IRC log of dnt on 2013-03-12

Timestamps are in UTC.

08:04:19 [RRSAgent]
RRSAgent has joined #dnt
08:04:19 [RRSAgent]
logging to
08:04:21 [trackbot]
RRSAgent, make logs world
08:04:21 [Zakim]
Zakim has joined #dnt
08:04:23 [trackbot]
Zakim, this will be
08:04:23 [Zakim]
I don't understand 'this will be', trackbot
08:04:24 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
08:04:24 [trackbot]
Date: 12 March 2013
08:04:41 [rigo]
zakim, this will be TRACK
08:04:42 [Zakim]
ok, rigo; I see T&S_Track(DNT)4:00AM scheduled to start 4 minutes ago
08:05:25 [ninjamarnau]
ninjamarnau has joined #dnt
08:05:32 [Zakim]
T&S_Track(DNT)4:00AM has now started
08:05:39 [Zakim]
08:06:14 [vinay]
vinay has joined #dnt
08:08:24 [aleecia]
aleecia has joined #dnt
08:12:08 [Weiss_Justin]
Weiss_Justin has joined #dnt
08:13:54 [ninjamarnau]
ninjamarnau has joined #dnt
08:14:21 [ionel]
ionel has joined #dnt
08:15:08 [moneill2]
moneill2 has joined #dnt
08:17:51 [nic]
nic has joined #dnt
08:20:31 [brookman]
"context under the hood" . . .
08:25:12 [haakonfb]
haakonfb has joined #dnt
08:25:13 [jamesgray_dgconnect]
jamesgray_dgconnect has joined #dnt
08:26:48 [peterswire]
peterswire has joined #dnt
08:31:05 [brookman]
scribenick: ninja
08:31:51 [ninjamarnau]
Rigo: Doing the recap of yesterday's discussion
08:32:16 [ninjamarnau]
.... participants already jumped into a lively discussion about consent.
08:32:35 [Zakim]
08:34:56 [moneill2]
moneill2 has joined #dnt
08:34:57 [ninjamarnau]
... First question to address - issue of first parties.
08:35:43 [ninjamarnau]
... Where in the specification do we want to address first parties. In TPE or compliance?
08:36:10 [ninjamarnau]
bookman: Wouldn't that contradict the document we created so far?
08:36:37 [vinay]
08:36:44 [peterswire]
peterswire has joined #dnt
08:36:55 [brookman]
ack weiss
08:36:59 [ninjamarnau]
rigo: It is more of a footnote. Not contradiction but more of an extention.
08:38:04 [ninjamarnau]
weiss: this would lead to two parallel specification. We should not agree here on doing normative text. We should first evaluate how substantial the gap is.
08:38:35 [ninjamarnau]
rigo: I agree. Additions that do not change the existing spec. Are not of the same importance.
08:39:06 [ninjamarnau]
brookman: It contradicts the complete section 4. Are you saying this might be wrong?
08:39:17 [Weiss]
Weiss has joined #dnt
08:39:30 [Weiss]
08:39:41 [ninjamarnau]
rigo: We are already saying that law overrules the spec. This is part of this overruling of law concerning Europe.
08:39:54 [Weiss]
08:40:11 [ninjamarnau]
... or in some countries of Europe
08:40:39 [ninjamarnau]
... if we bet on implied consent we could stop here.
08:40:50 [rigo]
08:40:56 [ninjamarnau]
... but continuing would be future proof.
08:41:18 [rvaneijk]
08:41:43 [jamesgray_dgconnect]
08:41:54 [rvaneijk]
08:41:55 [rvaneijk]
08:42:04 [brookman]
ack weiss
08:42:16 [Thomas_Schauf]
Thomas_Schauf has joined #DNT
08:42:34 [Thomas_Schauf]
sorry ninja, I was not logged in
08:42:51 [ninjamarnau]
weiss: I completely agree with the overriding law. My concern if we focus on only one region's law it could dilute the spec.
08:43:39 [ninjamarnau]
... an overly annoted spec will be less helpful than a systematic note.
08:44:39 [rigo]
ack jamesgray_dgconnect
08:44:52 [ninjamarnau]
rigo: The regulated systems might be similar. I agree should not annotate too much. But this is a fundamental choice we should make regarding first parties.
08:45:41 [rvaneijk]
08:46:06 [ninjamarnau]
james: There will be a window of time until 2016 when the regulation comes into force. We need to address the directive that is in force now but also at the regulation draft which is highly in flux at the moment.
08:48:25 [fwagner]
fwagner has joined #dnt
08:48:34 [moneill2]
08:48:38 [ninjamarnau]
rigo: the issue is - we want to produce somethin that is future proof. When we want to address the issue of storing data on the terminal equipment of users, do we need a consent mechanism including first parties.
08:48:51 [Weiss]
08:49:08 [Wolf]
Wolf has joined #Dnt
08:49:27 [ninjamarnau]
.... Using DNT including first parties could rid us of the need of window shades in many cases.
08:49:28 [Wolf]
08:50:39 [ninjamarnau]
vinay: We discussed this internally. We need to have a negotiation mechanism for European users. But users do not want to pay more fore having an extra system only for one region.
08:51:15 [ninjamarnau]
rigo: this is where the problem starts. If everyone is developing there own consent mechanism it would cost much more in total.
08:51:18 [rigo]
08:51:22 [rigo]
ack moneill2
08:51:25 [rigo]
ack moneill
08:52:14 [ninjamarnau]
moneill2: You need to have an option to withdraw consent. THerefore a mechanism of giving consent needs to be in place anyway.
08:52:34 [brookman]
Letting one DPA's interpretation of one law that may be superseded is not the way to drive the DNT discussion . . .
08:52:56 [rigo]
ack Weiss
08:53:07 [fwagner_]
fwagner_ has joined #dnt
08:53:35 [ninjamarnau]
weiss: We are discussing three different issues right now.
08:53:35 [vinay]
Another country/website using the implied consent model is the Irish presidency website:
08:53:35 [ninjamarnau]
rigo: fair point.
08:53:44 [vinay]
where it points to browser controls for consumers to opt out from cookies
08:53:57 [rigo]
ack Wolf
08:54:32 [ninjamarnau]
wolf: We cannot use the ICO model for the whole of Europe. Implied consent does not work everywhere.
08:54:52 [ninjamarnau]
... We cannot address the issue of first parties without talking about consent.
08:57:04 [ninjamarnau]
weiss: what I struggle with is understanding how first parties could be included in the spec without changing the whole document.
08:57:29 [fwagner]
fwagner has left #dnt
08:57:54 [ninjamarnau]
rigo: I want to apply DNT:1 as an easy provision for first parties to comply with the law.
08:58:37 [ninjamarnau]
... If the permitted would be aligned with with what is currently allowed by the law this would be a huge benefit.
08:58:54 [stefanie_zanox]
stefanie_zanox has joined #dnt
08:58:58 [peterswire]
08:59:05 [rigo]
08:59:09 [ninjamarnau]
... If a first partie wants to do more we can apply the DNT:0 consent mechanism.
08:59:10 [rigo]
ack peterswire
08:59:44 [ninjamarnau]
peterswire: What does it mean for a first party if they receive a DNT:1 signal?
09:00:48 [ninjamarnau]
rigo: The response header says either I'm complying or I'm not complying. You could as a first party always say I'm not complying.
09:01:12 [moneill2]
09:01:33 [ninjamarnau]
brookman: At the moment a first party answers I am a first party. I do first party stuff.
09:02:17 [ninjamarnau]
kimon: What should a first party do to honor DNT:1 in your view?
09:02:48 [rigo]
09:03:17 [ninjamarnau]
rigo: Reaction similar to third parties. I honor DNT, I only use the permitted uses.
09:03:45 [ninjamarnau]
... or saying I don't honor DNT but I'm legally compliant.
