminders on f2f dates" taken up [from aleecia] 16:15:22 https://www.w3.org/2002/09/wbs/49311/tpwg-belle-f2f/ 16:15:23 link for face-to-face registration? 16:15:27 can you please post? 16:15:37 aleecia: reminders for the face2face. Please register your coming. We need a sense of how many people will join and observe. 16:15:55 got it- jinkx! 16:15:57 jinx 16:16:09 thanks guys 16:16:10 Thanks for the rich discussion of press attendance! 16:16:12 ... same policy as last time. as long as there is space, we wont turn away observers. 16:16:29 ... want to talk about the compliance side 16:16:49 aleecia: haven't turned anyone away except for members of press 16:16:53 ... some people came up with proposals to bridge the gap. 16:17:18 The chairs just unilaterally announced that press cannot attend the next meeting. I continue to strongly object. 16:17:33 +[Microsoft] 16:17:37 ... if you have proposals please get in touch with me before the f2f, so I can prepare the agenda. 16:17:55 JC has joined #DNT 16:18:02 Aleecia/Nick- please contact me offline about compliance and the agenda for face-to-face; industry may have a proposal to present 16:18:37 q? 16:18:52 just lost alecia 16:18:57 dsriedel has joined #dnt 16:19:09 Apple's insane press policy has induced a race to the bottom on transparency. Awesome. 16:19:12 -johnsimpson 16:19:26 bridge just failed.... 16:19:26 ' 16:19:31 Ract to the bottom is a bit extreme 16:19:35 +dsriedel 16:19:41 ... Regarding the press issue. We discussed on the mailing list that we have people who are not allowed to speak with press present. thhis is a pretty strong argument against press. 16:19:44 There is plent of transparency 16:20:13 Zakim, take up agendum 6 16:20:13 agendum 6. "Introduction of http://www.w3.org/2011/tracking-protection/global-considerations.html" taken up [from aleecia] 16:20:13 http://www.w3.org/2011/tracking-protection/global-considerations.html 16:20:15 +johnsimpson 16:20:18 Having the press present would have a substantial chilling effect on free discourse, as well, even without corporate restrictions 16:20:28 back on call 16:20:31 zakim, mute me 16:20:31 dsriedel should now be muted 16:20:43 Chapell has joined #DNT 16:21:08 WileyS: Aleecia, can you share what the status of the document of global considerations is? 16:21:27 what is the status of this document? (Normative or Informative?) I assume Informative? 16:21:30 WileyS: curious about process, how to include text, Yahoo! folks interested in contributing 16:21:39 dsinger, JC - I didn't hear any substantive engagement on ways to accomodate press with limited quoting and attribution. Participants just regurgitated the "chilling effects" talking point. 16:22:22 Sounds good - thank you 16:22:43 Happy to support formal briefings 16:22:45 I see no upside at all to having press present. None. Perhaps we could hear some? IMHO we are much better off briefing them. 16:22:59 aleecia: possible to publish as a note 16:23:12 aleecia: We had things moving when we moved parts from the compliance doc to the global considerations doc. Everyone is welcome to participate. We have a separate mailing list for this document. I do not have particular strong opinion of people not in the working group taking part. But they should have read the intellectual property policy of W3C. 16:23:35 q+ 16:23:44 ack npdoty 16:23:48 is the considerations list address published? 16:23:50 I explained the substantial benefits on the mailing list. Again none of the industry participants engaged. 16:23:53 http://www.w3.org/2011/tracking-protection/global-considerations.html 16:23:56 q+ 16:24:23 it was not announced on our list 16:24:24 why are we on a separate list? 16:24:27 same here. didn't know there was a list 16:24:28 npdoty: that separate mailing list was not used until now. 16:24:57 aleecia: It does make sense to advertise the mailing list publicly on the DNT mailing list. 16:24:58 can we stay on one list unless the traffic gets unmanageable? 16:25:12 or if I did there was i forgot about it 16:25:31 is there at least one instance of such a person? 16:25:32 dsinger, *gets* unmanageable? 