11 Feb 2013

See also: IRC log


npdoty, susanisrael


<robsherman> .. And we're going to try to do more here.

<robsherman> ... (slide 5)

<Wileys> Rigo: using that logic could be applied to opt-out cookies as well...

<robsherman> ... Minimum criteria for what we're doing: (1) create a standard, (2) consistent with charter, (3) significant change from status quo, (4) can explain why DNT:1 reduces tracking

<Chapell> How does the compliance doc solve this issue? we don't see to be interested in requiring that browsers disclose dnt functionality in this group

<robsherman> ... On status quo: If we do all of this work and nothing changes, we'll have something we'll call DNT that will be a big nothing burger.

<aleecia> DNT needs to do one thing, not be multiple choice up to the company with utterly no communication back to the user

<robsherman> ... This means some people will have different options in their business models.

<robsherman> ... It only makes sense to do this work if we're going to do something. If at the end of the day we do nothing, the world will see it as nothing and that won't be a great result.

<Chapell> does that include requiring the browsers to provide a clear description of dnt functionality?

<rigo> Wileys: sure, there was a cookie option developed. I think a lot of people believe that DNT offers 2 things: A new attempt to find compromise and a means to make it technically more robust

<robsherman> ... Finally, there has to be something we explain to people about what DNT means.

<Wileys> Allecia, how is having a status response on every page request equate with "utterly no communication back to the user"?

<robsherman> ... These criteria are minimum set you need to have this make sense.

<rigo> Wileys: because a cookie thing won't give you a consent recording facility IMHO

<robsherman> ... If we achieve these four, we'll have done something. And if we don't, we'll THINK we've done something.

<robsherman> ... But W3C isn't an island. There's other work going on in DAA, FTC, developers of "self-help" measures.

<susanisrael> *

<robsherman> ... I'm not saying everything has to happen in W3C. If we move the whole ecosystem I'd consider that a success because we'll have developed something that works for users.

<robsherman> ... If you're against these four things, we'll need to understand why.

<robsherman> ... (slide 6)

<susanisrael> *zakim, iit is possible i will drop off irc but remain on phone

<vinay> aleecia - in principle i agree with you; but practically companies are going to treat DNT differently. There are even many in the TPWG trying to create different meanings of what DNT means. For example, the idea of someone pushing 'absolutely no tracking' (or whatever its being called now)

<robsherman> ... Fifth thing: Adoption.

<aleecia> Shane - other than hearing Senate testimony, how would I learn how Google's opt out differs from Yahoo's?

<Wileys> Rigo: If I ask a consumer for a specific consent and that user gives that consent and I record it in a cookie, I believe every single country in the EU would support that outcome.

<robsherman> ... If we adopt a great standard that nobody implements, that's not a great solution. This is relevant to what "consensus" means.

<vinay> some companies may apply it to first party data collection/use

<justin_> Vinay, but a DNT standard would at least mean a reliable floor.

<robsherman> ... The people who make a standard work have to be on board far enough to make sure that we have a reasonable chance of success. We need to talk with the people who will build this to understand how it will work in the real world.

<robsherman> ... Questions about these five elements?

<npdoty> questions or comments about these five things?

<Wileys> Aleecia, read our privacy policies. How else do you expect to understand the details of any company's internal business practices? Where else do you expect that information to be conveyed?

<vinay> justin_, completely agree. i'm just pointing out that we won't have one way to know how all companies treat it.

<robsherman> Rachel_Thomas: Two comments. First, the idea that Congress isn't passing laws doesn't mean that it isn't considering this and hasn't decided against passing laws because of good work in the self-regulatory arena.

<aleecia> Vinay at the very bare minimum we need some ability for users to distinguish those. I doubt we will word smith that and cannot do UI for browsers, but there should be feedback, when there is a UI for a UA

<robsherman> ... Also want to question whether a standard needs to be understood as a significant change from the status quo.

<robsherman> ... It should be something that is adopted by a significant amount of the general community.

<robsherman> ... W3C is codifying standards based on what's acceptable in the broader environment.

<robsherman> ... This relates to the comment about adoption: If we're coming from the idea that people need to change significantly, then that may impact adoption.

<aleecia> Shane your privacy policies did not explain last time I read them word-for-word. Unless you've changed that, it's not possible at all to understand via privpols, not just for end users, for practitioners

<schunter> Can people on the phone hear us (peter + rachel + shane) well enough?

<vinay> schunter - yes

<robsherman> WileyS: "Significant change" can be subjective. It's troubling to hear it, though, because it suggests that all of the work that's been done to date has no value.

<justin_> vinay, Yeah didn't think that was controversial. But another benefit of the spec is mandatory disclosure of retention practices, to at least allow external evaluation of differeing policies.

<susanisrael> *zakim, the 215 480 number, i think was walt michel of comcast

<robsherman> ... I don't want to throw the baby out with the bathwater. We're not here to break the Internet.

<robsherman> peterswire: Agree - we're not here to break the Internet.