09:04:21 [ninjamarnau]
09:04:39 [Zakim]
09:17:15 [ionel]
ionel has left #dnt
09:17:30 [ionel]
ionel has joined #dnt
09:28:37 [rigo]
coming back
09:28:41 [fwagner]
fwagner has joined #dnt
09:32:12 [Joanne]
lots of side conversations still happening...
09:32:15 [ninjamarnau]
scribenick: Joanne
09:33:13 [Joanne] some point we will return to our regularly scheduled meeting
09:34:05 [Joanne]
we have come back
09:35:07 [Joanne]
Rigo: two chocies move onto consnet discussion or continue first party discussion
09:35:37 [Joanne]
...the first party addressed in TPE and compliance spec where first party can continue normal ops
09:36:09 [Joanne]
...also a rule in compliance spec that local law overrules DNT compliance reqs
09:37:30 [nic]
nic has joined #dnt
09:37:51 [vinay]
09:37:54 [moneill2]
09:38:04 [Joanne]
...taking those three into acct (missed third one) we could say if in regulated environment may also use DNT as a way to org communication and consent with your users. DNT:0 can use exception use data set out in DNT:0,
09:38:13 [Joanne]
(not sure if I captured that correctly)
09:38:13 [rigo]
09:38:17 [rigo]
ack moneill
09:38:35 [aleecia]
aleecia has joined #dnt
09:38:40 [aleecia]
09:39:20 [Joanne]
Mike: now there could be a sep browser obtaining consent under DNT to signal consent. for dnt:1 my opinion - that consent has not been given
09:39:21 [brookman]
09:39:51 [Weiss]
Weiss has joined #dnt
09:39:51 [peterswire]
peterswire has joined #dnt
09:40:00 [Joanne]
Vinay: calrification ques are you proposing to define what dnt:0 means in EU context or how companies in EU should treat all signals
09:40:00 [ninjamarnau]
09:40:04 [Joanne]
Rigo: fair q
09:40:08 [Joanne]
09:40:23 [Weiss_]
Weiss_ has joined #dnt
09:40:34 [Zakim]
09:40:47 [Joanne]
Kimon: my issue is we don't have enough pubs in the room to understand first party issues
09:41:52 [Joanne]
Rigo: Vinay's q is unanswered. Yes, Ddnt:0 will carve out because you won't have to explain everytime just announce the diff and user only sees relevant prompts
09:42:03 [Weiss_]
Weiss_ has joined #dnt
09:42:08 [Joanne]
...can we see a system where dnt:1 is not meaningless
09:42:34 [aleecia]
09:43:25 [Joanne]
...if permitted uses accepted by DPA's, then don't have to discuss in face of dnt:1. dnt:0 is only one consent mechanism - only one legal ground it offers you for overall legal strat
09:43:45 [Joanne]
...if want to go beyond - could claim OOB consent
09:44:25 [Joanne]
Vinay: to proceed - get the diff between dnt and the 1995 and eprivacy directive
09:44:57 [Joanne]
...don't know if permitted uses aliagn with regulators would think is allowed under dnt:1 scenario
09:45:10 [rigo]
09:45:11 [Joanne]
...thinks we should define what dnt:1 means in diff markets
09:45:14 [rigo]
ack vinay
09:45:37 [Joanne]
rob: we are at an intersection now. Dnt:1 or Dnt:0 path
09:45:47 [Joanne]
...tying to consent is one of the possibilities
09:45:57 [Joanne] to define what dnt:1 means
09:46:02 [rigo]
ack brookman
09:46:03 [Joanne]
...vinay point is relevant
09:46:54 [Weiss_]
09:47:00 [Joanne]
brookman: 1st party may call dnt unset and comply in a way they want
09:47:10 [Joanne]
...what is tricky part of defining dnt:0?
09:47:28 [aleecia]
09:47:38 [Joanne]
Vinay: how to balance dnt:1 against dnt:0 is the tricky part
09:48:00 [Joanne]
brookman: do it OOB and if you want to do that you can.
09:48:04 [rigo]
ack ninjamarnau
09:48:13 [Wolf]
Wolf has joined #Dnt
09:48:23 [Wolf]
09:48:35 [Joanne]
Ninija: if want to be benefical for EU = DNT:0 needs to mean some type of consent
09:49:08 [Joanne]
...other part Dnt:1 and how do permitted uses apply in teh EU and whether its legally compliant by dpa's
09:49:23 [rigo]
09:49:25 [fwagner]
09:49:34 [Joanne]
...huge benfit to solve whole art 5 cookie problem and get out of rathole
09:49:48 [rvaneijk]
09:50:00 [Joanne]
Brookman: lots of ratholes..Japan, Asia, ectc. diff in other places
09:50:12 [rigo]
ack Weiss_
09:50:48 [Joanne]
Weiss: would not say I'm at point that normative lang is the right step. more pre-occupied with Ninja's point and the user exp
09:52:04 [Joanne]
...browser choice, US default rules at this time in spec, resolve issue what users expect will happen and how that is communicated, and have that jive with expectations
09:52:05 [rigo]
09:52:11 [rigo]
ack aleecia
09:52:11 [Joanne]
how do you reconcile those
09:52:21 [Joanne]
Aleecia: let me reverse and address
09:52:37 [Joanne]
...discussing Mozilla exp
09:52:47 [Joanne]
...can it be done country by country
09:52:53 [Joanne]
...response - done by lang
09:53:31 [Joanne]
...could imagine having many builds - spanish in EU and spanish in other parts of the world
09:54:22 [Joanne]
Kimon: implementation example (use FF in Belgium - listing langs). how can you control this?
09:55:02 [Joanne]
Aleecia: imagines lang and region together (eg German-EU) but not country by country
09:55:28 [fwagner]
09:55:44 [Joanne]
...lots of issues with this - a pain. presumes many communications beyond the browser
09:56:02 [Joanne]
Weiss: agreed that there will be many communication points
09:56:39 [Joanne]
Aleecia: if do dnt right EU is 1. issue exists with or without dnt but reduces problem
09:58:01 [Joanne]
...1. do we need to dnt:0 differently for EU vs everywhere else. not convinced this is special. raising this as an option. one signal means the same in all places. group could suggest that consent means highest bar
09:58:25 [Joanne]
Weiss: high bar under 27 dnt means same everywhere
09:59:13 [Joanne]
Aleecia: go back to cos and figure what we can do. if we can do that we have a win. if we can't then figure out the deltas. if we can make the same the better
10:00:08 [Joanne]
the third part - doc is the low bar for dnt;1. depending on where users are you may need to do the more. hope for this group doc what the more the is and id the deltas
10:00:20 [Joanne]
scribe agrees with Aleecia's last statement
10:00:32 [rigo]
ack Wolf
10:00:45 [vinay]
10:01:02 [Joanne]
Wolf: not sure we can reach to deal with frag of eu law
10:01:10 [rvaneijk]
10:01:11 [rvaneijk]
10:01:21 [Joanne]
...not sure if this can be reached under what is allowed under dnt:1 or 0
10:01:46 [brookman]
For the record, the language saying that law > the standard should probably be moved within the Compliance document. Right now, it's just in the permitted uses despite DNT ---- that is, if law REQUIRES you to keep more data, that trumps DNT.
10:02:05 [brookman]
We should probably place the language elsewhere to be more clear that it cuts both ways . . .
10:02:30 [Zakim]
10:02:58 [Joanne]
...question is what is the environment for consent and we need to doc that.
10:03:11 [Weiss]
Weiss has joined #dnt
10:03:16 [rigo]
10:03:32 [Joanne]
Brookman: clarfied settings - set (1,0), unset
10:03:49 [Thomas_Schauf]
10:04:00 [Weiss]
10:04:07 [vinay]
you passed, Weiss
10:04:49 [Joanne]
Wolf: political debate - is tracking allowed or not. hardfor a co to do tracking for other legal reasons
10:05:33 [Joanne]
Rigo: can we add normative text. In the permitted uses - add to address legal grounds processing
10:05:53 [Joanne]
disagreement being expressed - taks too big
10:06:44 [Joanne]
Brookman: if you have legit interests you can express that.
