IRC log of dnt on 2013-02-11

Timestamps are in UTC.

17:39:07 [RRSAgent]
RRSAgent has joined #dnt
17:39:07 [RRSAgent]
logging to http://www.w3.org/2013/02/11-dnt-irc
17:39:11 [robsherman]
.. And we're going to try to do more here.
17:39:14 [robsherman]
... (slide 5)
17:39:37 [Wileys]
Rigo: using that logic could be applied to opt-out cookies as well...
17:39:45 [robsherman]
... Minimum criteria for what we're doing: (1) create a standard, (2) consistent with charter, (3) significant change from status quo, (4) can explain why DNT:! reduces tracking
17:39:49 [robsherman]
s/!/1
17:39:50 [Chapell]
How does the compliance doc solve this issue? we don't see to be interested in requiring that browsers disclose dnt functionality in this group
17:40:44 [robsherman]
... On status quo: If we do all of this work and nothing changes, we'll have something we'll call DNT that will be a big nothing burger.
17:40:52 [aleecia]
DNT needs to do one thing, not be multiple choice up to the company with utterly no communication back to the user
17:40:55 [robsherman]
... This means some people will have different options in their business models.
17:41:16 [robsherman]
... It only makes sense to do this work if we're going to do something. If at the end of the day we do nothing, the world will see it as nothing and that won't be a great result.
17:41:20 [Chapell]
does that include requiring the browsers to provide a clear description of dnt functionality?
17:41:27 [rigo]
Wileys: sure, there was a cookie option developed. I think a lot of people believe that DNT offers 2 things: A new attempt to find compromise and a means to make it technically more robust
17:41:38 [robsherman]
... Finally, there has to be something we explain to people about what DNT means.
17:41:40 [Wileys]
Allecia, how is having a status response on every page request equate with "utterly no communication back to the user"?
17:41:46 [robsherman]
... These criteria are minimum set you need to have this make sense.
17:41:50 [rigo]
Wileys: because a cookie thing won't give you a consent recording facility IMHO
17:42:08 [robsherman]
... If we achieve these four, we'll have done something. And if we don't, we'll THINK we've done something.
17:42:23 [robsherman]
... But W3C isn't an island. There's other work going on in DAA, FTC, developers of "self-help" measures.
17:42:27 [Mark_Vickers]
Mark_Vickers has joined #dnt
17:42:33 [susanisrael]
*
17:42:42 [robsherman]
... I'm not saying everything has to happen in W3C. If we move the whole ecosystem I'd consider that a success because we'll have developed something that works for users.
17:42:51 [robsherman]
... If you're against these four things, we'll need to understand why.
17:42:55 [robsherman]
... (slide 6)
17:42:58 [susanisrael]
*zakim, iit is possible i will drop off irc but remain on phone
17:43:03 [vinay]
aleecia - in principle i agree with you; but practically companies are going to treat DNT differently. There are even many in the TPWG trying to create different meanings of what DNT means. For example, the idea of someone pushing 'absolutely no tracking' (or whatever its being called now)
17:43:03 [robsherman]
... Fifth thing: Adoption.
17:43:04 [hwest]
hwest has joined #dnt
17:43:05 [aleecia]
Shane - other than hearing Senate testimony, how would I learn how Google's opt out differs from Yahoo's?
17:43:07 [Wileys]
Rigo: If I ask a consumer for a specific consent and that user gives that consent and I record it in a cookie, I believe every single country in the EU would support that outcome.
17:43:23 [robsherman]
... If we adopt a great standard that nobody implements, that's not a great solution. This is relevant to what "consensus" means.
17:43:24 [vinay]
some companies may apply it to first party data collection/use
17:43:51 [justin_]
Vinay, but a DNT standard would at least mean a reliable floor.
17:43:54 [robsherman]
... The people who make a standard work have to be on board far enough to make sure that we have a reasonable chance of success. We need to talk with the people who will build this to understand how it will work in the real world.
17:44:00 [schunter]
q?
17:44:00 [robsherman]
... Questions about these five elements?
17:44:04 [npdoty]
questions or comments about these five things?
17:44:05 [schunter]
q?
17:44:09 [robsherman]
ack Rachel_Thomas
17:44:12 [Wileys]
Aleecia, ready our privacy policies. How else do you expect to understand the details of any company's internal business practices? Where else do you expect that information to be conveyed?
17:44:16 [Wileys]
s/ready/read
17:44:26 [vinay]
justin_, completely agree. i'm just pointing out that we won't have one way to know how all companies treat it.
17:44:36 [robsherman]
Rachel_Thomas: Two comments. First, the idea that Congress isn't passing laws doesn't mean that it isn't considering this and hasn't decided against passing laws because of good work in the self-regulatory arena.
17:44:38 [aleecia]
Vinay at the very bare minimum we need some ability for users to distinguish those. I doubt we will word smith that and cannot do UI for browsers, but there should be feedback, when there is a UI for a UA
17:44:47 [robsherman]
... Also want to question whether a standard needs to be understood as a significant change from the status quo.
17:44:58 [robsherman]
... It should be something that is adopted by a significant amount of the general community.
17:45:14 [robsherman]
... W3C is codifying standards based on what's acceptable in the broader environment.
17:45:18 [npdoty]
q?
17:45:31 [robsherman]
... This relates to the comment about adoption: If we're coming from the idea that people need to change significantly, then that may impact adoption.
17:45:39 [aleecia]
Shane your privacy policies did not explain last time I read them word-for-word. Unless you've changed that, it's not possible at all to understand via privpols, not just for end users, for practitioners
17:45:40 [Zakim]
-[Comcast]?
17:45:49 [schunter]
Can people on the phone hear us (peter + rachel + shane) well enough?
17:45:59 [vinay]
schunter - yes
17:46:01 [robsherman]
WileyS: "Significant change" can be subjective. It's troubling to hear it, though, because it suggests that all of the work that's been done to date has no value.
17:46:04 [peterswire]
q?
17:46:04 [justin_]
vinay, Yeah didn't think that was controversial. But another benefit of the spec is mandatory disclosure of retention practices, to at least allow external evaluation of differeing policies.
17:46:05 [Zakim]
+ +1.215.480.aaii - is perhaps [Comcast]?
17:46:05 [susanisrael]
*zakim, the 215 480 number, i think was walt michel of comcast
17:46:18 [robsherman]
... I don't want to throw the baby out with the bathwater. We're not here to break the Internet.
17:46:25 [robsherman]
peterswire: Agree - we're not here to break the Internet.
17:46:55 [WaltM]
WatlM is Walter Michel from Comcast
17:46:57 [robsherman]
... But I've emphasized the point that there are conversations elsewhere as well as here. There have been ongoing discussions - in DAA and elsewhere - about a number of things that have changed over time.
17:47:12 [robsherman]
... I've indicated that changes around cookies are good but haven't scaled.
17:47:31 [robsherman]
... It may be that these conversations lead to a set of things around control, user understanding on the Internet.
17:47:40 [robsherman]
... So maybe what we do here becomes a prod to other orgs that create change.
17:47:43 [Chapell]
Aleecia, can you help me bridge what - at least in my opinion - seems like a disconnect. You believe that communicating DNT functionality is really important -- is not the browser an ideal place to communicate such functionality?
17:48:00 [robsherman]
... FTC has and, I believe, will continue to be interested in this. I think they're looking for an overarching, persistent, technology-neutral solution.
17:48:07 [aleecia]
It is
17:48:13 [robsherman]
... If they see it as not doing that, they may express the view that we haven't achieved what we're trying to achieve.
17:48:23 [rigo]
Wileys: sure, you could do DNT with cookies, opt-in or opt-out and many things more. A standard says how people agree to do certain things. And some technical experts said it would be better to do header than cookie. DAA (in background) is for sure an important step. But many believe it did not bring the peace into the market place that it was supposed to bring.
17:48:30 [johnsimpson]
zakim, who is on call?
17:48:30 [Zakim]
I don't understand your question, johnsimpson.
17:48:31 [robsherman]
... There is some degree of change that comes from that.
17:48:41 [vinay]
justin_, agreed on that point as well.