16:25:45 ack dsinger 16:26:05 ... as long as only a subset of people is interested, separate mailing lists are the preferred way. 16:26:15 aleecia: intended to be an informative document 16:27:06 q? 16:27:18 aleecia: help, pinpointers for international implementation. Not meant to create new requirements. 16:27:30 -Dan_Caprio 16:27:33 ifette has joined #dnt 16:27:41 the intended separate list (without any activity) for global considerations discussion was/is: http://lists.w3.org/Archives/Public/public-tracking-international/ 16:28:06 I apologize that that wasn't announced on public-tracking; I thought it was and I'll do so today 16:28:15 Zakim, take up agendum 7 16:28:15 agendum 7. "Revisit action-190 (Allowed uses of protocol data in first N weeks" taken up [from aleecia] 16:28:18 ACTION-190? 16:28:18 ACTION-190 -- Ian Fette to write up proposal for allowed uses for protocol data in the first N weeks -- due 2012-05-02 -- PENDINGREVIEW 16:28:18 http://www.w3.org/2011/tracking-protection/track/actions/190 16:28:21 http://lists.w3.org/Archives/Public/public-tracking/2012May/0299.html 16:28:53 ... ACTION 190 on protocol data. There was discssion on the mailing list. 16:29:46 Proposal in DC was that data must be moved to "unlinkable" within this abitrary time period 16:30:03 I'm not supporting that - that was the proposal 16:30:20 ... there was confusion on first parties. The six weeks deadline is meant to figure out what kind of data the party has, and if DNT applies. 16:30:35 +q 16:30:42 Unlinkable is a subset of compliant, not sure there's an argument here. 16:30:46 ack WileyS 16:30:49 q+ 16:31:46 +q 16:31:54 ack ifette 16:31:56 is the suggestion that we could put in this draft text and know that we may have to update it depending on the outcome of compliance discussions? 16:31:58 WileyS: We need to define the permitted uses before this. Can I come back to this topic when we know more about what compliance means? 16:32:40 Justin, agreed - unlinkability moves data outside of the scope of DNT so its a bit of red herring. We should simply state this and move on. The focus now should be what is permitted outside of "unlinkability" 16:33:42 ifette: We figured it could be hard for people to comply with DNT from day 1. Original proposal was to extend the time to figure out what you need to do to comply and be able to prove this in an audit. 16:34:03 ack jmayer 16:36:09 +q 16:36:12 jmayer: I think we have different opnions on restrictions on collection. We have some agreement on data minimization and the idea of permitted uses. 16:36:16 ack WileyS 16:37:27 erikn has joined #dnt 16:37:29 jmayer: and even on the lenient side of data minimization or collection, it could still help to get implementation to have a 6-week grace period 16:37:31 WileyS: We talk about this time frame before permitted uses. I try to figure out what these 6 weeks buy me. 16:37:32 q+ 16:37:36 Chapell has joined #DNT 16:37:55 +q 16:38:09 ... what is the physical implication of this time frame? 16:38:11 ack jmayer 16:38:26 I'm still confused as to whether this proposal is just about temporary logging (as aleecia suggests) or for a temporarily broader set of permitted uses (as I suggested). 16:39:04 q+ 16:40:08 So this IS an arbitrary data retention limit :-) 16:40:17 Joanne has joined #DNT 16:40:18 Aleecia - care to comment? 16:40:24 jmayer: The 6 week time frame - we set a minimum retention period that parties can count on besides a "reasonable" retention period. 16:40:32 ack npdoty 16:40:45 jmayer, sorry, I missed the implication on collection 16:41:17 Noted that we could allow new capabilities on retention and use. 16:41:24 ack ifette 16:41:42 Not saying I agree - just explaining what this does. 16:41:51 +q 16:42:01 npdoty: The party might not need all the collected data for the permitted uses. The six weeks are the time frame to sort out the data reasonable needed for the permitted uses and minimize the rest. 16:42:31 ack JC 16:42:33 +q 16:42:39 for the auditor, the existence of retained data in the 6-week period would never be an indicator of non-compliance? 16:42:47 i'll try again 16:42:52 -[Microsoft] 16:42:54 the six weeks can be used to filter out data that you collected as a third party from your logs 16:42:58 ifette, you'll still need to demonstrate that you're not profiling or transferring to third parties immediately. 