10:07:32 [Wolf]
Wolf has joined #dnt
10:07:32 [brookman]
10:07:33 [Joanne]
Weiss: if spec is silent on something I want to do then I don't need to respond.
10:08:02 [Joanne]
Justin W -you may want to clarify your point in IRC - didn't quite capture it
10:08:19 [Joanne]
Rigo: lets go back to queue
10:08:19 [vinay]
10:09:32 [Joanne]
Rob: either you go with EU view which puts focus on data collection means adding privacy principles like data minizamation. US approach ifocus on transparency and give control
10:10:14 [brookman]
rvaneijk: there will always be a gap between DNT and the European legal regime.
10:10:56 [Joanne]
...clear ther eis a gap between EU standard and dnt standard. assumption there is always a legal gap and needs to be put into the context of collection or control. some exs are taken in collection context or control context
10:11:43 [Joanne]
...for me its important to see we are exploring the collection limitation path and if not fesialbe then we need to look at use limitation parth
10:11:51 [Thomas_Schauf]
10:12:52 [Joanne]
Aleecia: no change in practice around collection
10:13:13 [Joanne]
Rigo: lets reset and wants to explore what Rob and Justin said
10:13:39 [Joanne] first party context there are limitations you may use dnt:0 for consent.
10:14:09 [ionel]
ionel has joined #dnt
10:14:18 [vinay]
10:14:53 [Joanne] normative text for dnt:1 but in implementation guide. normative text dnt:0 in TPE and TCS (hope I got this right)
10:15:53 [Joanne]
Rob: collection limitation - have to define dnt:0 in the legal sense across EU.
10:16:08 [Joanne]
back and forth between Aleecia and Rob...
10:17:20 [rigo]
10:17:27 [Joanne]
Rob: hard to standardize data retention genericlly (sp)
10:17:30 [rigo]
ack rvaneijk
10:18:00 [Weiss]
10:18:05 [Joanne]
..its a way to apply PbD but doesn't solve generic standardizaion
10:18:10 [rigo]
ack fwagner
10:18:17 [Joanne]
Frank: wants to come back to Allecia discussion
10:19:00 [Joanne]
...his view. servier portal is located somewhere and the company is resp to comply with local law. has to look at the servier not the browser
10:19:36 [Joanne]
Wolf: but that is different in light of international law.
10:19:54 [rigo]
ack vinay
10:20:00 [Joanne]
Aleecia: state of CA example. have to guess where user is livining
10:20:23 [Joanne]
Vinay: agreed with Rigo last statement (noted for the record) <grin>
10:20:42 [Weiss]
but his summary was different than what Rigo said!
10:20:50 [Weiss]
I think Rigo proposed non-normative text for DNT:1
10:20:53 [Weiss]
and normative text for DNT:)
10:21:00 [Weiss]
DNT 0 I mean
10:22:18 [Joanne]
Rigo: we are a standards org as long as there is support. Implementation guide is a help. it also means you can endorse it - if no endorsement then need to discuss with every dpa
10:22:35 [Joanne]
Kimon: can we rely on that?
10:23:39 [aleecia]
10:23:42 [aleecia]
10:23:50 [Joanne]
discussion between rigo and kimon...
10:24:01 [Joanne]
Amendment 108
10:24:06 [Weiss]
I remember *tolerance* was the word that made Brookman grin yesterday
10:24:30 [Joanne]
Rigo: if not right normative text then endorsement won't mean anything
10:25:06 [Joanne]
James: we will look at ePrivacy directive once the data regulation is complete.
10:25:38 [rigo]
10:25:43 [Joanne]
Rigo: agreement we should define DNT:) in spec and dnt:1 in implementation guide (how is a decision we need to make)
10:25:45 [rigo]
ack Weiss
10:25:51 [Joanne]
Weiss: not sure we have agreement
10:26:19 [Joanne]
...wants to see the deltas to achieve purpose Rigo is proposing
10:26:50 [Joanne]
...once we see deltas then we can determine if normative text or note is best approach
10:27:11 [brookman]
this is all getting a little meta
10:27:32 [peterswire]
10:27:34 [Joanne]
Weiss: thought the purpose of the this group is to id those deltas
10:27:37 [peterswire]
10:27:53 [Joanne]
Rigo: we need a committment to provide resources to explre that
10:28:52 [Joanne]
...what he hears can't agree to option. catch 22 situation. lets start with the delta of the eu privacy directive. can you write down what you want to know
10:29:28 [Joanne]
Weiss: two delatas we id ysterday. 1st party/3rd party distinction and permitted uses.
10:30:20 [aleecia]
10:30:27 [Zakim]
10:30:30 [Joanne]
Rigo: we won;t have any normative text in specs until there is consensus of the entire WG. consensus being sought here is do we want to work this
10:30:48 [Walter]
Zakim, ??P2 is Walter
10:30:48 [Zakim]
+Walter; got it
10:30:53 [Joanne]
violent agreement in the room
10:30:57 [Walter]
on what?
10:31:49 [rigo]
10:32:08 [ninjamarnau]
Walter, violent agreement that we only propose normative text to the big group if we find consensus in this smaller group
10:32:32 [Walter]
ninjamarnau: sounds reasonable, makes the process riskier though
10:32:56 [Joanne]
the group wants to work on poss normative text for the spec and committment to work on this
10:33:45 [rigo]
ack peterswire
10:34:48 [Joanne]
Peterswire: for full group - timing observation. F2F in early May schedule LC in July. work here needs to meet timeframe of LC and what is done here needs to be done with that in mind
10:35:01 [Joanne]
..will require thought and input form larger group
10:35:16 [brookman]
10:35:19 [Joanne]
Rigo: only contraints on normative text but not on note
10:35:25 [Joanne]
Weiss: likes note
10:35:54 [Joanne]
Rigo: provide first wording after the delta's discussion
10:35:54 [aleecia]
suggests deltas need to take very little time
10:35:59 [rigo]
10:36:14 [rigo]
ack brookman
10:36:20 [Joanne]
petersiwre: committed to work with group but only if it fits into overall timetable
10:36:42 [aleecia]
if there's a 2 week time frame for delta (which is short, actually) we've just gone through half the time Peter suggests before we even start talking about text
10:37:03 [rigo]
JustinW: Want to see the delta for the permitted uses and the ePrivacy Directive compliance
10:38:10 [rvaneijk]
10:39:08 [ninjamarnau]
10:41:01 [rvaneijk]
10:41:04 [Joanne]
Rigo: rephrasing Rob's comments. state of data coll minzation need consent. if we work on consent we ult work on collection environment. control scenario - don't need consent for legal grounds, etc. if hit with dnt:1 then need to worry. these are mutually exclusive. Rigo does not agree with Rob on mutually exclusive
10:41:08 [rigo]
ack ninjamarnau
10:41:36 [Joanne]
Ninja: ask rob for specific example around how collection or use limitation will play out.
10:42:16 [Joanne]
Rob: difference between setting taks for compliance in the EU and changing the balance of control. This is very complicated
10:42:33 [rigo]
10:42:36 [Joanne]
Rgo: ninja does not believe this is mutually exclusive
10:43:21 [Joanne]
...another agrument. if you get consent browser you get control from central point by the user.
10:43:32 [Joanne]
Rob: what is meausrement criteria
10:44:09 [Joanne]
Rigo: as a standard don't have to do this. Adrian go us out this
10:45:05 [Joanne]
Rob: that is dnt consent but legal consent is a diff discussion
10:45:50 [Joanne]
rigo: there will be an endorsement discussion that will touch on normative text and implementation guide. can adapt over time with implemenation guide
10:46:05 [rigo]
10:46:40 [brookman]
We're not SOLVING tracking. We're limiting it. Or trying to at least.