17:48:57 [rigo]
zakim, this is track
17:48:57 [Zakim]
rigo, this was already Team_(dnt)15:30Z
17:48:58 [Zakim]
ok, rigo; that matches Team_(dnt)15:30Z
17:48:59 [robsherman]
... But I think what Shane/Rachel said was that there are a lot of things that have been built, and if those things turn out to be a successful answer then there's no necessary logical reason we need to do more in W3C.
17:49:02 [aleecia]
We need to build the mechanisms to support UAs giving feedback.
17:49:11 [robsherman]
... So you may be saying that what you've done is the right amount.
17:49:14 [efelten]
q+
17:49:17 [rigo]
zakim, who is on the call?
17:49:17 [Zakim]
On the phone I see MIT-Star, vinay, efelten_, Susan_Israel, BrianHuseman, johnsimpson (muted), BerinSzoka, kulick, [Nielsen], Aleecia (muted), jchester2 (muted), Joanne, Fielding,
17:49:20 [Zakim]
... Jonathan_Mayer, +1.202.587.aaff, [Mozilla], +1.415.920.aagg, [Microsoft], hefferjr, [Comcast]?
17:49:20 [Zakim]
[Mozilla] has sidstamm
17:49:31 [robsherman]
Rachel_Thomas: A lot of work has been done. 16M consumers. The idea that we need to move beyond that over next 3 days is premature.
17:49:48 [npdoty]
ack efelten
17:49:54 [robsherman]
efelten: I understand the goal of this effort is to give users some degree of control over collection, retention, and use of data.
17:50:09 [robsherman]
... Existing opt-out mechanisms don't limit collection or retention. Am I right about this? If so, there's a gap.
17:50:20 [schunter]
q?
17:50:33 [johnsimpson]
who is speaking?
17:50:34 [Chapell]
Aleecia: building mechanisms supporting UA's to give feedback is different than requiring clear disclosures at the point where consumers are making their consent decisions
17:50:52 [robsherman]
Lmastria_DAA: Agree with Shane and Rachel. We have put out a set of responsible data use policies that have been widely adopted by a host of folks in the advertising ecosystem to responsibly manage data.
17:50:57 [Wileys]
John, Lou Mastria is speaking
17:51:01 [johnsimpson]
thnx
17:51:06 [rigo]
q?
17:51:13 [justin]
justin has joined #dnt
17:51:37 [robsherman]
... There are individual companies that do various things. But it's a method for responsible data use practices with meaningful choice. It feels to me that when we talk about changes to the status quo, we may be boiling the ocean. Shouldn't we scope down to what we're actually doing?
17:51:51 [robsherman]
... Don't we need an objective point that we're trying to deal with? Isn't that one of the big things we have to do on Day 1?
17:51:59 [robsherman]
... I don't think that's been clarified yet.
17:52:05 [aleecia]
The question is where's the water's edge on where w3c DNT stops. I'd love to see the major browsers agree on UI. I do not believe we can get there here
17:52:07 [robsherman]
peterswire: Breakout for today is designed to address this.
17:52:10 [peterswire]
q?
17:52:24 [justin]
Collection, yes. Retention, no.
17:52:24 [robsherman]
efelten: Does DAA limit collection or retention?
17:52:27 [aleecia]
How?
17:52:46 [johnsimpson]
what limits does DAA put on collection and retention???
17:52:46 [robsherman]
WileyS: Yes. But on Peter's original question - are these things the right answer - we've been struggling to understand what the question is.
17:52:48 [efelten]
How does the DAA program limit collection or retention? Specific answer please.
17:53:00 [robsherman]
peterswire: Next slide has to do with agenda for our two days on Compliance.
17:53:04 [justin]
I think DAA requires collection for only seven (or so) buckets, yes?
17:53:11 [johnsimpson]
Can we please get an answer to Ed Felton's question?
17:53:26 [jmayer]
justin, the exceptions swallow the rule.
17:53:43 [robsherman]
... Deidentification: At some point, information is so aggregated that it no longer identifies an indvidual. Ex: 46% of people who use a site are female.
17:53:47 [jmayer]
Peter covered this extensively in his Hill testimony.
17:54:00 [robsherman]
... So we need to focus on the space between completely linked to a person and completely aggregate.
17:54:17 [robsherman]
... Once info is completely deidentified, then it's out of scope. Then there are some things that are covered and some things that aren't.
17:54:20 [robsherman]
... That line has to be there.
17:54:38 [robsherman]
... In the HIPAA context, there's a definition of "personal health information" (PHR). Any regulatory scheme needs to say clearly what is covered and what is not.
17:54:46 [robsherman]
... This is a logical part of any work we do.
17:54:59 [justin]
jmayer, I agree they are extremely broad. Not defending them as sufficient. Just answering the question since no one else seemed to want to :) http://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf
17:55:11 [robsherman]
... Related to that is the question of uses: We have some things that are in-scope, and some uses that we've talked about that are allowed even though in-scope.
17:55:21 [Chapell]
Aleecia: I hear you. Sounds like we're on the same page re: whether having a disclosure is optimal. Where we may diverge is - again in my opinion - that our inability to require the browsers to provide those disclosures significantly harms almost any DNT standard
17:55:27 [robsherman]
... If we're going to have some of those uses and a standard at the end that covers some things but not others, then this is part of our job.
17:55:35 [robsherman]
... These are complicated/technical, but they have to be resolved.
17:55:55 [robsherman]
... Once we clean these up, there will still be hard issues. Defaults, do you ignore a signal (which is related).
17:56:01 [robsherman]
... We are not trying to solve these questions this week.
17:56:08 [jmayer]
justin, see http://webpolicy.org/2011/11/08/a-brief-overview-of-the-supplementary-daa-principles/
17:56:21 [robsherman]
... If we clean up deidentification and permitted uses, we'll have the possibility of getting to an overall structure that works.
17:56:58 [npdoty]
(slide 8)
17:57:01 [BerinSzoka]
BerinSzoka has joined #DNT
17:57:02 [robsherman]
... How are we going to learn about the world - have facts that we share enough - to be able to come to agreement?
17:57:09 [robsherman]
... If people don't agree on baseline facts, it will be hard to get to agreement.
17:57:21 [robsherman]
... We've had a number of briefings - MRC, encryption.
17:57:31 [robsherman]
... These are efforts to have a common vocabulary and common understanding of facts.
17:57:39 [aleecia]
Alan, we're pretty close in views. I just believe even if we rechartered, we could not get an agreement here from the browsers. And, there will be UAs that are not browsers and we may not be able to get the same level of user feedback. I'm not willing to toss out all tools without UIs
17:57:55 [robsherman]
... I haven't said this before, and you might not agree - but here's a pattern of discussion many people will recognize.
17:58:29 [robsherman]
... There's a discussion about something. The people on the "outside" have disagreed and said "couldn't you solve it another way." That's been a concern from people who don't have the data. And then other people who run systems and do have the data, compete on the details of this stuff.
17:58:40 [robsherman]
... For a variety of reasons, they decide they wouldn't like to show certain things.
17:58:55 [robsherman]
... So we have skepticism from the outside and resistance to disclosure from the inside.
17:59:06 [Zakim]
-jchester2
17:59:17 [vincent]
vincent has joined #dnt
17:59:29 [robsherman]
... Here's how the legal system handles this: If one side has the evidence and the other side doesn't, you often say that the presumption is on the side of the people who don't have the evidence. So if the people who have the data want to show something, they need to come forward with the data.
17:59:59 [robsherman]
... This is one reason why we had the MRC discussion. It had been raised before. But we learned that there is a one-year standard. And that there have been waivers of that standard where privacy concerns existed.
18:00:01 [Zakim]
+[IPcaller]
18:00:02 [Chapell]
Aleecia: yes, I think you're saying that you'd rather have half a loaf, and I'm saying that the half-loaf is so moldy that it may not be edible (:
18:00:23 [vincent]
me
18:00:29 [vincent]
sorry fo being late
18:00:31 [tlr]
zakim, IPcaller is vincent
18:00:31 [Zakim]
+vincent; got it
18:00:31 [Wileys]
Aleecia, if a tool doesn't have a UI, how could it ever be DNT compliant? This standard is about conveying preferences and exceptions. this is why the original draft excluded non-direct UAs from participating (and I believe that should continue to be the case)
18:00:34 [robsherman]
... If we have other places where we're getting conflicts because skepticism matches up with lack of information, I'm going to ask the people on the inside to help us understand.
18:00:40 [johnsimpson]
q?