16:43:10 +[Microsoft] 16:43:10 justin, yes, that is rather problematic 16:43:32 ifette, But you're OK with that, or at least willing to accept that burden? 16:43:53 Yep. Auditing the backend isn't particularly easy, but this doesn't make it much harder. 16:44:27 justin, if it can be written in some way that would still prevent a pain in the butt audit (e.g. if we catch you doing this you're in trouble but the assumption / "burden of proof" is that you're not), then yes 16:45:37 aleecia: What I thought I heard in DC is that the reason for the 6 weeks is - you might not know in real time what data falls under the permitted uses you claimed. Real time is a huge hassle. So we grant them 6 weeks to figure out which data dnt compliance allows them to keep. 16:45:40 q? 16:45:43 why are views "disturbing"? they are just POVs... 16:45:55 because I thought we all agreed rather strongly. 16:46:06 aleecia: point of the 6 weeks is to give companies time to figure out what they're doing with that data; that was what I understood we were discussing 16:46:10 Oh, I didn't get that from the face-to-face 16:46:12 It suggests either I misunderstood, or others did, or .. 16:46:25 ack jmayer 16:46:54 and anyway, as more has come to bare on the 6-weeks proposal, peoples minds might have changed. I think that's reasonable and part of an open process :) 16:47:06 JC: I don't think we should use Do Not Track as a way to push out data retention limits on industry. Aleecia: I don't think that's what we're discussing, unless I misunderstood 16:47:11 Many of us seem to have confirmation bias, e.g. we hear what we want to hear and discard the rest :-) My big problem with confirmation bias appears to be that I think there is agreement beyond what there is. 16:47:13 As long as data is not used for anything other than Permitted Uses (with data minimization and transparency) - why do we need an arbitrary timeframe? This 6 weeks doesn't appear to buy anything. 16:47:37 yes, echoing Aleecia: for 6 weeks you can keep stuff you don't understand (and therefore can't and don't use), while you sift it out, and so on; that's my understanding; once you know what you have, you also know whether you're supposed to have it and are allowed to use it, under DNT :-) 16:47:50 I agree with WileyS that it is difficult to think of a situation when is it useful to have this time frame before the permitted use carve out. 16:47:54 jmayer: I would not support that permitted uses as secuirity and fraud move us to a longer retention period in general. 16:48:20 WileyS, what about data that isn't needed for any permitted use? do you have to delete that data immediately? or should there be a buffer even for data not needed for any permitted use? 16:48:56 q? 16:49:08 ifette, I don't want the spec to require pain-in-the-butt affirmatively-demonstrating compliance for any of this, but we obviously can't prescribe how DPAs structure any audits they'll require. So that said, not entirely sure how much this buys you. 16:49:20 +q 16:49:28 ack jmayer 16:49:35 to npdoty: I think the whole point is you get 6 weeks to answer that question (what do I have to discard?) 16:49:40 aleecia: The discussion about retention periods should be separated from this. 16:49:41 justin, indeed. My attempt was to say "in the first six weeks, you get the benefit of the doubt." 16:49:44 Many of the permitted uses require all of the data (log file record). This carve-out appears to provide some arbitrary timeframe for data aggregation (reporting). None of the other Permitted Uses are covered by this arbitrary timeframe. 16:49:48 dsinger, exactly, that's my understanding. 16:49:52 That was for you Nick 16:50:12 q+ 16:50:39 jmayer: For both discussion the same privacy considerations apply. 16:50:48 to ifette: I don't think there's any 'benefit of doubt' here; it does not allow you to USE the data any more, just time to work out what data is what 16:51:33 Two retention discussions: maximums for exceptions, (lesser) maximums for protocol information. Similar considerations. 16:51:59 aleecia: WileyS, are you saying that permitted uses have overall no restrictions on collecting data? So that there is no need for stripping some data in this 6 weeks time frame? 