<WaltM> WatlM is Walter Michel from Comcast

<robsherman> ... But I've emphasized the point that there are conversations elsewhere as well as here. There have been ongoing discussions - in DAA and elsewhere - about a number of things that have changed over time.

<robsherman> ... I've indicated that changes around cookies are good but haven't scaled.

<robsherman> ... It may be that these conversations lead to a set of things around control, user understanding on the Internet.

<robsherman> ... So maybe what we do here becomes a prod to other orgs that create change.

<Chapell> Aleecia, can you help me bridge what - at least in my opinion - seems like a disconnect. You believe that communicating DNT functionality is really important -- is not the browser an ideal place to communicate such functionality?

<robsherman> ... FTC has and, I believe, will continue to be interested in this. I think they're looking for an overarching, persistent, technology-neutral solution.

<aleecia> It is

<robsherman> ... If they see it as not doing that, they may express the view that we haven't achieved what we're trying to achieve.

<rigo> Wileys: sure, you could do DNT with cookies, opt-in or opt-out and many things more. A standard says how people agree to do certain things. And some technical experts said it would be better to do header than cookie. DAA (in background) is for sure an important step. But many believe it did not bring the peace into the market place that it was supposed to bring.

<robsherman> ... There is some degree of change that comes from that.

<vinay> justin_, agreed on that point as well.

<robsherman> ... But I think what Shane/Rachel said was that there are a lot of things that have been built, and if those things turn out to be a successful answer then there's no necessary logical reason we need to do more in W3C.

<aleecia> We need to build the mechanisms to support UAs giving feedback.

<robsherman> ... So you may be saying that what you've done is the right amount.

<robsherman> Rachel_Thomas: A lot of work has been done. 16M consumers. The idea that we need to move beyond that over next 3 days is premature.

<robsherman> efelten: I understand the goal of this effort is to give users some degree of control over collection, retention, and use of data.

<robsherman> ... Existing opt-out mechanisms don't limit collection or retention. Am I right about this? If so, there's a gap.

<johnsimpson> who is speaking?

<Chapell> Aleecia: building mechanisms supporting UA's to give feedback is different than requiring clear disclosures at the point where consumers are making their consent decisions

<robsherman> Lmastria_DAA: Agree with Shane and Rachel. We have put out a set of responsible data use policies that have been widely adopted by a host of folks in the advertising ecosystem to responsibly manage data.

<Wileys> John, Lou Mastria is speaking

<johnsimpson> thnx

<robsherman> ... There are individual companies that do various things. But it's a method for responsible data use practices with meaningful choice. It feels to me that when we talk about changes to the status quo, we may be boiling the ocean. Shouldn't we scope down to what we're actually doing?

<robsherman> ... Don't we need an objective point that we're trying to deal with? Isn't that one of the big things we have to do on Day 1?

<robsherman> ... I don't think that's been clarified yet.

<aleecia> The question is where's the water's edge on where w3c DNT stops. I'd love to see the major browsers agree on UI. I do not believe we can get there here

<robsherman> peterswire: Breakout for today is designed to address this.

<justin> Collection, yes. Retention, no.

<robsherman> efelten: Does DAA limit collection or retention?

<aleecia> How?

<johnsimpson> what limits does DAA put on collection and retention???

<robsherman> WileyS: Yes. But on Peter's original question - are these things the right answer - we've been struggling to understand what the question is.

<efelten> How does the DAA program limit collection or retention? Specific answer please.

<robsherman> peterswire: Next slide has to do with agenda for our two days on Compliance.

<justin> I think DAA requires collection for only seven (or so) buckets, yes?

<johnsimpson> Can we please get an answer to Ed Felton's question?

<jmayer> justin, the exceptions swallow the rule.

<robsherman> ... Deidentification: At some point, information is so aggregated that it no longer identifies an indvidual. Ex: 46% of people who use a site are female.

<jmayer> Peter covered this extensively in his Hill testimony.

<robsherman> ... So we need to focus on the space between completely linked to a person and completely aggregate.

<robsherman> ... Once info is completely deidentified, then it's out of scope. Then there are some things that are covered and some things that aren't.

<robsherman> ... That line has to be there.

<robsherman> ... In the HIPAA context, there's a definition of "personal health information" (PHR). Any regulatory scheme needs to say clearly what is covered and what is not.

<robsherman> ... This is a logical part of any work we do.

<justin> jmayer, I agree they are extremely broad. Not defending them as sufficient. Just answering the question since no one else seemed to want to :) http://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf

<robsherman> ... Related to that is the question of uses: We have some things that are in-scope, and some uses that we've talked about that are allowed even though in-scope.

<Chapell> Aleecia: I hear you. Sounds like we're on the same page re: whether having a disclosure is optimal. Where we may diverge is - again in my opinion - that our inability to require the browsers to provide those disclosures significantly harms almost any DNT standard

<robsherman> ... If we're going to have some of those uses and a standard at the end that covers some things but not others, then this is part of our job.

<robsherman> ... These are complicated/technical, but they have to be resolved.

<robsherman> ... Once we clean these up, there will still be hard issues. Defaults, do you ignore a signal (which is related).

<robsherman> ... We are not trying to solve these questions this week.