10:46:46 [Joanne]
Rob: risk of something not being endorsed is pretty big, and does not hav eclear feeling what we are solving as we are all looking at this from a diff perspecitve
10:47:10 [ninjamarnau_]
ninjamarnau_ has joined #dnt
10:47:24 [Joanne]
Rigo: we have to agree on certain wording on specs and in longer timeframe discuss how to use tool
10:47:41 [Joanne]
Rob: is the purpose of this work to become compliant in the EU
10:48:11 [aleecia]
10:48:24 [aleecia]
10:48:34 [Joanne]
Rigo: answer what is the delta. do we want bridge this gap? id what add'l things are needed for EU
10:49:10 [Joanne]
...get with dpa to validate what is mismatch. use German as the high bar
10:49:35 [Joanne]
Weiss: asking Marcus if that is the measure - is it the highest bar?
10:49:44 [Joanne]
Mrcus: feeling German one is the trongest
10:50:04 [Joanne]
10:50:10 [rigo]
10:50:33 [Joanne]
TLR: streach goal - hearing people saying a lot of the same things
10:50:54 [Joanne]
Rigo: wants committment to work on delta
10:51:35 [brookman]
rigo: point of this is to improve our changes of deemed legal compliance later
10:51:41 [brookman]
scribenick: brookman
10:51:51 [Joanne]
thanks Justin
10:51:51 [aleecia]
10:52:31 [brookman]
rigo: legal formalization of this recognition is for the moment legally impossible because of directive model --- why we need a regulation
10:52:37 [aleecia]
10:52:45 [Weiss]
Weiss has joined #dnt
10:53:01 [brookman]
... Amendment 108 is being put in precisely for things like this effort. No one seems to be questioning Amendment 108.
10:53:26 [brookman]
... In between, just use your best bet --- talk to local DPAs, point to global buy-in, &c.
10:53:49 [brookman]
... Not precluding any potential dispute in court, just making a tool available for deemed-ish compliance.
10:53:52 [Thomas_Schauf]
10:54:06 [brookman]
... Need commitment from folks to work out what the delta is (ed: deltas are)
10:54:16 [Thomas_Schauf]
+q Julia
10:54:20 [brookman]
... Would like someone from industry and DPAs
10:54:29 [rigo]
10:54:29 [brookman]
ack thomas
10:54:57 [brookman]
thomas: If DNT a legal tool, why are we orienting it to the e-privacy directive?
10:55:26 [brookman]
... If policy arena is out of scope, we need a broad DNT standard so it can be adaptable to different markets
10:55:57 [brookman]
... 1, 0, unset need to be adaptable so different people in different jurisdictions can comply with varying laws
10:56:06 [brookman]
rigo: I just want someone to agree to help me find the deltas!
10:56:39 [brookman]
... legitimate question about whether the gap is too big (between current permitted uses and Euro law)
10:56:50 [aleecia]
which people in the room can do this?
10:57:06 [brookman]
... if we come back and say "Oh my God!" we will have to provide guidance in the implementation guide.
10:57:07 [aleecia]
small set, yes?
10:57:22 [rigo]
10:58:06 [brookman]
tlr: Let's use *some* stringent jurisdiction as a benchmark and get action items assigned to map compliance vs that jurisdiction ---- that will be a proxy for overall discussion
10:58:11 [rigo]
ack Julia
10:58:35 [brookman]
Julia: We have very different intepretations of e-privacy directive even among German institutions. So there's that.
10:58:38 [Thomas_Schauf]
10:58:39 [Thomas_Schauf]
10:58:56 [rigo]
ack Thomas_Schauf
10:59:16 [brookman]
aleecia: Can we just get someone to draw up *some* interpretation of *something*? And then we can do deltas vs. the deltas (ed: grumble)?
10:59:41 [brookman]
thomas: After the work on DNT, we may have the Regulation in place, and maybe we won't have Directive problems
10:59:50 [Zakim]
11:00:13 [brookman]
rvaneijk: But if you want endorsement later this year, I have concerns. But willing to share what we are think are the issues.
11:00:27 [brookman]
weiss: If we're talking endorsement, let's talk just about existing law, not possible future reg.
11:00:38 [aleecia]
who do we have in the room who is *able* to do this?
11:00:46 [brookman]
rigo: Let's not put obstacles in the spec that we know will later bite us in the future.
11:00:55 [brookman]
many: Who can take an action item?!
11:01:16 [brookman]
ninja: Marcus and I can answer questions, but can't provide definitive, binding text
11:01:38 [brookman]
tlr: So, you seem interest in gap analysis . . .
11:01:59 [brookman]
weiss: I don't really know German law that well. Could maybe do general European law.
11:02:05 [brookman]
11:02:14 [brookman]
weiss: willing to be a reviewer
11:02:27 [Zakim]
11:02:36 [brookman]
thomas: I'll organize feedback from German industry
11:02:41 [brookman]
rigo: I will set that up.
11:03:05 [Thomas_Schauf]
11:03:26 [rigo]
ack Thomas_Schauf
11:03:32 [brookman]
rvaneijk: German telemedia law is not really the best example. Very different, not really transposition of e-privacy directive.
11:03:55 [brookman]
thomas: Yeah, but maybe it's not that far away.
11:04:16 [rigo]
Action: Thomas_Schauf to organize german industry to participate in the work of the delta
11:04:16 [trackbot]
Error finding 'Thomas_Schauf'. You can review and register nicknames at <>.
11:04:31 [brookman]
rvaneijk: It's another unnecessary layer of uncertainty. You'll need to convince DPAs that it maps (ed: to the thing that you're trying to map to something else).
11:05:00 [rigo]
Action: Rigo to play editor for the ePrivacy Directive - permitted uses delta and organize first teleconference
11:05:00 [trackbot]
Created ACTION-379 - Play editor for the ePrivacy Directive - permitted uses delta and organize first teleconference [on Rigo Wenning - due 2013-03-19].
11:05:04 [brookman]
11:05:15 [brookman]
silence in room
11:05:38 [rigo]
Action: Rigo to invite Frank into the Group
11:05:38 [trackbot]
Created ACTION-380 - Invite Frank into the Group [on Rigo Wenning - due 2013-03-19].
11:06:11 [brookman]
rigo: We have successfully concluded the first party/third party distinction. <general laughter>
11:06:30 [brookman]
... half an hour left to discuss requirements for consent and/or DNT:0 definition
11:06:48 [brookman]
... "freely, specific, and informed"
11:07:11 [brookman]
rvaneijk: isn't that really part of the deltas (comparing Euro law to compliance spec)
11:07:44 [brookman]
Not sure how you can map when there isn't a definitive statement on this in the compliance doc today
11:08:02 [brookman]
rigo: I have put something together on my own (with no input) to present to the group on what DNT:0 should do.
11:08:12 [brookman]
... Based on P3P and data classes.
11:08:31 [rigo]
11:08:47 [aleecia]
11:09:39 [brookman]
rigo: <showing base data schema> It's an ontology of web traffic. Checked it worldwide.
11:09:45 [Weiss]
Question: is DPA endorsement of plan (including possible normative text) a pre-condition to submission to full DNT working group for approval?
11:09:59 [haakonfb1]
haakonfb1 has joined #dnt
11:10:03 [rigo_]
rigo_ has joined #dnt
11:10:16 [brookman]
... You be very specific about what you're collecting: name, employment data, etc.
11:10:19 [Horax]
Horax has joined #dnt
11:10:37 [brookman]
... We can say what needs a prompt and what doesn't.
11:10:52 [brookman]
... If you go beyond what we define as permissible, then you would need a window shade and not a button.
11:10:56 [fwagner_]
fwagner_ has joined #dnt
11:11:03 [rigo_]
11:11:09 [brookman]
rvaneijk and vinay: We need more explanation about what the schema are.