18:00:51 [robsherman]
brooks: I don't want to be overly detailed, but I think you may have mischaracterized MRC discussion.
18:01:14 [robsherman]
... They said that MRC needed it for a certain time. But that other people in the ecosystem need it -- for accounting or other reasons, not targeting -- for longer.
18:01:17 [aleecia]
Alan I'd suggest instead we differ on Should v. Must. And possibly how prescriptive we're likely to be able to get.
18:01:43 [robsherman]
peterswire: I was trying to speak carefully. I tried to summarize his key points. I was not trying to make a point about Sarb-Ox or other things. But about the need to have fact-based, evidence-based discussions.
18:01:51 [robsherman]
... (slide 9)
18:02:01 [aleecia]
But I'm going to bet you and I could craft something we'd agree on, Alan. Maybe just the two of us though :-)
18:02:25 [npdoty]
I'm tracking slides here: http://www.w3.org/2011/tracking-protection/#f2f7
18:02:30 [robsherman]
... During this F2F, we're going to have a few guest briefings. The first two are at the end of the day, and Ed will be speaking tomorrow morning.
18:02:37 [npdoty]
... but don't yet have the ESOMAR ones there, my mistake
18:03:08 [robsherman]
... First briefing is from ESOMAR, a European market research group.
18:03:22 [robsherman]
... I observe that there's a gap between DAA approach to market research and the current barebones text.
18:03:39 [robsherman]
... Currently, no specific market research exception. I know that some people who work in market research think this is an important gap.
18:04:04 [robsherman]
... DAA has language around market research. I testified in Congress last June. In preparation for that, I spoke with DAA's General Counsel about market research and product development under DAA's principles.
18:04:17 [robsherman]
... He believed that DAA would work in good faith to further refine these definitions.
18:04:39 [robsherman]
... One concern about DAA's market research definition that I have is that it's completely open-ended about what counts as market research.
18:04:50 [Zakim]
-[Comcast]?
18:04:53 [robsherman]
... But it is limited in that it does not allow market research information to go back into production for advertising/targeting.
18:05:09 [Zakim]
+ +1.215.480.aajj - is perhaps [Comcast]?
18:05:09 [robsherman]
... I asked for European groups, who are used to working with restrictive rules in Europe, to explain how they handle this.
18:05:27 [robsherman]
... I recognize market research as an area that has a particularly gaping gap between where important sectors of industry are and what our standard says.
18:05:50 [Chapell]
Aleeica: we should try it (:
18:05:51 [robsherman]
... Also, a briefing on the German Telemedia Law, which addresses what's permitted for pseudonymous data.
18:06:09 [robsherman]
... Germany tends to be more restrictive than the US. And if certain things are permitted in Germany, I think that's interesting.
18:06:28 [robsherman]
... It suggests that a strict regime has allowed certain things. We may decide we want to be "stricter than strict," but it's instructive.
18:06:34 [robsherman]
... I asked for a briefing about what's required.
18:06:51 [robsherman]
... I got an email from someone in industry who was concerned about this briefing. I am open to have people correct - on the merits - things they think are not accurate.
18:07:04 [robsherman]
... And I am open to having a Wednesday call with clarifications that are different from what our speaker says.
18:07:20 [robsherman]
... How pseudonymous marketing works, how it's different from deidentification, is relevant to what this group is thinking about.
18:07:55 [robsherman]
... Finally, tomorrow, efelten - a formidable technical expert - is going to talk about where the "deidentification" line is. He's specifically going to talk about hashing and easy-to-do attacks on certain kinds of hashing techniques that are used in industry.
18:08:04 [robsherman]
... If we think we have effective protection that is easy to break, this group should know that.
18:08:35 [robsherman]
... As a group, you might see the first two briefings as helping industry. And you might see the third, roughly, as helping privacy advocates.
18:08:45 [robsherman]
... In each, I hope people will reason about that issue at the time.
18:08:45 [Mark_Vickers]
Mark_Vickers has joined #dnt
18:08:59 [robsherman]
... Overall, it's an attempt to bring closer agreement on facts about the world into our discussion.
18:09:04 [peterswire]
q?
18:09:09 [robsherman]
... (slide 10)
18:09:33 [robsherman]
... The next topic is a bit new and, I hope, promising.
18:09:41 [robsherman]
... It was reported a little bit accurately in the press today.
18:09:58 [robsherman]
... In the first breakout, we'll be asking you to think about lifetime (or long-term) browsing history.
18:10:15 [robsherman]
... Let's imagine an Internet where third parties can get a comprehensive view of everything you've done on the web -- search terms, exact articles, etc.
18:10:27 [Zakim]
-Susan_Israel
18:10:30 [robsherman]
... Julie Cohen, a law prof, wrote in the 90s about something she called "the right to read anonymously."
18:10:59 [robsherman]
... This expresses an instinct a lot of us have: If someone has my lifetime reading history, that impacts my free speech rights because they get insights about me that reflect quite a large amount of knowledge.
18:11:14 [robsherman]
... Somehow, putting limits on a lifetime browsing history is perhaps a useful goal to achieve.
18:11:15 [Zakim]
+Susan_Israel
18:11:45 [robsherman]
... The second part of that is that this could be accompanied by interest-based advertising. EFF has called this "low-entropy cookies," but I'm better able to understand this as "buckets."
18:11:54 [robsherman]
... Have information about "buckets" but not exactly what I read.
18:12:28 [robsherman]
MikeZ: Thank you for spending the last 2.5 months talking to everyone.
18:12:36 [peterswire]
dan -- ok for me to call on you next, to describe your view on this effort?
18:12:41 [robsherman]
... You've identified here an issue or concern that's tangible, that is a problem we could solve for.
18:12:48 [schunter]
q?
18:13:12 [robsherman]
... Having a shared focus is not necessarily something this group has had. If we look at this idea of access, lifetime/long-term collection of browsing history in personally identifiable format -- this is an issue that we can look at concretely and try to find a solution that works for consumers.
18:13:21 [robsherman]
... I think there may be a path forward there, at least as a high level.
18:13:44 [Zakim]
-Susan_Israel
18:13:45 [robsherman]
... Procedurally, more than substantively, it identifies a process that puts us on a path forward over the next 3 days. It helps us all understand what it is that we are trying to solve for.
18:14:07 [robsherman]
dan_auerbach: I think it's important to think about URI data because any sort of meaningful deidentification process will necessarily require not keeping full URI data.
18:14:23 [robsherman]
... I've been thinking about meaningful deidentification and being able to keep useful information from URIs without keeping the whole URI around.
18:14:38 [robsherman]
peterswire: To go back to my slide about the five criteria:
18:14:58 [robsherman]
... If we were to fix in some meaningful way lifetime browsing history, I feel like we could describe that to the world in a concise, understandable way.
18:15:13 [robsherman]
... It would be a change that some people are willing to consider together. And perhaps we could get to meaningful adoption, because we have worked on it together.
18:15:27 [robsherman]
... This is not the only thing that we will discuss in the coming 3 days, but I hope that you'll join with us in good faith to help figure out some of this.
18:15:30 [peterswire]
q?
18:15:37 [robsherman]
... Soon we'll split into groups
18:15:53 [robsherman]
yianni: For small groups, we're going to do it based on last name.
18:16:10 [robsherman]
... Group A: A-D; Group B: E-L; Group C: M-R; Group D: S-V; Group E: W-Z
18:16:24 [npdoty]
http://www.w3.org/wiki/Privacy/DNT-Breakouts#Breakout_rooms
18:16:27 [robsherman]
peterswire: This will be true for both people who are physically here and who are remote.
18:16:39 [robsherman]
yianni: npdoty
18:16:42 [robsherman]
...'s link has maps
18:16:51 [Zakim]
- +1.202.587.aaff
18:16:54 [Peter-4As]
Peter-4As has joined #dnt
18:17:03 [robsherman]
peterswire: Five group leaders, scribes for each of the groups. If you're in a small group, I hope you'll volunteer to scribe.
18:17:10 [robsherman]
... handouts and directions near the door.
18:17:48 [samsilberman]
samsilberman has joined #dnt
18:17:48 [Chris_IAB_]
Chris_IAB_ has joined #dnt
18:17:50 [robsherman]
yianni: (reads group leaders)
18:18:13 [robsherman]
peterswire: Group leaders have a guide for structured questions. This will last until 3:15, and then we'll debrief.