<jmayer> justin, see http://webpolicy.org/2011/11/08/a-brief-overview-of-the-supplementary-daa-principles/

<robsherman> ... If we clean up deidentification and permitted uses, we'll have the possibility of getting to an overall structure that works.

<npdoty> (slide 8)

<robsherman> ... How are we going to learn about the world - have facts that we share enough - to be able to come to agreement?

<robsherman> ... If people don't agree on baseline facts, it will be hard to get to agreement.

<robsherman> ... We've had a number of briefings - MRC, encryption.

<robsherman> ... These are efforts to have a common vocabulary and common understanding of facts.

<aleecia> Alan, we're pretty close in views. I just believe even if we rechartered, we could not get an agreement here from the browsers. And, there will be UAs that are not browsers and we may not be able to get the same level of user feedback. I'm not willing to toss out all tools without UIs

<robsherman> ... I haven't said this before, and you might not agree - but here's a pattern of discussion many people will recognize.

<robsherman> ... There's a discussion about something. The people on the "outside" have disagreed and said "couldn't you solve it another way." That's been a concern from people who don't have the data. And then other people who run systems and do have the data, compete on the details of this stuff.

<robsherman> ... For a variety of reasons, they decide they wouldn't like to show certain things.

<robsherman> ... So we have skepticism from the outside and resistance to disclosure from the inside.

<robsherman> ... Here's how the legal system handles this: If one side has the evidence and the other side doesn't, you often say that the presumption is on the side of the people who don't have the evidence. So if the people who have the data want to show something, they need to come forward with the data.

<robsherman> ... This is one reason why we had the MRC discussion. It had been raised before. But we learned that there is a one-year standard. And that there have been waivers of that standard where privacy concerns existed.

<Chapell> Aleecia: yes, I think you're saying that you'd rather have half a loaf, and I'm saying that the half-loaf is so moldy that it may not be edible (:

<vincent> me

<vincent> sorry fo being late

<Wileys> Aleecia, if a tool doesn't have a UI, how could it ever be DNT compliant? This standard is about conveying preferences and exceptions. this is why the original draft excluded non-direct UAs from participating (and I believe that should continue to be the case)

<robsherman> ... If we have other places where we're getting conflicts because skepticism matches up with lack of information, I'm going to ask the people on the inside to help us understand.

<robsherman> brooks: I don't want to be overly detailed, but I think you may have mischaracterized MRC discussion.

<robsherman> ... They said that MRC needed it for a certain time. But that other people in the ecosystem need it -- for accounting or other reasons, not targeting -- for longer.

<aleecia> Alan I'd suggest instead we differ on Should v. Must. And possibly how prescriptive we're likely to be able to get.

<robsherman> peterswire: I was trying to speak carefully. I tried to summarize his key points. I was not trying to make a point about Sarb-Ox or other things. But about the need to have fact-based, evidence-based discussions.

<robsherman> ... (slide 9)

<aleecia> But I'm going to bet you and I could craft something we'd agree on, Alan. Maybe just the two of us though :-)

<npdoty> I'm tracking slides here: http://www.w3.org/2011/tracking-protection/#f2f7

<robsherman> ... During this F2F, we're going to have a few guest briefings. The first two are at the end of the day, and Ed will be speaking tomorrow morning.

<npdoty> ... but don't yet have the ESOMAR ones there, my mistake

<robsherman> ... First briefing is from ESOMAR, a European market research group.

<robsherman> ... I observe that there's a gap between DAA approach to market research and the current barebones text.

<robsherman> ... Currently, no specific market research exception. I know that some people who work in market research think this is an important gap.

<robsherman> ... DAA has language around market research. I testified in Congress last June. In preparation for that, I spoke with DAA's General Counsel about market research and product development under DAA's principles.

<robsherman> ... He believed that DAA would work in good faith to further refine these definitions.

<robsherman> ... One concern about DAA's market research definition that I have is that it's completely open-ended about what counts as market research.

<robsherman> ... But it is limited in that it does not allow market research information to go back into production for advertising/targeting.

<robsherman> ... I asked for European groups, who are used to working with restrictive rules in Europe, to explain how they handle this.

<robsherman> ... I recognize market research as an area that has a particularly gaping gap between where important sectors of industry are and what our standard says.

<Chapell> Aleeica: we should try it (:

<robsherman> ... Also, a briefing on the German Telemedia Law, which addresses what's permitted for pseudonymous data.

<robsherman> ... Germany tends to be more restrictive than the US. And if certain things are permitted in Germany, I think that's interesting.

<robsherman> ... It suggests that a strict regime has allowed certain things. We may decide we want to be "stricter than strict," but it's instructive.

<robsherman> ... I asked for a briefing about what's required.

<robsherman> ... I got an email from someone in industry who was concerned about this briefing. I am open to have people correct - on the merits - things they think are not accurate.

<robsherman> ... And I am open to having a Wednesday call with clarifications that are different from what our speaker says.

<robsherman> ... How pseudonymous marketing works, how it's different from deidentification, is relevant to what this group is thinking about.