16:52:00 q+ that we should still advise 'minimal logging' in the first place (i.e. if you can determine at the time of potential collection that this data is not permitted, then try not to log it in the first place) 16:52:14 Wiley, um, no, removing ID cookies != unlinkable. 16:52:19 q+ to say that we should still advise 'minimal logging' in the first place (i.e. if you can determine at the time of potential collection that this data is not permitted, then try not to log it in the first place) 16:52:39 +q 16:52:54 We could treat cookie data differently. That's an option. 16:53:18 If this convo presumes collection of unique IDs, then the 2-6 week period is about tiering of permitted uses. If we presume no unique IDs in DNT, this is a very different conversation. That may explain the sprawling nature of this debate. 16:53:28 WileyS: The main privacy concern is the identifier within the cookie - but this is still needed for many permitted uses. 16:53:39 ack ifette 16:54:09 So we're hearing from Shane that collection would be unchanged for many companies under the permitted uses he envisions, which is an important thing to understand 16:54:10 aleecia: To sum it up - for you there is not necessarily a minimization of data collection under permitted uses. 16:54:26 +1 to Ian - that was my suggestion at the beginning of this discussion 16:54:30 justin, either presumes no IDs or that "reasonable minimization" has teeth 16:54:59 ack dsinger 16:54:59 dsinger, you wanted to say that we should still advise 'minimal logging' in the first place (i.e. if you can determine at the time of potential collection that this data is not 16:55:03 ... permitted, then try not to log it in the first place) 16:55:03 ifette, sorry, could you summerize on IRC? 16:55:23 ack JC 16:55:30 jmayer - if I have no unique IDs (I strip cookie IDs, the IP address, MAC address, etc.) would you consider the record to now be "unlinkable"? 16:55:40 ifette: fine with delaying based on the compliance discussion, but should come back to what requirements are on Day 0 in terms of implementation 16:55:45 jmayer, No argument. 16:55:52 jmayer - in short, where is the unlinkable line for you? 16:55:54 dsinger: We should advise on minimal logging. If you do not know if you need the data, perhaps you should not log it in the first place. 16:56:14 ifette: I'm OK with setting this aside for now, it sounds like there's still a fair amount of disagreement on whether this is necessary and/or what exact form that it should take. What I would ask then is that, once we have a more complete view of what DNT means, we look at what compliance would mean "at time zero", whether it would require real-time processing, and how one would defend against an audit/investigation with respect to data at time zero. 16:56:23 WileyS, of course not. That's deidentified data. There's a booming scientific literature about how deidentified data can be reidentified. 16:57:02 you could also write dnt:1 records to a different log/database, for example 16:57:23 You have to log data Aleecia; for many reasons unrelated to DNT; its not trivial to re-engineer the Internet 16:57:34 WileyS, there is no easy, bright-line rule for unlinkability. Even the DAA principles recognize that. 16:57:38 aleecia, yes that's also a huge part of this 16:57:48 aleecia: trying to resolve, not have to decide in real-time whether a Permitted Use applies 16:57:51 ISSUE-148? 16:57:51 ISSUE-148 -- What does DNT:0 mean? -- raised 16:57:51 http://www.w3.org/2011/tracking-protection/track/issues/148 16:57:56 ifette, but you think there's something else to this? 16:58:09 aleecia: We are looking into a few other thing. ISSUE 148 - What does DNT 0 mean? 16:58:10 Presumably DNT:0 means something along the lines of "yes, you may track me," but we come back to what exactly that entails. If we say "you may collect any data and use it for any purpose" this will not count as consent in the EU since there is not an associated context. Can we craft something that will work for everyone? 16:58:11 Want to be sure to note that I (and I suspect many others) don't agree with a six week protocol grace period. 