18:18:15 [dan_auerbach]
I don't have a handout so if someone in group D
18:18:16 [dan_auerbach]
can snag one
18:18:18 [dan_auerbach]
that'd be great
18:18:21 [Zakim]
-BrianHuseman
18:18:30 [robsherman]
npdoty: Separate IRC channels and conference codes for each group.
18:18:54 [Zakim]
-efelten_
18:18:56 [Zakim]
-[Mozilla]
18:18:59 [Zakim]
-Aleecia
18:19:01 [Zakim]
-[Microsoft]
18:19:01 [Zakim]
-Fielding
18:19:02 [efelten]
efelten has left #dnt
18:19:02 [Zakim]
-vincent
18:19:02 [Zakim]
-vinay
18:19:04 [Zakim]
-Joanne
18:19:06 [Zakim]
-johnsimpson
18:19:08 [johnsimpson]
johnsimpson has left #dnt
18:19:28 [fwagner]
fwagner has joined #dnt
18:20:35 [Zakim]
-BerinSzoka
18:20:56 [Zakim]
-hefferjr
18:21:07 [Zakim]
- +1.415.920.aagg
18:23:05 [ionel]
ionel has joined #dnt
18:23:23 [Zakim]
-[Nielsen]
18:23:30 [schunter]
dan?
18:25:13 [Zakim]
+[Mozilla]
18:25:43 [Zakim]
-[Mozilla]
18:26:34 [afowler]
afowler has joined #dnt
18:28:34 [Zakim]
-[Comcast]?
18:29:01 [Zakim]
-kulick
18:29:09 [Wileys]
Wileys has joined #dnt
18:30:06 [aleecia_]
aleecia_ has joined #dnt
18:33:12 [haakonfb]
haakonfb has joined #dnt
18:35:09 [npdoty]
npdoty has joined #dnt
18:35:16 [peterswire]
peterswire has joined #dnt
18:36:01 [sidstamm]
sidstamm has joined #dnt
18:36:12 [adrianba]
adrianba has joined #dnt
18:36:52 [ionel]
ionel has joined #dnt
18:38:53 [dsinger]
dsinger has joined #dnt
18:39:16 [hwest]
hwest has joined #dnt
18:40:04 [robsherman]
robsherman has joined #dnt
18:40:59 [Lmastria_DAA]
Lmastria_DAA has joined #dnt
18:40:59 [rachel_thomas]
rachel_thomas has joined #dnt
18:42:10 [Lmastria_DAA]
Lmastria_DAA has left #dnt
18:42:37 [schunter]
schunter has joined #dnt
18:43:30 [BerinSzoka]
BerinSzoka has joined #DNT
18:43:52 [fwagner]
fwagner has joined #dnt
18:46:37 [BerinSzoka]
sorry, link to the questions again?
18:46:54 [tlr]
jonathan, can you hear phone?
18:47:24 [Zakim]
Team_(dnt)15:30Z has been moved to #dnte by tlr
18:49:59 [fwagner_]
fwagner_ has joined #dnt
18:51:27 [fwagner_]
fwagner_ has joined #dnt
18:55:10 [peterswire]
peterswire has joined #dnt
19:11:21 [Wileys]
Wileys has joined #dnt
19:12:15 [peterswire]
peterswire has joined #dnt
19:12:19 [fwagner]
fwagner has joined #dnt
19:23:02 [peterswire]
peterswire has joined #dnt
19:34:08 [ionel]
ionel has joined #dnt
19:38:04 [sidstamm]
sidstamm has left #dnt
19:50:15 [npdoty]
are we going to 3 or 3:30?
19:55:02 [ionel]
ionel has joined #dnt
19:56:45 [wseltzer]
3:15, according to schedule
19:57:39 [susanisrael]
susanisrael has joined #dnt
20:00:06 [peterswire]
peterswire has joined #dnt
20:02:08 [efelten]
efelten has joined #dnt
20:08:55 [intern4]
intern4 has joined #dnt
20:12:31 [fwagner]
fwagner has joined #dnt
20:13:07 [ionel]
ionel has joined #dnt
20:17:21 [WaltM_Comcast]
WaltM_Comcast has joined #dnt
20:20:51 [fielding]
zakim, move TRACK to here
20:20:52 [Zakim]
ok, fielding; that matches Team_(dnt)15:30Z
20:22:25 [Zakim]
+BerinSzoka
20:24:36 [dsinger]
dsinger has joined #dnt
20:24:53 [Zakim]
+kulick
20:25:09 [Zakim]
-[Nielsen]
20:25:46 [Zakim]
+vinay
20:25:47 [Zakim]
-BerinSzoka
20:26:28 [vinay]
vinay has joined #dnt
20:26:47 [BerinSzoka]
could you please let us know when we should dial back in?
20:30:44 [afowler]
afowler has joined #dnt
20:33:19 [ionel]
ionel has joined #dnt
20:33:25 [hefferjr]
hefferjr has joined #dnt
20:33:25 [Zakim]
+hefferjr
20:34:39 [WaltM_Comcast]
WaltM_Comcast has joined #DNT
20:40:54 [aleecia_]
aleecia_ has joined #dnt
20:42:00 [haakonfb]
haakonfb has joined #dnt
20:43:58 [dsinger]
dsinger has joined #dnt
20:44:48 [wseltzer]
[re-starting here at 3:55]
20:45:01 [Zakim]
+[Nielsen]
20:45:17 [wseltzer]
[in 10 minutes]
20:45:50 [johnsimpson]
johnsimpson has joined #dnt
20:46:49 [Zakim]
+[IPcaller]
20:47:09 [vincent]
zakim, [IPcaller] is vincent
20:47:09 [Zakim]
+vincent; got it
20:47:13 [Zakim]
+johnsimpson
20:47:48 [David_Stark]
David_Stark has joined #dnt
20:47:53 [Zakim]
+aleecia
20:48:26 [Zakim]
+ +1.415.920.aann
20:48:28 [aleecia]
aleecia has joined #dnt
20:48:36 [aleecia]
zakim, who is on the phone?
20:48:36 [Zakim]
On the phone I see MIT-Star, Fielding, WaltM_Comcast, kulick, vinay, hefferjr, [Nielsen], vincent, johnsimpson, aleecia, +1.415.920.aann
20:48:40 [Zakim]
+Joanne
20:48:40 [adrianba]
adrianba has joined #dnt
20:48:47 [Zakim]
+Mark_Vickers
20:49:37 [sidstamm]
sidstamm has joined #dnt
20:49:51 [BerinSzoka]
when are we starting up again?
20:50:11 [johnsimpson]
Let's get started
20:50:21 [wseltzer]
5 more minutes
20:51:06 [Zakim]
+BrianHuseman
20:51:43 [BrianHuseman]
BrianHuseman has joined #dnt
20:52:03 [kj]
kj has joined #dnt
20:53:06 [Zakim]
- +1.415.920.aann
20:54:03 [adrianba]
adrianba has joined #dnt
20:56:01 [peterswire]
peterswire has joined #dnt
20:56:42 [Lmastria_DAA]
Lmastria_DAA has joined #dnt
20:57:12 [Zakim]
+[Mozilla]
20:57:15 [sidstamm]
Zakim, Mozilla has sidstamm
20:57:15 [Zakim]
+sidstamm; got it
20:57:31 [Zakim]
-WaltM_Comcast
20:57:51 [fwagner]
fwagner has joined #dnt
20:59:55 [aleecia]
thanks for the update, Peter
21:00:01 [Mark_Vickers]
Mark_Vickers has joined #dnt
21:01:36 [rachel_thomas]
rachel_thomas has joined #dnt
21:01:36 [jchester2]
jchester2 has joined #dnt
21:02:21 [adrianba]
adrianba has joined #dnt
21:02:49 [wseltzer]
[restarting, apologies for the delay]
21:03:21 [justin]
justin has joined #dnt
21:03:29 [npdoty]
scribenick: npdoty
21:03:38 [npdoty]
Topic: Post Break-outs
21:03:44 [susanisrael]
susanisrael has joined #dnt
21:03:47 [npdoty]
peterswire: some feedback that it's not the same old discussion
21:03:59 [bryan]
bryan has joined #dnt
21:04:02 [npdoty]
... 18 months for some of you, various distrust and moments of imperfect human interaction
21:04:03 [Yianni]
Yianni has joined #DNT
21:04:03 [susanisrael]
scribenick: susanisrael
21:04:20 [susanisrael]
peter: will try to sum up breakout groups
21:04:41 [susanisrael]
trying to get clarity around use cases, some things held long, some not so long, getting better picture of permitted uses
21:04:48 [susanisrael]
any standard will have to have permitted uses
21:04:59 [susanisrael]
i have a seciton here on 1st party/third party
21:05:15 [robsherman]
robsherman has joined #dnt
21:05:30 [Chapell]
Chapell has joined #DNT
21:05:32 [susanisrael]
several people said they thing 1st parties hold info longer, in particular for targeting, they are often though not always for 3rd parties it's for ashorter time
21:05:37 [RichardatcomScore]
RichardatcomScore has joined #dnt
21:05:37 [hwest]
hwest has joined #dnt
21:05:46 [susanisrael]
that's true a lot of people think for 1st/3rd party sites
21:05:56 [susanisrael]
definition here is broader than some people would like
21:06:07 [susanisrael]
third party would see things across lots of sites, diverse
21:06:24 [rvaneijk_]
rvaneijk_ has joined #dnt
21:06:32 [susanisrael]
if we are thinking about life history, ability to see across many sites gives different ind of visibility into a person's action
21:06:57 [johnsimpson]
q?