<robsherman> ... Finally, tomorrow, efelten - a formidable technical expert - is going to talk about where the "deidentification" line is. He's specifically going to talk about hashing and easy-to-do attacks on certain kinds of hashing techniques that are used in industry.

<robsherman> ... If we think we have effective protection that is easy to break, this group should know that.

<robsherman> ... As a group, you might see the first two briefings as helping industry. And you might see the third, roughly, as helping privacy advocates.

<robsherman> ... In each, I hope people will reason about that issue at the time.

<robsherman> ... Overall, it's an attempt to bring closer agreement on facts about the world into our discussion.

<robsherman> ... (slide 10)

<robsherman> ... The next topic is a bit new and, I hope, promising.

<robsherman> ... It was reported a little bit accurately in the press today.

<robsherman> ... In the first breakout, we'll be asking you to think about lifetime (or long-term) browsing history.

<robsherman> ... Let's imagine an Internet where third parties can get a comprehensive view of everything you've done on the web -- search terms, exact articles, etc.

<robsherman> ... Julie Cohen, a law prof, wrote in the 90s about something she called "the right to read anonymously."

<robsherman> ... This expresses an instinct a lot of us have: If someone has my lifetime reading history, that impacts my free speech rights because they get insights about me that reflect quite a large amount of knowledge.

<robsherman> ... Somehow, putting limits on a lifetime browsing history is perhaps a useful goal to achieve.

<robsherman> ... The second part of that is that this could be accompanied by interest-based advertising. EFF has called this "low-entropy cookies," but I'm better able to understand this as "buckets."

<robsherman> ... Have information about "buckets" but not exactly what I read.

<robsherman> MikeZ: Thank you for spending the last 2.5 months talking to everyone.

<peterswire> dan -- ok for me to call on you next, to describe your view on this effort?

<robsherman> ... You've identified here an issue or concern that's tangible, that is a problem we could solve for.

<robsherman> ... Having a shared focus is not necessarily something this group has had. If we look at this idea of access, lifetime/long-term collection of browsing history in personally identifiable format -- this is an issue that we can look at concretely and try to find a solution that works for consumers.

<robsherman> ... I think there may be a path forward there, at least as a high level.

<robsherman> ... Procedurally, more than substantively, it identifies a process that puts us on a path forward over the next 3 days. It helps us all understand what it is that we are trying to solve for.

<robsherman> dan_auerbach: I think it's important to think about URI data because any sort of meaningful deidentification process will necessarily require not keeping full URI data.

<robsherman> ... I've been thinking about meaningful deidentification and being able to keep useful information from URIs without keeping the whole URI around.

<robsherman> peterswire: To go back to my slide about the five criteria:

<robsherman> ... If we were to fix in some meaningful way lifetime browsing history, I feel like we could describe that to the world in a concise, understandable way.

<robsherman> ... It would be a change that some people are willing to consider together. And perhaps we could get to meaningful adoption, because we have worked on it together.

<robsherman> ... This is not the only thing that we will discuss in the coming 3 days, but I hope that you'll join with us in good faith to help figure out some of this.

<robsherman> ... Soon we'll split into groups

<robsherman> yianni: For small groups, we're going to do it based on last name.

<robsherman> ... Group A: A-D; Group B: E-L; Group C: M-R; Group D: S-V; Group E: W-Z

<npdoty> http://www.w3.org/wiki/Privacy/DNT-Breakouts#Breakout_rooms

<robsherman> peterswire: This will be true for both people who are physically here and who are remote.

<robsherman> yianni: npdoty

<robsherman> ...'s link has maps

<robsherman> peterswire: Five group leaders, scribes for each of the groups. If you're in a small group, I hope you'll volunteer to scribe.

<robsherman> ... handouts and directions near the door.

<robsherman> yianni: (reads group leaders)

<robsherman> peterswire: Group leaders have a guide for structured questions. This will last until 3:15, and then we'll debrief.

<dan_auerbach> I don't have a handout so if someone in group D

<dan_auerbach> can snag one

<dan_auerbach> that'd be great

<robsherman> npdoty: Separate IRC channels and conference codes for each group.

<schunter> dan?

<BerinSzoka> sorry, link to the questions again?

<tlr> jonathan, can you hear phone?

<npdoty> are we going to 3 or 3:30?

<wseltzer> 3:15, according to schedule

<BerinSzoka> could you please let us know when we should dial back in?

<wseltzer> [re-starting here at 3:55]

<wseltzer> [in 10 minutes]

<BerinSzoka> when are we starting up again?