16:58:20 npdoty, the other part is "how the heck am I supposed to defend against an audit at time zero" 16:58:22 Somewhere on the order of 1-2 weeks would be ok. 16:58:37 Aleecia, when you say "it's easy to write some code..." I don't believe you appreciate what's really involved with at scale systems. 16:58:40 jmayer - all examples to date (AOL, NetFlix, etc.) have relied on data coupled with a log record to allow for reidentification - in most of those cases that data was declared data (freely given by the user) and is outside of the scope of DNT which focuses on observed data (primarily log records). 16:58:43 ifette, if that's the only additional part, great, I understand 16:58:44 ifette, if the concern is auditing, let's talk about auditing - not general-purpose retention. 16:58:45 particularly, what is the difference (if any) between no DNT header, and DNT:0 ?? 16:58:46 q+ 16:58:51 +1 to jmayer --- which is why I was wondering why he kept saying "6 weeks" over and over again :) 16:59:06 ack ifette 16:59:15 +q 16:59:25 ... we keep coming back to this because a consent for Europe needs to be explicit. 16:59:36 The new UK regulation carefully scoped implied consent to first-party cookies - not third-party cookies. 16:59:51 And then the Netherlands came out with guidance on the opposite end of the spectrum - gotta love the EU :-) 17:00:10 q+ 17:00:25 ack jmayer 17:00:46 ifette: I am concerned about being too explicit. The situation in Europe is not completely clear. For me a simple DNT:0 just means being okay with being outside of the DNT standard. 17:00:56 jmayer - not true, implied consent could apply to 3rd cookies as well 17:00:56 + +1.917.318.aagg 17:01:07 -Joanne 17:01:28 -schunter 17:01:58 jmayer: DNT:0 should mean that the user is okay with whatever you present in written form to the user. 17:02:07 Disagree, DNT:0 should mean DNT is fully lifted - trying to create a multi-layered onion on what DNT:0 will be difficult to manage 17:02:09 Ian is right to correct me from "EU" to "some EU countries." It would be useful to get discussion around both the Netherlands and the UK. If anyone has suggestions of someone close to the UK regulations willing to speak with the group and take questions, please let me know. 17:02:13 q? 17:02:18 ack dsinger 17:02:32 q+ to be clear, if DNT:0 has no defined meaning and set of purposes for which data collections is specifically allowed, then user-granted exceptions have no useful purpose. 17:02:54 ack fielding 17:02:54 fielding, you wanted to be clear, if DNT:0 has no defined meaning and set of purposes for which data collections is specifically allowed, then user-granted exceptions have no 17:02:57 ... useful purpose. 17:03:13 dsinger: want to be clear that I don't think DNT:0 should imply anything beyond not sending DNT at all 17:03:33 dsinger: I would be uncomfortable with DNT:0 implying any more consent than conveying that he/she does not send DNT:1. 17:03:55 WileyS, the UK ICO guidelines give advertising cookies as an obvious example of cookies that require explicit consent. 17:03:56 …except that I am telling you that others are getting dnt:1, and I give you the opportunity to reflect back to me that you saw dnt:0 from me 17:03:58 +1 with david singer and roy fielding 17:04:14 +1 17:04:15 WileyS, I think David and Roy disagree :) 17:04:21 q+ 17:04:39 ack npdoty 17:05:06 - +1.917.318.aagg 17:05:12 Value of exception API: persistence, standardized user expereience. 17:05:13 Nick, roy did go in a new direction there at the end so I agree. I thought he started that DNT:0 should mean the absense of DNT:1 17:05:16 q? 17:05:19 q+ 17:05:23 ack ifette 17:05:23 a tool to convey consent would be the major benefit of DNT in Europe. Especially the Opt back in should convey an explicit consent. 17:05:39 -johnsimpson 17:05:41 dnt:0 on all requests says "I am aware of DNT and have chosen not to turn it on", whereas absence is more vaguae 17:05:51 s/vaguae/vague/ 17:06:11 s/expereience/experience/ 17:06:25 dsinger, I thought we agreed that DNT:0 meant "you have an exception from this user" and no DNT signal meant the user has not made a choice yet (whether their browser supports the feature or not) 17:06:31 + +1.917.318.aahh 17:06:43 I'm with Ninja on this one - DNT:0 should mean you've been granted an exception 17:06:50 Ninja - did I get that right? 