11:11:23 [brookman]
vinay: How will browser know what's being collected?
11:11:59 [brookman]
rigo: It won't know. You would need additional P3P implementation to tell the user what you're actually doing. DNT:0 is a potential allowance, not a precise statement about what's actually happening.
11:12:24 [brookman]
... To say what you're actually doing, you would need to do P3P.
11:12:26 [rvaneijk]
rvaneijk has joined #dnt
11:12:46 [brookman]
tlr: You're conflating a few things here.
11:13:07 [brookman]
... We don't have a shared understanding of P3P data schema among the people in this room
11:13:44 [brookman]
... Maybe better to say, hey, there are data classes. Among those, let's say that DNT:0 = consent to play with those data.
11:14:37 [brookman]
rigo: The javascript API would allow you to convey a message to the user. If you're within DNT:0 confined, you wouldn't need additional interaction.
11:15:11 [brookman]
... But if you're talking about sensitive data (medical, sexual, sensitive), a button is not enough, you would also need a shade.
11:15:22 [brookman]
11:15:29 [brookman]
<freudian slip>
11:15:29 [brookman]
11:15:35 [brookman]
ack aleecia
11:16:04 [stefanie_zanox]
stefanie_zanox has joined #dnt
11:16:18 [brookman]
aleecia: I think you're doing this to reflect that consent has to be specific. But since this is just potential instead of WHAT YOU'RE ACTUALLY DOING how is that actually specific?
11:16:23 [rvaneijk]
11:16:35 [rigo_]
ack rvaneijk
11:16:41 [brookman]
q+ peterswire
11:17:13 [rigo_]
rvaneijk: we need not only data definitions, but also purpose definitions (tracking)
11:17:23 [brookman]
rvaneijk: If you're tying this to consent, this is WAY TOO MUCH detail to qualify the element of specific.
11:17:44 [brookman]
aleecia: Having this level of specific disclsoure was one of the key implementation difficulties of P3P.
11:17:47 [rigo_]
11:17:52 [rigo_]
ack peterwise
11:17:58 [rigo_]
ack peterswire
11:18:02 [brookman]
... suggest we not do this.if it will be a barrier to implementation.
11:18:18 [brookman]
peterswire: Maybe just say that that DNT:0 doesn't apply to "sensitive data" in Article 8.
11:18:53 [brookman]
The definition of DNT:0 *will* be in the standard.
11:19:05 [brookman]
rigo: Hey, you guys asked for a definition of tracking.
11:19:41 [brookman]
peterswire: Why not just say that DNT:0 = the right level of consent under EU law except for sensitive stuff under Article 8.
11:19:53 [aleecia]
11:20:07 [brookman]
11:20:38 [brookman]
rvaneijk: If DNT:0 = normal consent, then you need to do more for sensitive categories.
11:20:47 [rigo_]
11:20:50 [brookman]
vinay: How could the API mechanism store special status for "sensitive data"?
11:20:56 [rigo_]
ack brookman
11:21:06 [peterswire]
peterswire has joined #dnt
11:21:12 [peterswire]
11:21:14 [rigo_]
JB: Don't know why whe have to spell out the level consent.
11:21:34 [rigo_]
... DNT just signals consent
11:21:54 [Zakim]
11:22:06 [brookman]
moneill: maybe this ties to the albrecht amendments re pseudo data
11:22:21 [Weiss]
11:23:14 [brookman]
rigo: The idea is that you need legal and informed consent. You are in a specific context which should be clear to you. In this content, you signal DNT:0. And DNT:0 means that you agree to this data collection.
11:23:20 [brookman]
moneill: DNT:0 is just a signal.
11:23:52 [brookman]
rigo: We are trying to standardize a description of DNT:0 that requires window shades.
11:24:07 [brookman]
moneill: Window shades are a UI. We're not supposed to be worried about that.
11:24:33 [brookman]
rigo: But if you leave everyone to fight with their DPA over what constitutes consent, then you don't have standardization.
11:24:36 [brookman]
moneill: Is that our job?!?
11:24:42 [brookman]
rigo: That's my plan.
11:24:44 [rigo_]
11:24:52 [brookman]
+1 to moneill
11:24:54 [rigo_]
ack weiss
11:25:46 [brookman]
weiss: Going back to UI question. I hear you to say: First they see the browser offering DNT choices. Then they see what the website sends back to interpret that consent. If they're playing with sensitive data, it will be really big and robust. If it's more commonplace, it can be more lighttouch.
11:25:58 [brookman]
... In either case, it will be some sort of pop-up to clarify the scope of consent.
11:26:12 [brookman]
... Is there any scenario where a pop-up of some sort isn't required?
11:26:59 [brookman]
rigo: It could be the case that we could agree that certain of these things are normal processes so you don't need a pop-up every time.
11:27:17 [brookman]
weiss: But "tracking" is different than what the e-privacy directive covers.
11:27:33 [brookman]
rigo: I'd like a def that covers 98-99% of the average use cases.
11:27:42 [brookman]
weiss: And how will the user know what's covered?
11:27:56 [rvaneijk]
11:28:11 [brookman]
rigo: We don't specify --- leave it to the site to specify. They can have a personalization button. People over time will learn what this means
11:28:16 [rigo_]
ack rvaneijk
11:28:52 [brookman]
rvaneijk: A limited list could work when you're dealing with exceptions because you want to put constraints on something. But this is the other way around. What if new data flows/usages pop up? If there's a category of "others" that could weaken that definition.
11:29:00 [brookman]
... Not sure limited list really works here.
11:29:37 [brookman]
rigo: You can describe things in lots of ways: everything but . . ., or bottom up, or positively describe everything.
11:30:14 [peterswire]
11:30:14 [brookman]
... If we define tracking in a specific way, maybe that means a relatively small window frame.
11:30:26 [rigo_]
11:30:31 [brookman]
rvaneijk: Isn't that point of all this to NOT have pop-ups for everything?
11:31:01 [brookman]
moneill: DNT can keep state on the user in the browser per website.
11:31:24 [rigo_]
ack peterswire
11:31:34 [brookman]
... DNT:0 has a site-specific exception that can be stored in the lawyer.
11:32:05 [brookman]
peterswire: I don't see why people don't get this.
11:32:33 [brookman]
... This is like a standard contract that defines the 12 ordinary things. If you're outside that list of 12 things, then maybe you need to do something more.
11:32:50 [brookman]
... This is standard across a lot of industres.
11:32:53 [Horax]
Horax has joined #dnt
11:32:56 [brookman]
11:33:02 [ninjamarnau_]
11:33:17 [brookman]
aleecia: This isn't specific consent.
11:33:24 [rigo_]
11:33:54 [rigo_]
ack ninjamarnau_
11:34:01 [brookman]
ack aleecia
11:34:35 [brookman]
aleecia: I guess you could in the browser say I consent to all 12 things going forward for everyone. But that's not specific consent.
11:34:39 [brookman]
ack ninja
11:35:36 [brookman]
ninja: I see dnt:0 as a standard contract. (1) They need to be accept that DNT:0 isn't a white card to do anything. (2) We need to get all the DPAs that even if it's just 12 things, is that specific enough.
11:35:42 [brookman]
11:36:01 [brookman]
ninja: compares this to the Google privacy policy.
11:36:08 [brookman]
.. not specific enough.
11:36:24 [brookman]
rigo: maybe that means that our standard contract is not good enough.
11:36:53 [ninjamarnau_]
q+ to suggest a lunch break
11:37:06 [brookman]
rigo: If you sign up prospectively for personalization across some set of sites, no need for pop-up shades.
11:38:15 [brookman]
peterswire: Responding to Google point.
11:38:44 [brookman]
... Euro law cracks down on standard contracts that are not proportional. But we can define 12 things that might work here.
11:39:55 [brookman]
ninja: Also concerned about lock-in. Maybe not as big a deal as I originally thought.