<johnsimpson> Let's get started

<wseltzer> 5 more minutes

<aleecia> thanks for the update, Peter

<wseltzer> [restarting, apologies for the delay]

<npdoty> scribenick: npdoty

Post Break-outs

peterswire: some feedback that it's not the same old discussion
... 18 months for some of you, various distrust and moments of imperfect human interaction

<susanisrael> scribenick: susanisrael

peter: will try to sum up breakout groups

trying to get clarity around use cases, some things held long, some not so long, getting better picture of permitted uses

any standard will have to have permitted uses

i have a seciton here on 1st party/third party

several people said they thing 1st parties hold info longer, in particular for targeting, they are often though not always for 3rd parties it's for ashorter time

that's true a lot of people think for 1st/3rd party sites

definition here is broader than some people would like

third party would see things across lots of sites, diverse

if we are thinking about life history, ability to see across many sites gives different ind of visibility into a person's action

re: portability, facebook is here, [issue of deletion]

info that can be deleted by a user does not tend to be transaction information, which you might need for a while for financial reporting etc

shane: didscussed in amsterdam some
... data portability tends to relate to user generated information

i think we tend to focus in dnt on info like logged in/not

peter: agree that irst parties as a category might keep data longer

specific actions on your site may be subject to management by you...

by contrast, info in the background is not like that, i don't know who to call to fix it.

[dissussions of problems with display screen]

<sidstamm> aww, firefox wants the update!

<npdoty> we're following: http://lists.w3.org/Archives/Public/public-tracking/2013Feb/0095.html

<sidstamm> thanks npdoty

<npdoty> minutes for each breakout session are linked from: http://www.w3.org/wiki/Privacy/DNT-Breakouts#Breakout_rooms

<npdoty> thanks to everyone for taking those notes

<aleecia> thank you Nick!

going back to ......our discussion...that's some of the discussion re 1st/3rd paeties, and diff ways browing history treated

scribe: no engineer would say "lifetime browsing history" but it gets to something that a lot of people care about....

in david singer's group was discussed, may mean a reasonable portion of a person's browsing history.

a reason portion means a whole bunch of my history.

in nick doty's group, for specifity of data might mean full URL, also have query parameters such as search terms vs domain/path

one level less specific just the domain

less specific would be a category (buying car etc)

a second point is ow associated is that to the user: not browsing history of me or my device if not linked back to a user.....

[asks nick to help lay out discussion]

<fielding> e.g., per site data, or per campaign data

nick: in some cases you would have association to cookie or a user id that can be easily linked to a user vs. one that can't be easily linked

<aleecia> I take it Shane was in Nick's group? :-)

may discuss tomorrow

3rd dimension is "how much time,"--no agreement, that's why we're working on this

<npdoty> I was borrowing Shane's language for that summary, but I think it was suggested by dwainberg

let me observe that part of what we are trying to do is sort through a regime

this is a fairly parsimonious set of dimensions for what we are working on

heather's group had different way to split up data,

one set is clickstream connected to me or my device

managed data, may be enriched, has been processed some what but may be linkable in some way

third part is de-identified (hashed/salted)

rob van ejk: just to be clear the idea was that in the middle domain, we considered that part of the managing the data was hasing/salting to move it toward de-identified, the processing of the data is what we called "managing"

de-identified means you have already processed it and have thrown away the salt...

peter: heather i am now less clear between 2 AND 3 CAN YOU HELP?

HEATHER: WE DIVIDED DATA INTO 3 SETS, 1) RAw event data, 2) somewhat processed, and is the data set you work with, 3) de-identified, maybe you have hashed it and thrown away the keys

peter: rob do you see differently?

<fielding> 3 data sets, with processing to move between sets

rob: i would read this as the hasing is an activitiy


very shortly to confirm this, it's the final state we described not how you et there, the final state /the spec would describe how you get there

<fielding> please don't go there

scribe: there would be permitted uses, like security uses, from raw data you strip it down, and the middle area fits very well with our concept of permitted uses

peter: from david s group, discussion of data minimization, once we determine what permitted uses are, data should not be used for other things.....
... for the time limit there is a split within group re: when word reasonable should be used or reasonable numbers should be used, will describe reasons i've heard for each

specific time period has advantages bc sends clear msgs, engineers know how to build, sends msg to outsiders....reasons for specificity

but reasons to have reasonable and such other words is world is complicated, we use words like this in torts.....

also if period is a year, you don't want to have big enforcement action bd you keep data for year and a day

<justin> reasonable PLUS DISCLOSURE

are there other justifications?

david w: when you set a time frame it may actually be longer than "reasonable would have been."

<johnsimpson> reasonable with disclosure makes sense

peter: this is the rules vs standards problem that law professors discuss
... anti-fraud is one category where people say they need data for a longer time

areas where there is long but people don't understand how long are financial audit, cybersecurity, anti-fraud...

as with mrc, i am inclined, as with mrc, to try to further develop facts around this in next few wednesday calls...

one question re: anti-fraud is that safari has provisions now tha tblock cookies, etc, but world continues to operate. How?

rold of ip address rather than full uri

cost vs. impression, cost per click, cost per action are different biz models with different views of this

one group said if we go to bucket approach what if we convert immediately

tomorrow we may do more work on pseudonyms....but there was less full discussion

today's discussion was about uses, we've mentioned most permitted uses

there is an idea that many versions of targeted marketing have shorter retention periods,

3rd parties, especially, seem to need detailed info for shorter period.

the rotate a hash part i see as part of tomorrow's discussion

there are things in scope, and we talk about what uses permitted there, then there is a realm of things outside the scope

so tomw we will talk about de-id and to what extent is base text useful

any comments from chairs of the groups?