17:06:51 q? 17:07:05 wileys, yes; I was trying to interpret dnt:0 on all requests (whereupon no-one is 'excepted')... 17:07:15 I wasn't suggesting that DNT compliance requires legal compliance, just that we could include another reminder that DNT doesn't affect legal compliance (since that seemed to be the essence of Jonathan's request) 17:07:30 where would the definition go? (which document/section)? 17:07:39 I'll volunteer to write one viewpoint, though I doubt everyone will agree with my view :) 17:07:43 ... to avoid any confusion that DNT:0 would override your legal requirements on consent 17:07:46 WileyS, I am not entirely sure if DNT:0 and site specific exceptions are conveyed in the same way. 17:07:48 The only reason to request an exception is because an exception is desired -- which law applies doesn't matter. All regions have the notion of prior consent. 17:07:59 Though they are different, how would the site behave differently? 17:08:06 I'll take the other viewpoint. 17:08:20 Ninja, I believe the TPE uses DNT:0 as the mechanism to convey a user-granted exception 17:08:35 At least in the most current draft 17:08:44 action: fette to draft a definition of DNT:0 expression -- issue-148 17:08:44 Created ACTION-208 - Draft a definition of DNT:0 expression -- issue-148 [on Ian Fette - due 2012-06-06]. 17:08:48 aleecia: ifette and jmayer volunteer to write their viewpoints. Thank you both. 17:08:59 action: mayer to draft a definition of DNT:0 expression -- issue-148 17:09:00 Created ACTION-209 - Draft a definition of DNT:0 expression -- issue-148 [on Jonathan Mayer - due 2012-06-06]. 17:09:01 https://www.w3.org/2011/tracking-protection/track/issues/149 17:09:04 ISSUE-149? 17:09:04 ISSUE-149 -- Compliance section for user agents -- raised 17:09:04 http://www.w3.org/2011/tracking-protection/track/issues/149 17:09:16 ... Next Issue - compliance for user agents. 17:09:34 UK cookie info: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx 17:09:43 chapell has joined #dnt 17:10:18 ... What motivates this is we talked about intermidiaries. The user agent should convey the user's voice. 17:11:40 +q 17:11:49 ... is it okay to have a default of DNT:1 or DNT:0. Example of EBG (?) 17:11:49 yesd 17:11:52 yes, rather 17:11:56 yes, this goes to open issue 143 17:11:58 (yes it's worth discussing) 17:11:59 ack jmayer 17:11:59 ... reasonable people in the group disagree about whether AVG fits our understanding 17:11:59 I think it important that the user's choice be expressible through their choice of user-agent, configuration of user-agent, or other software (e.g. a privacy-enhancing proxy) 17:12:05 s/EBG/AVG/ 17:12:17 issue-143 is against the TPE document, not compliance. Different issue. 17:12:18 vincent, thanks 17:13:11 I've submitted an issue for User Agents to record that they were the party to set the DNT:1 signal and this be conveyed in the header. This provides transparency for the sender. 17:13:21 I thought there was 17:13:29 I thought there was pretty broad consensus there as well 17:13:40 i thought there was consensus that a UA could not set DNT:1 by default w/o asking the user 17:13:46 Straw poll 17:13:48 aleecia: I thought there was consensus that a user agent should not have a default. jmayer disagrees. 17:13:50 There is undoubtedly consensus among industry stakeholders :) 17:13:59 Wny can't we do "+1" via IRC? 17:14:02 In doing what they've done, AVG makes it very dificult for publishers to "honor" any DNT request, without knowing the source and how DNT was set 17:14:04 +q 17:14:07 aleecia: probably better to discuss this f2f. 17:14:17 ack WileyS 17:14:25 If I sell a UA "PrivacyPlus" that minimizes fingerprinting, turns on DNT, doesn't log what you do or maintain history, and so on, it's a valid use choice to use that UA. 17:14:54 Chapell has joined #DNT 17:15:13 +q 17:15:13 q+ 17:15:18 -q 17:15:19 +q 17:15:25 dsinger, surely "privacy plus" could ask on first run 17:15:31 ack npdoty 17:15:46 q+ 17:15:50 ifette, same as how Chrome would ask on first run... 17:15:52 +q 17:16:04 aleecia, chrome isn't targeting a niche group of users with a tonf of features that tend to break the web 17:16:10 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining 17:16:30 npdoty: there may be some gray area - what about a privacy browser like dsinger described. 