11:40:28 [Weiss]
correction for scribe: "log-in," not "lock-in"
11:40:58 [brookman]
11:41:14 [aleecia]
11:41:34 [rigo_]
ack brookman
11:42:24 [brookman]
rigo: consent for 12 things is what DNT:0 means, if you want more it has to be out of band.
11:42:26 [rigo_]
ack ninjamarnau_
11:42:26 [Zakim]
ninjamarnau_, you wanted to suggest a lunch break
11:42:37 [brookman]
ninja: We are 12 minutes behind and it's lunchtime.
11:42:43 [rigo_]
ack aleecia
11:44:00 [brookman]
aleecia: I want to come back to rvaneijk's point --- you need context, can the 12 point contract work?
11:44:41 [brookman]
vinay: it sounds like euro regs might want DNT:0 just for the more benign uses (like first party analytics). But not OBA/personalization.
11:44:55 [brookman]
rvaneijk: Not sure where the threshold should be.
11:45:48 [ionel]
ionel has joined #dnt
11:46:09 [brookman]
rigo: You can do DNT:0 store for that more sensitive stuff, but I will explain privately during lunch (!?)
11:46:15 [brookman]
<breaking for lunch>
12:08:57 [ionel]
ionel has joined #dnt
12:16:15 [dwainberg]
dwainberg has joined #dnt
12:28:43 [Horax]
Horax has joined #dnt
12:43:30 [ninjamarnau]
ninjamarnau has joined #dnt
12:48:04 [haakonfb1]
scribenick haakonfb
12:51:10 [haakonfb]
haakonfb has joined #dnt
12:51:21 [brookman]
scribenick: haakonfb
12:51:25 [peterswire]
peterswire has joined #dnt
12:51:43 [aleecia]
aleecia has joined #dnt
12:52:19 [haakonfb]
Rigo: DNT:0 have a basic understanding after peterswire: standard contract
12:52:33 [haakonfb]
… what this contract will look like will be subject to fierce debate
12:54:00 [haakonfb]
… now a meta discussion. The industry comments: 1) we do DNT and 2) EU regulation is not industry friendly
12:54:22 [haakonfb]
… do we want to discuss how DNT is used in the Brussel policy discussions?
12:54:53 [haakonfb]
… do we want a sanitisation of DNT?
12:55:05 [haakonfb]
… what is the relationship to self regulation?
12:55:21 [haakonfb]
… should we bring into the table what we other groups are doing?
12:55:34 [haakonfb]
… should we have this discussion?
12:55:45 [rigo_]
12:55:46 [peterswire]
peterswire has joined #dnt
12:56:35 [haakonfb]
rob: would like to se DAA at the table. Will DNT take part in the notice framework.
12:57:36 [rigo_]
Julia: q?
12:57:39 [rigo_]
12:57:40 [haakonfb]
rob: idea to create neutral table - with everyone that matters in the ecosystem.
12:58:09 [haakonfb]
Rigo: When you are debating DNT - invite someone from this table to present ideas about DNT to EDAA board?
12:58:31 [Thomas_Schauf]
12:58:33 [haakonfb]
Julia: It is a nice offer
12:58:46 [rigo_]
12:58:51 [rigo_]
ack Thomas_Schauf
12:59:20 [rvaneijk]
12:59:20 [haakonfb]
Thomas_Schauf: How could an cooperation work on a technical level.
12:59:51 [haakonfb]
… serve to the consumers. not competing solutions, but cooperative solutions.
12:59:51 [Weiss]
12:59:57 [rigo_]
ack rvaneijk
13:00:15 [Thomas_Schauf]
13:00:26 [haakonfb]
rob: demonstrates no support for DNT in European industry.
13:01:12 [haakonfb]
Kimon: Look internally for solutions. Don't see DNT will replace the need for the commitments made.
13:01:30 [rigo_]
ack Weiss
13:02:08 [haakonfb]
Justin: Usecase of DAA participation. Clearest path to interoperability: DNT could be one of many signals to trigger the commitments.
13:02:43 [haakonfb]
… EDA has it's own code of commitments. The interoperability depends on the different commitments map.
13:02:46 [peterswire]
13:02:51 [peterswire]
13:03:03 [haakonfb]
… there is a potential, but need something clear to compare against.
13:03:22 [haakonfb]
rigo: either need to talk to the board, or someone has to provide a dif.
13:03:26 [peterswire]
13:03:35 [rigo_]
ack Thomas_Schauf
13:03:36 [haakonfb]
… rob saying no one is coming out
13:03:45 [Zakim]
13:04:00 [haakonfb]
Thomas_Schauf: Industry supports DNT - invest time+++
13:04:32 [haakonfb]
… EDA around the table. Robert Madelin told W3C invite EDA
13:04:56 [haakonfb]
… will go back to the steering group and ask them to accept the invitation
13:05:27 [haakonfb]
… technical cooperate or define who is first and second in the user dialogue
13:05:44 [haakonfb]
… this work will take time.
13:06:36 [haakonfb]
rigo: the only thing that counts is commitment to come back with a result on the question: What is the dif between EDA and the DNT permitted uses.
13:06:56 [haakonfb]
kimon: we make sure that EDA will now
13:07:25 [haakonfb]
Thomas_Schauf: Rigo send an email to Kimon, Julia and Thomas about this.
13:08:13 [haakonfb]
(all quiet)
13:08:24 [rigo_]
Action: Rigo to send email to Thomas Schauf, Kimon and Julia to get someone from DAA to help with the DIFF between permitted uses in TCS and the allowances under Opt-out in the EDAA framework
13:08:25 [trackbot]
Created ACTION-381 - Send email to Thomas Schauf, Kimon and Julia to get someone from DAA to help with the DIFF between permitted uses in TCS and the allowances under Opt-out in the EDAA framework [on Rigo Wenning - due 2013-03-19].
13:08:55 [haakonfb]
13:09:05 [rigo_]
13:09:12 [rigo_]
rrsagent, pointer
13:09:12 [RRSAgent]
13:09:21 [rigo_]
rrsagent, please draft minutes
13:09:21 [RRSAgent]
I have made the request to generate rigo_
13:10:24 [haakonfb]
rigo: succeeded skipping the first part by directly discussing the meat of it. expected this to be a big battle. Allotted lots of time to it
13:11:04 [haakonfb]
rob: is it consensus to commit to a strong DNT-standard while we are waiting for the new DP regulation?
13:11:19 [rigo_]
zakim, Chris_Sherwood joined the room
13:11:19 [Zakim]
I don't understand 'Chris_Sherwood joined the room', rigo_
13:11:22 [vinay]
13:11:24 [Weiss]
13:11:26 [rigo_]
zakim, Chris_Sherwood entered the room
13:11:26 [Zakim]
I don't understand 'Chris_Sherwood entered the room', rigo_
13:11:27 [haakonfb]
… does this consensus exist?
13:11:32 [rigo_]
13:11:39 [rigo_]
ack vinay
13:11:55 [rigo_]
zakim, Berlin has Chris_Sherwood
13:11:55 [Zakim]
+Chris_Sherwood; got it
13:12:28 [rigo_]
13:12:35 [haakonfb]
Vinay: A challenge would be to understand the interplay spec and regulation - and the timing. Difficult to accommodate the standard without knowing the content of the regulation
13:12:50 [haakonfb]
rob: as any external risk factor. has to mitigate that risk.
13:13:24 [haakonfb]
Vinay: Companies know the current law. Companies would wait for the new regulation before changing behaviour.
13:13:45 [haakonfb]
… wouldn't worry about the DNT standard in the mean time, but will wait for the DP regulation
13:13:57 [rigo_]
ack Weiss
13:13:59 [haakonfb]
rigo: we need speaking points against this argumentation
13:15:21 [haakonfb]
justin: I see more uncertainty with getting certification / approval for a solution. DNT will not be a complete tool for compliance.