<bryan> "a large part" of the use for targeted marketing being short term does not mean that all or all important marketing uses are short term

opening it up to anyone who disagrees or wants to clarify or amplify a groups discussion

eventually we will have to find ways in a standard to have permitted uses and decide how we say how long data can be kept for each of these

Chris Mejia: for tareting if go to bucket, what if convert immedately to car enthusiast, the word "imeediately" is a concern

peter: the word "short-term" was used

chris: immedicately does not allow for processing time

peter: we have not suraced issue that in current text there is an n for short term exception

things are easier if there is a short period when you can sort things out and don't have to worry re: permitted uses, which could then be used longer

this would create shorter, simpler standard, with shorter lists of permitted uses,

<justin> Short-term retention DNE all bets are off.

how much does a 30,60, 90 days short term period simplify permitted uses discussion

rigo: do you mean for 30 days there is no collection limitation, then we start to count...i would expect rob to have concerns aboutt this

danny w used to say let's collect everything and limit uses, but on european side we are more concerned with data minimization

this must be includd

<aleecia> (agree with Rigo: the 6 weeks was never meant to be a free-for-all time)

peter: euro vs. us, we are trying to have meeting in berlin re: global considerations task force, and dnt= 0 has gotten concern and need it to be meaningful

<justin> And the draft standard is quite clear on that.

in euro context. is this right rego? dnt o?

<aleecia> Rigo was unmiked, could we get that scribed?

rigo: no dnt -1, so need better def of dnt 1

rachel thomas: uncomfortable with idea that assume there is requirement to show need to retain data and it shouldn't be that binary, bc of possible innovation over time

not just use/no use

rachel: concept of harm should not be lost re: dat aminimization

peter: one of the things i am almost tempted to ban harm

rachel: can we ban need>

<johnsimpson> cannot hear the cross talk!!

peter: each of has favorite 4 letter words

<johnsimpson> please use a microphone!!!!

peter: one thing i did not report back on is that when we had the discussion at cdt re: de-ident, khaled said he had a worksheet re: harm

but it turned out this tool did not lineup with our use cases and was complex

we had contemplated having discussion re; harm but it didn't work

rachel: but there is space between need and harm

<johnsimpson> will people please, please use the microphone?>?

peter: knowing this is a difficult place to say anything. A big focus of discussion is those who elect dnt 1, but even then when person wishes no tracking , there are permitted uses....

but logic is that since person has said dnt 1, permitted uses should be based on need, exceptions that are required for how the ecosystem works

logic is tht you have the data and you use it for one of the permitted uses

that is spearate from the idea of harm

if we hare to have a standard, dnt 1 has to mean something. There will be exceptions, but we have to define them [implied: and the need for them]

these are uses that are justified despite users desire not to have data used. I think it's logical

rob: want to push back on data minimization, if we talk about permitted use, then of course there is an element of purpose limitation within that

if you don't need the data for that purpose any more, then it is logical to discard that data...

david wainberg: on this issue of harms, let me turn it a different way. Understand the problem and what you are saying peter.. but for diff concerns/harms have different actions associated

for example, if concern is breach that is different than user preference, i think it is very contextual, and want to emphasize that we focused a lot on targeting....

but other side is as if not more important, for example, measurement, billing, attribution after ad has been targeted and delivering,

peter: i think that has been central to permitted uses discussion

david w: yes, but when we talk about minimizing uris, buckets, these are on the targeting side:

lou: to pick up on what david is saying we spent time thinking about what is the harm, as privacy professionals we need to think about mitigating harms

we do ourselves service if we define what we are dealing with:

scribe: we should be bound by some specific harm

susan: targeting? vs accounting?

david w: yes

aleecia: not discussing harm, but are making a tool for user choice. Saying users have made choice and there are things that trump that

we are not in a qu of harm, its for user choice and control

peter: qu for lou or rachel or davd: in daa rules which have user opt out choice what harm is being addressed?

lou: i think transparency /choice is what we are trying to provie, came out of ftc report that interest based advertising needs to be more transparent?

peter: isn't this similar to what we are doing here with do not track

lou: we are making it transparent and maintaining user experience that users have come to know from internet

<justin> This discussion is too ethereal. This was more helpful when we were focusing on specifics.

peter: trying to play back: that has to do in part with scale, if 98 percent decided to shift away, that would change it

rachel: 2 sets of principles-multisite and oba....came from discussions of harm with ftc, but to follow on from what aleecia said there are scopes of prohibitions related to harms.

peter: we have presentation re: market research

can somewhat put in irc where link is?

<johnsimpson> apologies, have to leave

tomorrow we will talk about media in germany

<npdoty> http://www.w3.org/2011/tracking-protection/boston-2013/esomar-stark.pdf

<aleecia> Rachel if you're arguing there must be harm or we don't allow permitted uses (which I don't think you were, per se) then I'd counter we're trying hard to find ways for freq capping to work

peter: thanks for participation, seemed like people on phone could participate

re: market research let me frame/describe relevant

market research widely done today,

<aleecia> And there's no justification for why we should ignore user preferences there. It's just if we *can* get profits from freq capping without serious privacy implications, hey, why not? Profits good.

have talked with many re: how things evolved from tv/phone world

will have questions that may seem pointed.