17:16:30 are we doing this in person, or now? 17:16:46 but it's the same deal: getting in the way of install is unattractive for anyone 17:18:08 jmayer: We should take into account that local law might require a default. So we should not prohibit it. 17:18:10 q- 17:18:18 q- jmayer 17:18:21 -q if we will make this an agenda item for later 17:18:33 -q 17:18:48 aleecia: This is an issue we need to come back to. I create a new issue and an agenda item. 17:18:49 does issue-149 capture this question already? 17:18:57 Noted three issues we need to decide: 1) where on the spectrum of user interaction/user understanding is the cutoff? 2) how do we handle first run and upgrade prompts? 3) how do we account for law that requires a default? 17:19:02 I would like to see it on an agenda before the face-to-face though, with enough time to adequately hear from all 17:19:21 q+ 17:19:32 can we just decide this question is out of scope? 17:19:33 ack ifette 17:19:44 +1 to npdoty! 17:19:46 we could, but it seems a bit insane as is 17:19:46 (we don't normally standardize how conflicting user agent software works) 17:20:08 aleecia: another issue, unsure to take this up: What about the browser DNT setting contradicting the setting of addons? 17:20:59 I think it's worth looking at 17:21:07 I think we take it on 17:21:19 ifette: I think it is fair to say that server side cannot distinguish what is the will of the user. So there should be no responsibilities. 17:21:20 Another issue we have to decide: can a server ignore "DNT: 1" if it has reason to believe it wasn't explicitly set? 17:21:33 I think the answer there should be plainly no. 17:21:53 jmayer, that's why I'm asking that the setter be named and I believe the answer can be "yes" in some cases. 17:22:08 It's in nobody's interest to have second-guessing of DNT. 17:22:11 ifette: for better or worse the server won't be able to tell whether or how conflicts on the client affect setting of the DNT header 17:22:38 jmayer, disagree but understand your position 17:22:39 aleecia: We have DNT 1, 0 or unset. Do we want to take on how UA should present this choice to the user? 17:22:42 good question jmayer; I think the answer should be yes, if it wasn't set per our requirements for compliance, which should include a UI component 17:22:43 WileyS, could'nt the party then just request site exception? 17:22:57 I think the current text ('must reflect the user's choice') is fine, and trying to be more precise is a tar-pit 17:23:02 q+ 17:23:04 Aleecia, how/why do you call UI "out of scope"? 17:23:09 +1 to dsinger, I think 17:23:11 I don't understand this 17:23:31 q? 17:23:32 which charter exactly? 17:23:37 q? 17:23:48 +1 UI out of scope 17:23:49 vincent, requesting exceptions may come with consumer trade-offs: paywalls, restricted access, more ads, etc. I'd rather not present the exception request unless a valid DNT:1 is received. 17:23:50 ack ifette 17:24:03 Chris_IAB, charter is here: http://www.w3.org/2011/tracking-protection/charter we can work on guidelines for UI but we don't specify presentation to the user 17:24:04 Chris_IAB, UI is the third rail of W3C discussions. 17:24:08 Chris, the charter is linked from the main page for the TPWG; worth a read 17:24:21 Not dissimilar to Social Security in DC... 17:24:33 ifette: This depends on the meaning of DNT:1. If it has a total different meaning to unset I would appreciate guidance. 17:24:34 q+ 17:24:39 - +1.917.318.aahh 17:24:40 ack npdoty 17:24:48 ok, so let's not call it "UI" then; let's call it "requirements for the influencing of setting DNT" 17:24:53 is that in charter? 17:25:01 s/meaning of DNT:1/meaning of DNT:0/ 17:25:31 Chris_IAB, that is what we are discussing 17:26:03 WileyS, imho if the user did not set DNT:1 and get restricted access and/or exception request, he'll certainly disable the add-on that sets DNT 17:26:08 thx, I have a better understanding, I think 17:26:28 I think dnt:0 should be an artefact of the protocol, not a third user choice 17:26:40 + +1.917.318.aaii 17:26:40 Chris, the group's charter is here: http://www.w3.org/2011/tracking-protection/charter 17:26:44 Chris_IAB, we can discuss defaults and standards of consent; we can't set UI specifics (e.g. text, format, etc.). 