21:07:04 [susanisrael]
re: portability, facebook is here, [issue of deletion]
21:07:34 [susanisrael]
info that can be deleted by a user does not tend to be transaction information, which you might need for a while for financial reporting etc
21:07:45 [susanisrael]
shane: didscussed in amsterdam some
21:07:59 [susanisrael]
...data portability tends to relate to user generated information
21:08:14 [Zakim]
+ +1.415.920.aaoo
21:08:19 [susanisrael]
i think we tend to focus in dnt on info like logged in/not
21:08:31 [susanisrael]
peter: agree that irst parties as a category might keep data longer
21:08:44 [susanisrael]
specific actions on your site may be subject to management by you...
21:09:05 [dsinger]
dsinger has joined #dnt
21:09:07 [susanisrael]
by contrast, info in the background is not like that, i don't know who to call to fix it.
21:09:07 [Zakim]
+BerinSzoka
21:09:30 [susanisrael]
[dissussions of problems with display screen]
21:09:34 [sidstamm]
aww, firefox wants the update!
21:09:48 [npdoty]
we're following: http://lists.w3.org/Archives/Public/public-tracking/2013Feb/0095.html
21:09:54 [justin]
q?
21:10:02 [sidstamm]
thanks npdoty
21:10:14 [npdoty]
minutes for each breakout session are linked from: http://www.w3.org/wiki/Privacy/DNT-Breakouts#Breakout_rooms
21:10:26 [npdoty]
thanks to everyone for taking those notes
21:10:28 [aleecia]
thank you Nick!
21:10:30 [susanisrael]
going back to ......our discussion...that's some of the discussion re 1st/3rd paeties, and diff ways browing history treated
21:10:50 [susanisrael]
...no engineer would say "lifetime browsing history" but it gets to something that a lot of people care about....
21:11:12 [susanisrael]
in david singer's group was discussed, may mean a reasonable portion of a person's browsing history.
21:11:29 [susanisrael]
a reason portion means a whole bunch of my history.
21:12:05 [susanisrael]
in nick doty's group, for specifity of data might mean full URL, also have query parameters such as search terms vs domain/path
21:12:13 [susanisrael]
one level less specific just the domain
21:12:24 [susanisrael]
less specific would be a category (buying car etc)
21:12:44 [ATurkel]
ATurkel has joined #dnt
21:12:48 [Zakim]
+ +1.202.587.aapp
21:12:54 [susanisrael]
a second point is ow associated is that to the user: not browsing history of me or my device if not linked back to a user.....
21:13:09 [susanisrael]
[asks nick to help lay out discussion]
21:13:33 [fielding]
e.g., per site data, or per campaign data
21:13:37 [susanisrael]
nick: in some cases you would have association to cookie or a user id that can be easily linked to a user vs. one that can't be easily linked
21:13:39 [aleecia]
I take it Shane was in Nick's group? :-)
21:13:43 [susanisrael]
may discuss tomorrow
21:14:01 [susanisrael]
3rd dimension is "how much time,"--no agreement, that's why we're working on this
21:14:02 [npdoty]
I was borrowing Shane's language for that summary, but I think it was suggested by dwainberg
21:14:18 [susanisrael]
let me observe that part of what we are trying to do is sort through a regime
21:14:23 [BillScannell_]
BillScannell_ has joined #DNT
21:14:36 [susanisrael]
this is a fairly parsimonious set of dimensions for what we are working on
21:14:50 [susanisrael]
heather's group had different way to split up data,
21:15:02 [susanisrael]
one set is clickstream connected to me or my device
21:15:26 [susanisrael]
managed data, may be enriched, has been processed some what but may be linkable in some way
21:15:26 [BillScannell__]
BillScannell__ has joined #dnt
21:15:46 [Paul_G]
Paul_G has joined #dnt
21:15:51 [susanisrael]
third part is de-identified (hashed/salted)
21:16:44 [susanisrael]
rob van ejk: just to be clear the idea was that in the middle domain, we considered that part of the managing the data was hasing/salting to move it toward de-identified, the processing of the data is what we called "managing"
21:16:49 [schunter]
schunter has joined #dnt
21:17:01 [susanisrael]
de-identified means you have already processed it and have thrown away the salt...
21:17:13 [susanisrael]
peter: heather i am now less clear between 2 AND 3 CAN YOU HELP?
21:17:55 [susanisrael]
HEATHER: WE DIVIDED DATA INTO 3 SETS, 1) RAw event data, 2) somewhat processed, and is the data set you work with, 3) de-identified, maybe you have hashed it and thrown away the keys
21:18:04 [susanisrael]
peter: rob do you see differently?
21:18:08 [fielding]
3 data sets, with processing to move between sets
21:18:20 [susanisrael]
rob: i would read this as the hasing is an activitiy
21:18:29 [susanisrael]
rigo:
21:18:58 [susanisrael]
very shortly to confirm this, it's the final state we described not how you et there, the final state /the spec would describe how you get there
21:19:12 [fielding]
please don't go there
21:19:44 [susanisrael]
....there would be permitted uses, like security uses, from raw data you strip it down, and the middle area fits very well with our concept of permitted uses
21:20:29 [susanisrael]
peter: from david s group, discussion of data minimization, once we determine what permitted uses are, data should not be used for other things.....
21:21:04 [susanisrael]
peter: for the time limit there is a split within group re: when word reasonable should be used or reasonable numbers should be used, will describe reasons i've heard for each
21:21:37 [susanisrael]
specific time period has advantages bc sends clear msgs, engineers know how to build, sends msg to outsiders....reasons for specificity
21:22:03 [susanisrael]
but reasons to have reasonable and such other words is world is complicated, we use words like this in torts.....
21:22:38 [susanisrael]
also if period is a year, you don't want to have big enforcement action bd you keep data for year and a day
21:22:43 [justin]
reasonable PLUS DISCLOSURE
21:22:46 [susanisrael]
are there other justifications?
21:23:11 [susanisrael]
david w: when you set a time frame it may actually be longer than "reasonable would have been."
21:23:15 [johnsimpson]
reasonable with disclosure makes sense
21:23:25 [susanisrael]
peter: this is the rules vs standards problem that law professors discuss
21:23:41 [susanisrael]
peter: anti-fraud is one category where people say they need data for a longer time
21:24:07 [susanisrael]
areas where there is long but people don't understand how long are financial audit, cybersecurity, anti-fraud...
21:24:35 [susanisrael]
as with mrc, i am inclined, as with mrc, to try to further develop facts around this in next few wednesday calls...
21:25:00 [susanisrael]
one question re: anti-fraud is that safari has provisions now tha tblock cookies, etc, but world continues to operate. How?