1> in a telephone world i can decide whether to accept

in online world i do not realize research is happening....

<npdoty> susan was noting it was hard to scribe for rachel's and lou's responses

2> will tell you hipaa story, we had to define hipaa bc people trying to cure cancer, and we want that to proceed

<npdoty> I think the point from Rachel was that there was minimal or no harm seen on OBA, and that on multi-site data the harm was around eligibility for services, which is why that was prohibited

other people said research is everthing we do to find out about a patient

<npdoty> and Lou pointed out that the opt-out was a direct response to the FTC report on interest-based advertising

in hipaa context we had to define research vs knowledge discovery

research could mean every time you find something out.

<npdoty> (just trying to catch up, please correct me if I got those wrong)

if there is market research permitted use, how do we tell what is real research

<aleecia> The David Singer Russian whale "research" problem

rachel: think important qu: need to note diference between academic and market research, even understanding your product

<BillScannell__> Raise your hand!

peter: in addition to curing cancer there are other things we need to achieve..but if research means every time we learn more......it's everything

if that's not what you mean, let's find out where line is

david stark of esomar (from toronto):

<npdoty> rvaneijk, we might have missed you on the queue, make your point in IRC if you can

in interest of time, cutting out jokes......esomar strted in 1948 as euro society of opinion and marketing research

i am member of legal and professional stndards committee

<npdoty> reminder, slides: http://www.w3.org/2011/tracking-protection/boston-2013/esomar-stark.pdf

<peterswire> for those on phone, how is the sound level?

<BerinSzoka> sound is fine

<peterswire> thx

<aleecia> Was fine with you, cutting out a little here

<hefferjr> sound is good

<aleecia> Intelligible though

they have done good job of working with groups in places where no other national association, encourage them to adopt esomar code:

<aleecia> Ah, thanks!

to set context re: market social and opinion research

census in us is e xample of market reserach

(other historical examples of market research)

nielsen, telephone reserrach, now online research panels, and now passive data collection and census data collection on line

key research areas, concept testing, biz-biz, market measurement, social resarch, politial, media measurement, key clients......(lists)

esomar code definition of market social and opinion research includes "no return path to individual"

data is aggregated unless data subject completely agrees to waive that right to be unlinkable

<rachel_thomas> for discussion purposes, the definition of "market research" included in the DAA multi-site data principles is...Market Research means the analysis of: market segmentation or trends; consumer preferences and behaviors; research about consumers, products, or services; or the effectiveness of marketing or advertising. A key characteristic of market research is that the data is not re-identified to market directly back to, or otherwise re-contact a [CUT]

key distinction is that we are not about sales and marketing, really really important

<rachel_thomas> device. Thus, the term “market research” does not include sales, promotional, or marketing activities directed at a specific computer or device.

telemarketers trade on our good name to sell something, which is prohibited in a lot of ad codes and competition law, ftc requires telemarketers to disclose purpose up front

gathering info for sale is not market research

1st code 1948, revised 1977 with international chamber of commerce

<Joanne> confirming David is on sldie 5

has been revised 3 times, i have been involved

<justin> yes, joanne

it has disciplinary procedures, self regulatory mechanisims....

<Joanne> thanks Justin

esomar asked members how many complaints...was quite small, often that people did not get panel incentives

<justin> Who would know to complain about partcipating in a passive panel?

identifying info in strict confidence unless that right is waived by respondent

<npdoty> "frugging" -> fundraising under the guise of doing research

<npdoty> david_stark: opted-in panel members (through cookies, browser plugins, etc.) would be an out-of-band exception, so we're happy with that

<npdoty> ... also census-style measurement about ad placement

<npdoty> ... like to combine census-measurement with panel members to cross-validate

<npdoty> ... use advertising networks to help identify certain individuals on the web

<npdoty> ... for a jeweler targeting women between 40 and 60, use an advertising network to find an audience to ask to take a survey or join a panel

<npdoty> ... intercept sampling method

<justin> "no return path to the individual" o_0

<npdoty> david_stark: a few use cases: outdoor audience measurement

<npdoty> ... people who see billboards, do they recall seeing the ad?

<npdoty> ... count cars or pedestrians passing by an ad

<npdoty> ... estimates regarding the reach or frequency

<npdoty> ... online marketing works in a similar way

<justin> Do you track license plate numbers to track those cars over time?

<justin> Because that would be the better analogue.

<aleecia> drop out

<npdoty> ... reports delivered to the client not including individual data

<Joanne> better now

<npdoty> richard_weaver: confusion about what customers actually see

<npdoty> ... fields for average daily visitors, minutes spent online

<npdoty> ... aggregated data, not data related to the individual

<npdoty> ... drill down, see more about different @@@ digital properties

<npdoty> ... hybridization / calibration of data -- age ranges calibrated off the opt-in panel

<npdoty> richard_weaver: we obfuscate IP address for this census collection

<npdoty> ... takes away some of the concern of the people we collect

<npdoty> ... but we use unique cookies

<aleecia> drop last octet?