17:26:48 aleecia: We best come back to this when we figured what DNT:1 means. 17:27:03 s/what DNT:1 means/what DNT:0 means/ 17:27:08 ISSUE-143? 17:27:08 ISSUE-143 -- Activating a Tracking Preference must require explicit, informed consent from a user -- raised 17:27:08 http://www.w3.org/2011/tracking-protection/track/issues/143 17:27:32 vincent, the user may not be aware which product they installed that did this - hence the request that setters be named 17:28:02 got the Charter, thanks efelton; wondering if there is any way to re-open the charter if the working group feels it is no longer correct? 17:28:05 aleecia: suggestion is we leave ISSUE 143 as it is right now. Postponed discussion. 17:28:15 s/efelton/efelten/ 17:28:22 does the W3C have a mechanism for altering the charter of a Working Group? 17:28:33 Chris_IAB, I'm happy to follow up on W3C process re-chartering 17:28:49 to Chris_IAB, yes, it's called re-chartering, and is major step 17:28:55 great, a lot of us joined after the charter was set 17:29:35 aleecia: a reminder, if you have some proposal you want on the agenda, need to know this week 17:29:35 -hwest 17:29:36 -vinay 17:29:36 -efelten 17:29:36 -hefferjw 17:29:37 -Chris_PedigoOPA 17:29:37 -samsilberman 17:29:38 -jmayer 17:29:39 -aleecia 17:29:42 -[Apple] 17:29:43 zakim, list participants 17:29:44 -tedleung 17:29:46 -[Microsoft] 17:29:47 -WileyS 17:29:50 -bilcorry 17:29:52 -vincent_ 17:29:53 As of this point the attendees have been aleecia, npdoty, eberkower, +1.781.472.aaaa, samsilberman, efelten, hefferjr, +1.919.388.aabb, BrendanIAB, Anna_Long, +49.431.98.aacc, 17:29:57 ... aclearwater, Chris_IAB, WileyS, Joanne, +1.202.496.aadd, schunter, jmayer, ninjamarnau, vinay, ifette, vincent_, alissa, +1.408.423.aaee, hwest, fielding, hefferjw, 17:29:59 ... johnsimpson, tedleung, Chris_PedigoOPA, +1.215.286.aaff, erikn, dsinger, bilcorry, susanisrael, Dan_Caprio, [Microsoft], dsriedel, +1.917.318.aagg, +1.917.318.aahh, 17:30:03 ... +1.917.318.aaii 17:30:05 -aclearwater 17:30:06 -dsriedel 17:30:09 -susanisrael 17:30:11 -alissa 17:30:12 - +1.917.318.aaii 17:30:14 -npdoty 17:30:16 -fielding 17:30:18 -eberkower 17:30:20 -ninjamarnau 17:30:22 -[Google] 17:30:24 rrsagent, draft minutes 17:30:24 -BrendanIAB 17:30:29 rrsagent, pointer? 17:30:29 See http://www.w3.org/2012/05/30-dnt-irc#T17-30-29 17:31:10 -Anna_Long 17:31:19 rrsagent, draft minutes 17:31:19 I have made the request to generate http://www.w3.org/2012/05/30-dnt-minutes.html npdoty 17:31:39 thanks, Nick. I was just walking back in to do that… I always forget, it's funny. 17:31:48 -hefferjr 17:32:12 Oh! Awesome. 17:32:31 -Chris_IAB 17:32:33 T&S_Track(dnt)12:00PM has ended 17:32:33 Attendees were aleecia, npdoty, eberkower, +1.781.472.aaaa, samsilberman, efelten, hefferjr, +1.919.388.aabb, BrendanIAB, Anna_Long, +49.431.98.aacc, aclearwater, Chris_IAB, 17:32:33 ... WileyS, Joanne, +1.202.496.aadd, schunter, jmayer, ninjamarnau, vinay, ifette, vincent_, alissa, +1.408.423.aaee, hwest, fielding, hefferjw, johnsimpson, tedleung, 17:32:35 ... Chris_PedigoOPA, +1.215.286.aaff, erikn, dsinger, bilcorry, susanisrael, Dan_Caprio, [Microsoft], dsriedel, +1.917.318.aagg, +1.917.318.aahh, +1.917.318.aaii 17:33:04 Zakim, bye 17:33:04 Zakim has left #dnt 17:33:07 trackbot, bye 17:33:07 trackbot has left #dnt 17:33:09 rrsagent, bye 17:33:09 I see 3 open action items saved in http://www.w3.org/2012/05/30-dnt-actions.rdf : 17:33:09 ACTION: Wiley to follow-up with Peter or otherwise post current draft to the list for Unlinkability due 6/4 [1] 17:33:09 recorded in http://www.w3.org/2012/05/30-dnt-irc#T16-07-21 17:33:09 ACTION: fette to draft a definition of DNT:0 expression -- issue-148 [2] 17:33:09 recorded in http://www.w3.org/2012/05/30-dnt-irc#T17-08-44 17:33:09 ACTION: mayer to draft a definition of DNT:0 expression -- issue-148 [3] 17:33:09 recorded in http://www.w3.org/2012/05/30-dnt-irc#T17-08-59