13:15:23 [rigo_]
13:16:00 [rigo_]
13:16:03 [haakonfb]
peterswire: Common in the past with a version 1 and then people learn and then a version 2
13:16:15 [haakonfb]
… companies prefer building once, not required to reengineer.
13:16:32 [haakonfb]
… how is this reality handled in other W3C cases?
13:17:41 [haakonfb]
rigo: It has been order and chaotic approaches. Example: Big debate XML schema. one side: too much fluff, other side: we need to specify all the details. Both ways happened. let the market figure it out
13:18:52 [haakonfb]
… Web as platform: Defining all kinds of relations to device APIs etc. Not the assumption that what they are doing is the ultimate solution in 5 years. Want to solve the current situation. We cannot decide to throw the connection approach out of the window
13:19:11 [haakonfb]
… we need the delta: this is what you need to do to comply.
13:19:38 [haakonfb]
… we are in this regulation discussion. The industry *and* DPAs are under pressure.
13:20:01 [haakonfb]
… if small gap political solutions are possible
13:20:34 [peterswire]
13:20:36 [haakonfb]
… implementation guide can be approved by DPA(s)
13:20:53 [haakonfb]
… our chances for success depends on the gap analysis.
13:21:47 [haakonfb]
… can we whenever we are asked say it this is not a panacea, but trying to solve a specific problem for the web.
13:21:56 [peterswire]
13:21:56 [haakonfb]
justin: we define that problem after the gap analysis
13:22:00 [peterswire]
13:22:44 [haakonfb]
rigo: we have some challenges wrt permitted uses, but not likely a big gap
13:23:03 [haakonfb]
Vinay: gap will be about first party vs third party and permitted uses
13:23:07 [vinay]
vinay has joined #dnt
13:23:34 [haakonfb]
justin: priority is the gap analysis. that will identify our issues
13:23:58 [rigo_]
Justin sees the biggest issue in First Party reaction on DNT:1 signal in Europe. This will be subject to the gap analysis
13:24:00 [rigo_]
13:24:06 [rigo_]
ack peterswire
13:24:49 [haakonfb]
peterswire: Question: Compliance cost - I just want to only build once. In Europe: Why should I do anything on DNT:0 when the regulation can change everything
13:25:09 [haakonfb]
… gap analysis - useful for getting ready for DP regulation.
13:25:57 [haakonfb]
… why should we implement DNT:0
13:26:55 [haakonfb]
rigo: US compliance stands for basic protection on the web. In Europe could have a similar but different function
13:27:49 [haakonfb]
… instead of everybody on their own, try to get together 80 percent of the result with 20 percent of the effort.
13:27:59 [haakonfb]
… remove the shading + providing users control
13:28:09 [Zakim]
13:28:33 [haakonfb]
… you enable to give the engineers their say in the debate.
13:28:59 [haakonfb]
… also discuss the technical aspects
13:29:23 [haakonfb]
… by removing most annoying parts avoid arm-race between blocking and tracking technologies.
13:29:58 [haakonfb]
… ref geolocation. The browser must provide the user a certain interface. Grant and revoke access to location.
13:30:26 [haakonfb]
… dnt-system: would have the advantage by providing this kind of interface. It is a clean and viable framework.
13:31:17 [haakonfb]
peterswire: by have engineers and the general terms we will facilitate a more orderly transition.
13:31:50 [haakonfb]
rigo: 108 Amendement does not stem from the industry, but the green party
13:32:12 [haakonfb]
… by offering first kind of shot we have three years to create version 2.
13:32:49 [rigo_]
13:32:51 [haakonfb]
peterswire: This is the best path to end up with a good technological solution.
13:33:53 [Weiss]
13:34:16 [haakonfb]
rigo: go away from the original agenda. When this group agrees on normative texts for the specs, text will be added.
13:34:33 [haakonfb]
rob: are you going to inform the big group about progress here?
13:34:55 [haakonfb]
… informing allows for others to enter into this work
13:35:24 [haakonfb]
peterswire: summarise the conclusion and bring back to bigger group
13:36:03 [haakonfb]
… allows for other perspectives to be included
13:36:13 [haakonfb]
rigo: July deadline - last call
13:37:15 [haakonfb]
peterswire: (outlines the step of w3c process)
13:38:11 [brookman]
Whoa, there's interservice review?
13:38:15 [haakonfb]
rigo: last call is used to clear up any dependencies. All other groups look at the spec to identify any dependencies.
13:38:52 [haakonfb]
… public available - gets comment from the general public
13:39:25 [haakonfb]
… has to address the public comments
13:40:17 [haakonfb]
… next step: candidate recommendation. The industry implements the spec. New issues might be discovered, and the spec has to be fixed.
13:40:25 [brookman]
FYI, timeline here:
13:41:27 [haakonfb]
… in the end advisory committee vote. If sufficient support and approved by director turns into candidate recommendation.
13:41:52 [haakonfb]
thomas: review - has the process been followed properly.
13:43:14 [haakonfb]
peterswire: Suppose we get to last call, but DNT:0 is not finished.
13:43:50 [haakonfb]
… and no new information. How can we put DNT:0 back in.
13:44:29 [haakonfb]
thomas: split into to specifications, or ask for mandate for a next version. Neither is optimal. Best of having DNT:0 in last call.
13:44:33 [Weiss]
13:44:55 [haakonfb]
peterswire: what about put 80% ready in the last call? Fix afterwards.
13:45:15 [rigo_]
13:45:20 [haakonfb]
Thomas. Depends on which parts that are ready.
13:45:55 [haakonfb]
… if not concluded on normative text, it should not be included.
13:46:28 [haakonfb]
… purpose of last call is to get feedback from the public. better to have a single coherent document.
13:47:13 [haakonfb]
justin: work product as a note - incremental step. Question: Will the note go through a similar process?
13:47:41 [haakonfb]
Thomas: A note is a document that a group chose to publish. No formal status (or endorsement)
13:47:52 [rigo_]
13:47:56 [rigo_]
ack Weiss
13:49:14 [haakonfb]
rigo: we have little things preventing us for doing stuff outside the recommendation track
13:50:02 [haakonfb]
… W3C attracts lots of comments, and this is a burden. You do not want to do this twice.
13:50:13 [haakonfb]
justin: can a note be published after last call
13:50:29 [haakonfb]
rigo: a note can be published as long as a group is chartered.
13:50:57 [haakonfb]
… we are done when the charter ends
13:50:57 [rigo_]
13:52:49 [haakonfb]
rigo: Next topic: Consent mechanism (can be discussed without gap analysis)
13:52:59 [haakonfb]
justin: How to deal with the process in Canada?
13:53:12 [haakonfb]
… take this as part of next steps.
13:53:41 [haakonfb]
rigo: There is some specific issues in Canada.
13:54:23 [Joanne]
scribenick: Joanne
13:54:35 [Joanne]
Joanne: Weiss: proividing update on Canada
13:54:38 [dwainber_]
dwainber_ has joined #dnt
13:54:39 [haakonfb]
justin: Status in Canada: Law about behavioural advertising. The privacy commissioner has assed DAA principles++
13:55:07 [Joanne]
...several similar questions from PIPEDA in the Privacy Directive context
13:55:37 [Joanne]
...Commissioner ananlysis of OBA and outlined conditions of transparnecy requirements
13:55:48 [Joanne]
...oppy to takethat piece to do a gap analysis
13:56:04 [Joanne]
Rigo: can you send th epointer to this report
13:56:25 [Joanne]
Rob: Andrew Patrick replied to Chris M's comments so its on mailing list
13:56:51 [Joanne]
Weiss: Guidelines on OBA
13:57:02 [rigo_]
Action: Rigo to take Canadian references to OBA "Guidelines on Online Behavioral Advertisement" report and link it from the Global consideration page
13:57:02 [trackbot]
Created ACTION-382 - Take Canadian references to OBA "Guidelines on Online Behavioral Advertisement" report and link it from the Global consideration page [on Rigo Wenning - due 2013-03-19].