21:25:17 [susanisrael]
rold of ip address rather than full uri
21:25:44 [susanisrael]
cost vs. impression, cost per click, cost per action are different biz models with different views of this
21:25:58 [susanisrael]
one group said if we go to bucket approach what if we convert immediately
21:26:18 [susanisrael]
tomorrow we may do more work on pseudonyms....but there was less full discussion
21:26:31 [susanisrael]
today's discussion was about uses, we've mentioned most permitted uses
21:26:48 [susanisrael]
there is an idea that many versions of targeted marketing have shorter retention periods,
21:26:49 [dwainberg]
dwainberg has joined #dnt
21:27:05 [susanisrael]
3rd parties, especially, seem to need detailed info for shorter period.
21:27:17 [susanisrael]
the rotate a hash part i see as part of tomorrow's discussion
21:27:27 [afowler]
afowler has joined #dnt
21:27:38 [susanisrael]
there are things in scope, and we talk about what uses permitted there, then there is a realm of things outside the scope
21:27:48 [afowler]
afowler has joined #dnt
21:27:56 [susanisrael]
so tomw we will talk about de-id and to what extent is base text useful
21:28:03 [susanisrael]
any comments from chairs of the groups?
21:28:08 [bryan]
"a large part" of the use for targeted marketing being short term does not mean that all or all important marketing uses are short term
21:28:27 [johnsimpson]
q?
21:28:36 [susanisrael]
opening it up to anyone who disagrees or wants to clarify or amplify a groups discussion
21:28:45 [johnsimpson]
zakim, who is on the phone?
21:28:45 [Zakim]
On the phone I see MIT-Star, Fielding, kulick, vinay, hefferjr, [Nielsen], vincent, johnsimpson, aleecia, Joanne, Mark_Vickers, BrianHuseman, [Mozilla], +1.415.920.aaoo,
21:28:49 [Zakim]
... BerinSzoka, +1.202.587.aapp
21:28:49 [Zakim]
[Mozilla] has sidstamm
21:28:59 [susanisrael]
eventually we will have to find ways in a standard to have permitted uses and decide how we say how long data can be kept for each of these
21:29:43 [susanisrael]
Chris Mejia: for tareting if go to bucket, what if convert immedately to car enthusiast, the word "imeediately" is a concern
21:29:54 [susanisrael]
peter: the word "short-term" was used
21:30:00 [moneill2]
moneill2 has joined #dnt
21:30:03 [susanisrael]
chris: immedicately does not allow for processing time
21:30:23 [susanisrael]
peter: we have not suraced issue that in current text there is an n for short term exception
21:30:45 [Mark_Vickers]
Mark_Vickers has joined #dnt
21:30:50 [susanisrael]
things are easier if there is a short period when you can sort things out and don't have to worry re: permitted uses, which could then be used longer
21:30:58 [npdoty]
q?
21:31:08 [susanisrael]
this would create shorter, simpler standard, with shorter lists of permitted uses,
21:31:09 [justin]
Short-term retention DNE all bets are off.
21:31:26 [susanisrael]
how much does a 30,60, 90 days short term period simplify permitted uses discussion
21:31:59 [susanisrael]
rigo: do you mean for 30 days there is no collection limitation, then we start to count...i would expect rob to have concerns aboutt this
21:32:26 [susanisrael]
danny w used to say let's collect everything and limit uses, but on european side we are more concerned with data minimization
21:32:29 [rachel_thomas]
q+
21:32:30 [susanisrael]
this must be includd
21:32:38 [aleecia]
(agree with Rigo: the 6 weeks was never meant to be a free-for-all time)
21:33:13 [susanisrael]
peter: euro vs. us, we are trying to have meeting in berlin re: global considerations task force, and dnt= 0 has gotten concern and need it to be meaningful
21:33:15 [schunter]
schunter has joined #dnt
21:33:19 [justin]
And the draft standard is quite clear on that.
21:33:34 [susanisrael]
in euro context. is this right rego? dnt o?
21:33:50 [aleecia]
Rigo was unmiked, could we get that scribed?
21:33:50 [susanisrael]
rigo: no dnt -1, so need better def of dnt 1
21:34:26 [susanisrael]
rachel thomas: uncomfortable with idea that assume there is requirement to show need to retain data and it shouldn't be that binary, bc of possible innovation over time
21:34:32 [susanisrael]
not just use/no use
21:34:49 [kj]
kj has joined #dnt
21:34:49 [susanisrael]
rachel: concept of harm should not be lost re: dat aminimization
21:35:03 [susanisrael]
peter: one of the things i am almost tempted to ban harm
21:35:10 [susanisrael]
rachel: can we ban need>
21:35:12 [johnsimpson]
cannot hear the cross talk!!
21:35:23 [susanisrael]
peter: each of has favorite 4 letter words
21:35:23 [johnsimpson]
please use a microphone!!!!
21:35:54 [susanisrael]
peter: one thing i did not report back on is that when we had the discussion at cdt re: de-ident, khaled said he had a worksheet re: harm
21:36:12 [susanisrael]
but it turned out this tool did not lineup with our use cases and was complex
21:36:25 [susanisrael]
we had contemplated having discussion re; harm but it didn't work
21:36:36 [susanisrael]
rachel: but there is space between need and harm
21:36:40 [johnsimpson]
will people please, please use the microphone?>?
21:36:48 [npdoty]
q?
21:36:58 [npdoty]
ack rachel_thomas
21:37:01 [npdoty]
q+ rvaneijk_
21:37:20 [susanisrael]
peter: knowing this is a difficult place to say anything. A big focus of discussion is those who elect dnt 1, but even then when person wishes no tracking , there are permitted uses....
21:38:01 [susanisrael]
but logic is that since person has said dnt 1, permitted uses should be based on need, exceptions that are required for how the ecosystem works
21:38:05 [dwainberg]
q+
21:38:15 [susanisrael]
logic is tht you have the data and you use it for one of the permitted uses
21:38:24 [susanisrael]
that is spearate from the idea of harm
21:38:41 [Zakim]
-[Nielsen]
21:38:51 [susanisrael]
if we hare to have a standard, dnt 1 has to mean something. There will be exceptions, but we have to define them [implied: and the need for them]
21:39:18 [marc]
marc has joined #dnt
21:39:21 [susanisrael]
these are uses that are justified despite users desire not to have data used. I think it's logical
21:39:28 [johnsimpson]
q?
21:39:34 [justin]
ack rvaneijk_
21:39:57 [susanisrael]
rob: want to push back on data minimization, if we talk about permitted use, then of course there is an element of purpose limitation within that
21:40:13 [peterswire]
q?
21:40:16 [susanisrael]
if you don't need the data for that purpose any more, then it is logical to discard that data...
21:40:35 [npdoty]
q+ lmastria
21:40:45 [justin]
ack dwainberg
21:40:52 [susanisrael]
david wainberg: on this issue of harms, let me turn it a different way. Understand the problem and what you are saying peter.. but for diff concerns/harms have different actions associated
21:41:24 [susanisrael]
for example, if concern is breach that is different than user preference, i think it is very contextual, and want to emphasize that we focused a lot on targeting....
21:41:48 [susanisrael]
but other side is as if not more important, for example, measurement, billing, attribution after ad has been targeted and delivering,
21:42:00 [susanisrael]
peter: i think that has been central to permitted uses discussion
21:42:01 [Mark_Vickers]
Mark_Vickers has joined #dnt
21:42:13 [Mark_Vickers]
Mark_Vickers has left #dnt
21:42:16 [Mark_Vickers]
Mark_Vickers has joined #dnt
21:42:20 [johnsimpson]
q?
21:42:24 [susanisrael]
david w: yes, but when we talk about minimizing uris, buckets, these are on the targeting side:
21:42:32 [susanisrael]
q+
21:42:36 [justin]
ack lmastria
21:43:00 [aleecia]
q+
21:43:01 [susanisrael]
lou: to pick up on what david is saying we spent time thinking about what is the harm, as privacy professionals we need to think about mitigating harms
21:43:16 [susanisrael]
we do ourselves service if we define what we are dealing with:
21:43:48 [johnsimpson]
q?
21:44:01 [justin]
ack susanisrael
21:44:09 [susanisrael]
....we should be bound by some specific harm
21:44:22 [susanisrael]
susan: targeting? vs accounting?
21:44:25 [susanisrael]
david w: yes
21:44:37 [peterswire]
q?
21:44:42 [robsherman]
ack aleecia
21:44:59 [susanisrael]
aleecia: not discussing harm, but are making a tool for user choice. Saying users have made choice and there are things that trump that
21:45:10 [susanisrael]
we are not in a qu of harm, its for user choice and control
21:45:44 [susanisrael]
peter: qu for lou or rachel or davd: in daa rules which have user opt out choice what harm is being addressed?