<aleecia> (cannot hear questions)

<npdoty> justin: in that case, what's the privacy benefit of obfuscating the IP address?

<npdoty> richard_weaver: the ID is not tied back to a particular individual necessarily

<npdoty> ... some jurisdictions believe IP addresses are a certain sensitivity

<npdoty> david_stark: limit how often you approach panelists about something

<npdoty> ... with the IP address, you still have useful geographical information for use in calibration

<npdoty> justin: what are the rules about retaining identifiers to a unique device if not user?

<aleecia> we've heard 5+ years

<npdoty> david_stark: it depends on the research objective

<npdoty> ... collect the data and then perform the aggregation after the campaign has ended

<npdoty> richard_weaver: may take up a week to process data, ten days more in EU, want to have month over month raw data available

<npdoty> ... want to go back and re-process data

<npdoty> david_stark: for typical ad campaigns, 3 months might be the majority, plus a month or two to process

<npdoty> ... if you look at data protection laws, you hang onto the data only as long as necessary for the purpose

<npdoty> richard_weaver: esomar requires disclosing data retention policies

<npdoty> david_stark: have heard from MRC already

<npdoty> ... intercept, finding people to ask for a survey

<npdoty> ... in the offline world, approaching people in a mall -- there is a kind of targeting that takes place

<npdoty> ... target audience, these are the kind of people you need to approach

<peterswire> hello: I will try to achieve a hard stop by 5:30 eastern

<npdoty> ... online, when we target the people we want to survey, we'll show a banner ad or pop-up

<aleecia> cannot hear

<justin> you're up aleecia

<peterswire> please go ahead

<npdoty> aleecia: make my living doing research; agree panels fit an out-of-band form of consent

<npdoty> ... consent is a big part of human subjects research work

<npdoty> ... don't have to have demographics ahead of time (as in phone surveys)

<npdoty> ... is there any jurisdiction where when a subject refuses to continue to research them anyway?

<npdoty> david_stark: no. but there is a desire for very high response rates; distinction between hard and soft refusals on phone surveys, for example

<npdoty> ... there are clients, specially trained interviewers to enlist cooperation of soft refusal

<npdoty> aleecia: I would see DNT:1 as a hard refusal, like interviewing who says no

<npdoty> peterswire: wrap up now, but will have some time to talk in the first session tomorrow

<justin> I had thought key _resolved_ questions . . .

<npdoty> rvaneijk: how do you find the people for the limited demographic group?

<npdoty> david_stark: how did the advertising networks find those people? that's who we work with

<npdoty> ... if your panel is large enough, then you can ask question of more specific groups (people with a low-incidence medical condition, for example)

<npdoty> richard_weaver: if we don't have a profile of someone yet, then no, we don't have that info yet

<npdoty> ... not from the census-level measurement

<npdoty> peterswire: in our session tomorrow morning we'll continue with this


<npdoty> 1. please pick up your trash from your immediate area as you leave

<npdoty> 2. alcohol is available after this session, down the hall to the right and to the left, you'll see it

<npdoty> 3. one-stop button is the answer to all problems, boston snow buttons being handed out

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.137 (CVS log)
$Date: 2013-02-11 22:30:25 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.137  of Date: 2012/09/20 20:19:01  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/!/1/
Succeeded: s/ready/read/
Found ScribeNick: npdoty
Found ScribeNick: susanisrael
Inferring Scribes: npdoty, susanisrael
Scribes: npdoty, susanisrael
ScribeNicks: npdoty, susanisrael

WARNING: No "Present: ... " found!
Possibly Present: ATurkel Aleecia Aleeica BerinSzoka BillScannell BillScannell_ BillScannell__ BrianHuseman Chapell Chris_IAB_ Comcast David_Stark HEATHER IPcaller Joanne Jonathan_Mayer Lmastria_DAA MIT-Star Mark_Vickers Microsoft MikeZ Mozilla Nielsen Paul_G Peter-4As Rachel_Thomas RichardatcomScore Rigo Susan_Israel WaltM WaltM_Comcast WileyS aaff aagg aaii aajj aann aaoo aapp aaqq adrianba afowler aleecia_ amyc brooks bryan chris dan_auerbach dsinger dwainberg efelten efelten_ fielding fwagner fwagner_ haakonfb hefferjr hello hwest intern4 ionel is jchester2 jmayer johnsimpson justin justin_ kj kulick lou marc moneill2 nick npd_test npdoty perhaps peter peterswire rachel richard_weaver rob robsherman robsherman1 rvaneijk rvaneijk_ samsilberman schunter scribenick shane sidstamm susan susanisrael tlr vinay vincent wseltzer yianni
You can indicate people for the Present list like this:
        <dbooth> Present: dbooth jonathan mary
        <dbooth> Present+ amy

WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Got date from IRC log name: 11 Feb 2013
Guessing minutes URL: http://www.w3.org/2013/02/11-dnt-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.

[End of scribe.perl diagnostic output]