21:46:14 [rvaneijk_]
q+
21:46:17 [susanisrael]
lou: i think transparency /choice is what we are trying to provie, came out of ftc report that interest based advertising needs to be more transparent?
21:46:23 [johnsimpson]
q?
21:46:33 [susanisrael]
peter: isn't this similar to what we are doing here with do not track
21:46:53 [susanisrael]
lou: we are making it transparent and maintaining user experience that users have come to know from internet
21:47:06 [hwest]
hwest has joined #dnt
21:47:20 [johnsimpson]
q?
21:47:21 [justin]
This discussion is too ethereal. This was more helpful when we were focusing on specifics.
21:47:26 [susanisrael]
peter: trying to play back: that has to do in part with scale, if 98 percent decided to shift away, that would change it
21:47:29 [peterswire]
q?
21:47:42 [rvaneijk_]
q-
21:48:28 [susanisrael]
rachel: 2 sets of principles-multisite and oba....came from discussions of harm with ftc, but to follow on from what aleecia said there are scopes of prohibitions related to harms.
21:48:39 [susanisrael]
peter: we have presentation re: market research
21:48:48 [susanisrael]
can somewhat put in irc where link is?
21:48:55 [johnsimpson]
apologies, have to leave
21:48:56 [susanisrael]
tomorrow we will talk about media in germany
21:49:02 [npdoty]
http://www.w3.org/2011/tracking-protection/boston-2013/esomar-stark.pdf
21:49:05 [Zakim]
-johnsimpson
21:49:10 [johnsimpson]
johnsimpson has left #dnt
21:49:22 [aleecia]
Rachel if you're arguing there must be harm or we don't allow permitted uses (which I don't think you were, per se) then I'd counter we're trying hard to find ways for freq capping to work
21:49:32 [susanisrael]
peter: thanks for participation, seemed like people on phone could participate
21:49:44 [susanisrael]
re: market research let me frame/describe relevant
21:49:53 [susanisrael]
market research widely done today,
21:50:07 [aleecia]
And there's no justification for why we should ignore user preferences there. It's just if we *can* get profits from freq capping without serious privacy implications, hey, why not? Profits good.
21:50:07 [susanisrael]
have talked with many re: how things evolved from tv/phone world
21:50:17 [susanisrael]
will have questions that may seem pointed.
21:50:32 [susanisrael]
1> in a telephone world i can decide whether to accept
21:50:45 [susanisrael]
in online world i do not realize research is happening....
21:50:50 [npdoty]
susan was noting it was hard to scribe for rachel's and lou's responses
21:51:16 [susanisrael]
2> will tell you hipaa story, we had to define hipaa bc people trying to cure cancer, and we want that to proceed
21:51:31 [npdoty]
I think the point from Rachel was that there was minimal or no harm seen on OBA, and that on multi-site data the harm was around eligibility for services, which is why that was prohibited
21:51:36 [susanisrael]
other people said research is everthing we do to find out about a patient
21:51:56 [npdoty]
and Lou pointed out that the opt-out was a direct response to the FTC report on interest-based advertising
21:52:00 [susanisrael]
in hipaa context we had to define research vs knowledge discovery
21:52:10 [susanisrael]
research could mean every time you find something out.
21:52:11 [npdoty]
(just trying to catch up, please correct me if I got those wrong)
21:52:33 [susanisrael]
if there is market research permitted use, how do we tell what is real research
21:52:48 [aleecia]
The David Singer Russian whale "research" problem
21:53:04 [susanisrael]
rachel: think important qu: need to note diference between academic and market research, even understanding your product
21:53:38 [BillScannell__]
Raise your hand!
21:53:44 [susanisrael]
peter: in addition to curing cancer there are other things we need to achieve..but if research means every time we learn more......it's everything
21:53:57 [susanisrael]
if that's not what you mean, let's find out where line is
21:54:07 [amyc]
amyc has joined #dnt
21:54:07 [susanisrael]
david stark of esomar (from toronto):
21:54:16 [Zakim]
+ +1.215.480.aaqq - is perhaps WaltM_Comcast
21:54:27 [peterswire]
peterswire has joined #dnt
21:54:31 [npdoty]
rvaneijk, we might have missed you on the queue, make your point in IRC if you can
21:54:44 [peterswire]
q?
21:54:46 [susanisrael]
in interest of time, cutting out jokes......esomar strted in 1948 as euro society of opinion and marketing research
21:54:59 [susanisrael]
i am member of legal and professional stndards committee
21:55:02 [npdoty]
reminder, slides: http://www.w3.org/2011/tracking-protection/boston-2013/esomar-stark.pdf
21:55:05 [peterswire]
for those on phone, how is the sound level?
21:55:18 [BerinSzoka]
sound is fine
21:55:21 [peterswire]
thx
21:55:22 [aleecia]
Was fine with you, cutting out a little here
21:55:23 [hefferjr]
sound is good
21:55:33 [aleecia]
Intelligible though
21:55:53 [susanisrael]
they have done good job of working with groups in places where no other national association, encourage them to adopt esomar code:
21:55:56 [aleecia]
Ah, thanks!
21:56:07 [susanisrael]
to set context re: market social and opinion research
21:56:24 [susanisrael]
census in us is e xample of market reserach
21:56:30 [Zakim]
-[Mozilla]
21:56:44 [susanisrael]
(other historical examples of market research)
21:57:49 [susanisrael]
nielsen, telephone reserrach, now online research panels, and now passive data collection and census data collection on line
21:58:30 [susanisrael]
key research areas, concept testing, biz-biz, market measurement, social resarch, politial, media measurement, key clients......(lists)
21:58:55 [susanisrael]
esomar code definition of market social and opinion research includes "no return path to individual"
21:59:19 [susanisrael]
data is aggregated unless data subject completely agrees to waive that right to be unlinkable
21:59:45 [rachel_thomas]
for discussion purposes, the definition of "market research" included in the DAA multi-site data principles is...Market Research means the analysis of: market segmentation or trends; consumer preferences and behaviors; research about consumers, products, or services; or the effectiveness of marketing or advertising. A key characteristic of market research is that the data is not re-identified to market directly back to, or otherwise re-contact a [CUT]
22:00:01 [susanisrael]
key distinction is that we are not about sales and marketing, really really important
22:00:04 [rachel_thomas]
device. Thus, the term “market research” does not include sales, promotional, or marketing activities directed at a specific computer or device.
22:00:40 [susanisrael]
telemarketers trade on our good name to sell something, which is prohibited in a lot of ad codes and competition law, ftc requires telemarketers to disclose purpose up front
22:00:49 [susanisrael]
gathering info for sale is not market research
22:01:10 [susanisrael]
1st code 1948, revised 1977 with international chamber of commerce
22:01:14 [BillScannell]
BillScannell has joined #dnt
22:01:15 [Joanne]
confirming David is on sldie 5
22:01:23 [susanisrael]
has been revised 3 times, i have been involved
22:01:40 [justin]
yes, joanne
22:01:46 [susanisrael]
it has disciplinary procedures, self regulatory mechanisims....
22:01:57 [robsherman1]
robsherman1 has joined #dnt
22:02:08 [Joanne]
thanks Justin
22:02:14 [susanisrael]
esomar asked members how many complaints...was quite small, often that people did not get panel incentives
22:02:20 [justin]
Who would know to complain about partcipating in a passive panel?
22:02:20 [Zakim]
+[Microsoft]
22:02:33 [susanisrael]
identifying info in strict confidence unless that right is waived by respondent
22:03:24 [Zakim]
-hefferjr
22:03:29 [npdoty]
"frugging" -> fundraising under the guise of doing research
22:04:03 [peterswire]
q?
22:04:52 [BillScannell_]
BillScannell_ has joined #dnt
22:04:56 [schunter]
schunter has joined #dnt
22:07:39 [npdoty]
david_stark: opted-in panel members (through cookies, browser plugins, etc.) would be an out-of-band exception, so we're happy with that
22:08:07 [npdoty]
... also census-style measurement about ad placement
22:08:20 [npdoty]
... like to combine census-measurement with panel members to cross-validate
22:08:48 [npdoty]
... use advertising networks to help identify certain individuals on the web
22:09:19 [npdoty]
... for a jeweler targeting women between 40 and 60, use an advertising network to find an audience to ask to take a survey or join a panel
22:09:24 [npdoty]
... intercept sampling method
22:09:25 [justin]
"no return path to the individual" o_0
22:09:51 [npdoty]
david_stark: a few use cases: outdoor audience measurement
22:10:07 [npdoty]
... people who see billboards, do they recall seeing the ad?
22:10:13 [npdoty]
... count cars or pedestrians passing by an ad
22:10:36 [npdoty]
... estimates regarding the reach or frequency
22:10:56 [npdoty]
... online marketing works in a similar way
22:11:02 [justin]
Do you track license plate numbers to track those cars over time?
22:11:09 [justin]
Because that would be the better analogue.
22:11:49 [aleecia]
drop out
22:11:50 [npdoty]
... reports delivered to the client not including individual data
22:12:06 [Joanne]
better now
22:12:34 [npdoty]
richard_weaver: confusion about what customers actually see
22:12:41 [npdoty]
... fields for average daily visitors, minutes spent online
22:12:49 [npdoty]
... aggregated data, not data related to the individual
22:13:17 [npdoty]
... drill down, see more about different @@@ digital properties
22:13:50 [npdoty]
... hybridization / calibration of data -- age ranges calibrated off the opt-in panel
22:13:59 [Zakim]
-vinay
22:14:05 [justin]
q+
22:14:08 [npd_test]
npd_test has joined #dnt
22:14:26 [npdoty]
richard_weaver: we obfuscate IP address for this census collection
22:14:35 [npdoty]
... takes away some of the concern of the people we collect
22:14:41 [npdoty]
... but we use unique cookies
22:14:41 [aleecia]
drop last octet?
22:14:45 [aleecia]
(cannot hear questions)
22:15:26 [npdoty]
ack justin
22:15:29 [npdoty]
justin: in that case, what's the privacy benefit of obfuscating the IP address?
22:15:45 [npdoty]
richard_weaver: the ID is not tied back to a particular individual necessarily
22:15:59 [npdoty]
... some jurisdictions believe IP addresses are a certain sensitivity
22:16:34 [npdoty]
david_stark: limit how often you approach panelists about something
22:16:41 [justin]
q+
22:17:02 [npdoty]
... with the IP address, you still have useful geographical information for use in calibration
22:17:17 [npdoty]
ack justin
22:17:33 [npdoty]
justin: what are the rules about retaining identifiers to a unique device if not user?
22:17:38 [aleecia]
we've heard 5+ years
22:17:44 [npdoty]
david_stark: it depends on the research objective
22:17:57 [npdoty]
... collect the data and then perform the aggregation after the campaign has ended
22:18:21 [npdoty]
richard_weaver: may take up a week to process data, ten days more in EU, want to have month over month raw data available
22:18:29 [npdoty]
... want to go back and re-process data
22:18:51 [npdoty]
david_stark: for typical ad campaigns, 3 months might be the majority, plus a month or two to process
22:19:09 [npdoty]
... if you look at data protection laws, you hang onto the data only as long as necessary for the purpose
22:19:14 [peterswire]
q?
22:19:22 [aleecia]
q+
22:19:28 [npdoty]
richard_weaver: esomar requires disclosing data retention policies
22:19:38 [dsinger]
dsinger has joined #dnt
22:19:55 [npdoty]
david_stark: have heard from MRC already
22:20:51 [peterswire]
Q?
22:21:01 [npdoty]
... intercept, finding people to ask for a survey
22:21:17 [npdoty]
... in the offline world, approaching people in a mall -- there is a kind of targeting that takes place
22:21:39 [npdoty]
... target audience, these are the kind of people you need to approach
22:21:47 [peterswire]
hello: I will try to achieve a hard stop by 5:30 eastern
22:22:20 [npdoty]
... online, when we target the people we want to survey, we'll show a banner ad or pop-up
22:22:34 [aleecia]
q?
22:22:46 [aleecia]
cannot hear
22:22:46 [peterswire]
ack aleecia
22:22:57 [justin]
you're up aleecia
22:22:57 [peterswire]
please go ahead
22:23:14 [npdoty]
aleecia: make my living doing research; agree panels fit an out-of-band form of consent
22:23:24 [npdoty]
... consent is a big part of human subjects research work
22:23:37 [npdoty]
... don't have to have demographics ahead of time (as in phone surveys)
22:23:53 [npdoty]
... is there any jurisdiction where when a subject refuses to continue to research them anyway?
22:24:25 [npdoty]
david_stark: no. but there is a desire for very high response rates; distinction between hard and soft refusals on phone surveys, for example
22:24:59 [npdoty]
... there are clients, specially trained interviewers to enlist cooperation of soft refusal
22:25:26 [npdoty]
aleecia: I would see DNT:1 as a hard refusal, like interviewing who says no
22:25:26 [npdoty]
q+ rvaneijk
22:25:44 [npdoty]
peterswire: wrap up now, but will have some time to talk in the first session tomorrow
22:25:46 [npdoty]
ack rvaneijk_
22:25:50 [justin]
I had thought key _resolved_ questions . . .
22:26:07 [npdoty]
rvaneijk: how do you find the people for the limited demographic group?
22:26:28 [npdoty]
david_stark: how did the advertising networks find those people? that's who we work with
22:27:18 [npdoty]
... if your panel is large enough, then you can ask question of more specific groups (people with a low-incidence medical condition, for example)
22:27:39 [tlr]
rrsagent, make record world
22:28:15 [npdoty]
richard_weaver: if we don't have a profile of someone yet, then no, we don't have that info yet
22:28:22 [npdoty]
... not from the census-level measurement
22:28:30 [WaltM_Comcast]
WaltM_Comcast has joined #dnt
22:28:33 [npdoty]
peterswire: in our session tomorrow morning we'll continue with this
22:28:44 [npdoty]
topic: wrap-up
22:28:58 [npdoty]
1. please pick up your trash from your immediate area as you leave
22:29:13 [npdoty]
2. alcohol is available after this session, down the hall to the right and to the left, you'll see it
22:29:40 [Zakim]
-Joanne
22:29:41 [Zakim]
-[Microsoft]
22:29:42 [Zakim]
-BrianHuseman
22:29:42 [Zakim]
- +1.415.920.aaoo
22:29:44 [Zakim]
-WaltM_Comcast
22:29:44 [Zakim]
-aleecia
22:29:44 [ionel]
ionel has left #dnt
22:29:45 [Zakim]
-vincent
22:29:47 [npdoty]
3. one-stop button is the answer to all problems, boston snow buttons being handed out
22:29:47 [Zakim]
- +1.202.587.aapp
22:29:49 [Zakim]
-Mark_Vickers
22:30:01 [Zakim]
-BerinSzoka
22:30:20 [npdoty]
rrsagent, please draft minutes
22:30:20 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dnt-minutes.html npdoty
22:30:26 [Zakim]
-kulick
22:37:01 [Zakim]
-Fielding
22:41:29 [aleecia]
aleecia has left #dnt
22:42:02 [Zakim]
disconnecting the lone participant, MIT-Star, in Team_(dnt)15:30Z
22:42:03 [Zakim]
Team_(dnt)15:30Z has ended
22:42:03 [Zakim]
Attendees were MIT-Star, +1.215.480.aaaa, vinay, efelten_, Susan_Israel, +1.202.345.aabb, johnsimpson, BrianHuseman, BerinSzoka, +1.215.480.aacc, +1.646.654.aadd, kulick, Aleecia,
22:42:03 [Zakim]
... jchester2, +1.916.641.aaee, Joanne, Fielding, Jonathan_Mayer, +1.202.587.aaff, sidstamm, +1.415.920.aagg, [Microsoft], [Nielsen], hefferjr, +1.215.480.aahh, [Comcast]?,
22:42:04 [Zakim]
... +1.215.480.aaii, vincent, +1.215.480.aajj, tlr, +1.215.480.aakk, +1.215.480.aall, +1.215.480.aamm, +1.415.920.aann, Mark_Vickers, +1.415.920.aaoo, +1.202.587.aapp,
22:42:04 [Zakim]
... +1.215.480.aaqq
22:58:17 [afowler]
afowler has joined #dnt
23:05:04 [afowler]
afowler has left #dnt