13:57:16 [vinay]
I believe its here:
13:57:59 [Joanne]
Weiss: its useful because its sits somewhere between self-regulation and EU.
13:58:25 [Joanne]
Rigo: allows us to be more informed in our consent discussion
13:58:47 [Joanne]
Weiss: US and Canada may have few requiremetns that are not addressed in EU
13:59:13 [Joanne]
Rigo: we need gap analysis of Canada
13:59:28 [rigo_]
tara, are you on the call?
13:59:32 [brookman]
zakim, who is on the call
13:59:32 [Zakim]
I don't understand 'who is on the call', brookman
13:59:33 [Joanne]
Weiss: can happen in paraellel with German analysis
13:59:38 [brookman]
zakim, who is on the phone?
13:59:38 [Zakim]
On the phone I see Berlin
13:59:39 [Zakim]
Berlin has Chris_Sherwood
14:00:09 [Joanne]
Rigo: Justin to take action to contact Tara about mapping out gaps
14:00:10 [rvaneijk]
here is the mail with the links:
14:00:30 [Joanne]
Weiss: what about Asia?
14:01:20 [Joanne]
Rigo: Asia is interested. Spoke with Malcom Crompton. forced getting APEC agenda. reviewed APEC enforcement system
14:02:00 [Joanne]
Peterswire: not aware of anything in APEC outside of EU
14:02:10 [Joanne]
Weiss: except for third party verification
14:02:31 [Joanne]
Rigo: once complying with German system you can play anywhere
14:02:59 [Joanne]
Justin: follow EU law or TRUSTe standard
14:03:34 [brookman]
APEC privacy principles as attested by TRUSTe :)
14:04:10 [Joanne]
Rigo: do we need to take more into account; opening up is the challenging task; doesn't prevent you from doing other stuff in less restrictive system
14:05:53 [Joanne]
Weiss: Hong Kong and Japan that have standards.
14:06:23 [Joanne]
Rigo: hard for those participatns to participate due to time diff.
14:08:02 [Joanne]
Figo: describing with privacy issues in Japan and have member interested in this and should poke them
14:08:38 [Joanne]
Rigo: can poke Japanes contact before behand
14:09:16 [Joanne]
Weiss: ask Malcom about Aussie OBA guidelines
14:09:21 [rigo_]
Action: Rigo to ask Malcom Crompton about the Australian OBA guidelines
14:09:21 [trackbot]
Created ACTION-383 - Ask Malcom Crompton about the Australian OBA guidelines [on Rigo Wenning - due 2013-03-19].
14:09:51 [Weiss]
Scribenick: Justin Weiss
14:09:53 [Joanne]
scribenick: Weiss
14:10:18 [Weiss]
Rigo: Requirements for consent contemplated = consent as DNT 0, with user resetting/revoking to DNT 1 as desired
14:10:27 [Weiss]
Brookman: you can always revoke by removing DNT 0
14:13:25 [vinay]
vinay has joined #dnt
14:14:28 [vinay]
scribenick: vinay
14:14:34 [vinay]
rob: should not limit the discussion to just consent; but should also include 'revoking consent'
14:14:35 [moneill2]
14:14:36 [vinay]
should be easy
14:14:44 [vinay]
not just globally, but individually
14:15:10 [vinay]
rob: very essential element for regulatory framework
14:15:21 [vinay]
mike o'neill: important for consent
14:15:42 [vinay]
brookman: can't you just say dnt:1 and then get the pop-up again
14:15:50 [ninjamarnau]
14:15:52 [vinay]
rob: the how question and the what question are different
14:15:58 [Weiss_]
Weiss_ has joined #dnt
14:16:19 [vinay]
... the option needs to be a requirement
14:16:20 [rigo_]
rob: there should be a requirement that the browser should offer a possibility to revoke the consent
14:16:29 [Weiss_]
scribenick: Justin Weiss
14:16:54 [rvaneijk]
14:17:04 [Weiss_]
Rigo: I think Opera is not opposed to having a requirement that revocation should be possible, but they will be 'allergic' to the revocation window design
14:17:35 [Weiss_]
Vinay: should you accept global revocation or site specific? That kind of requirement could be contemplated
14:17:51 [rigo_]
14:17:52 [Weiss_]
. . . the question to the browsers is whether granular revocation is possible
14:18:05 [rigo_]
ack moneill
14:18:14 [ninjamarnau]
14:18:21 [Weiss_]
Moneill: site specific DNT:1 could be put in now before last call as a requirement
14:18:39 [Weiss_]
. . .now the API can only set DNT zero
14:19:12 [Weiss_]
Brookman: there's no reverse exception right now
14:19:15 [rigo_]
14:20:17 [Weiss_]
Ninja: do we really want negative exceptions and generate use cases for this?
14:20:20 [Weiss_]
Vinay: any dependencies that rely on the browser should be avoided, because we can't depend on them
14:20:23 [Weiss_]
(channelling Roy)
14:20:51 [Weiss_]
Moneill: raised with Matthias before -- and I have presented multiple use cases
14:21:20 [Weiss_]
Brookman: there are out of band exceptions. YOu could require sites to use opt out cookies, for example (laughs)
14:21:50 [Weiss_]
Rigo: how long will it take you to paste in next steps and major agreements?
14:22:13 [Weiss_]
Peter: will paste in wrap up and summary for discussion
14:22:52 [peterswire]
1.The group had a constructive discussion, with civil and detailed analysis of the relevant issues.
14:22:52 [peterswire]
2.Task Force should proceed. There was consensus that the Global Considerations Task Force (GCTF) should continue to work on issues relating to DNT:0 setting. Members of the working group are welcome to join the GCTF mailing list at ___.
14:22:54 [peterswire]
3.Gap analysis. The first task for the GCTF is to assess the delta between the current DNT draft specification and what is legally required under current EU law. Also, assess the delta between the DNT draft specification and the EDAA approach. There may be a similar gap analysis with respect to Canadian law, pursuant to the opinion of the Office of the Federal Privacy Commissioner concerning OBA.
14:22:55 [peterswire]
4.Standard contract. Once gap analysis is concluded, there will be discussion, including DPAs, industry, and other stakeholders, of the meaning of DNT:0 compliance. The group discussed the possible usefulness of a “standard contract” that could be understood in the EU as authorizing a number of actions by the server. The standard contract would not have to address all possible uses; for instance, it likely would not authorize collection and use of
14:22:57 [peterswire]
“sensitive” data such as the categories in Article 8 of the EU Data Protection Directive.
14:22:58 [peterswire]
5.Provide technical forum that informs EU discussions. The W3C process offers a helpful convening of multiple stakeholders who are involved in the ongoing discussions in the EU about future data protection measures. Specifically, the W3C includes participants with a strong technical background. The GCTF had consensus that the W3C work should continue, to provide this technical and stakeholder input.
14:23:00 [peterswire]
6.Time line. The GCTF plans to work intensively to determine if normative text is appropriate concerning DNT:0. The GCTF understands that normative text is subject to the Working Group’s July, 2013 deadline for Last Call. It also understands that any such normative text would be included in the compliance spec only if consensus is reached in the Working Group.
14:23:01 [peterswire]
7.Possible non-normative text. In addition to determining whether and what to propose as normative text, the GCTF may work on non-normative text. Specifically, the group discussed the possibility of drafting a Note, which would be subject to discussion and review in the full Working Group. Topics of the non-normative text may include a guide about compliance with the compliance spec, with citations and assistance to organizations in different regions
14:23:01 [peterswire]
about local requirements and implementation.
14:25:15 [brookman]
14:26:06 [rvaneijk]
14:26:37 [Joanne]
ack brookman
14:26:39 [Weiss_]
Brookman: in the main group it will be controversial to repurpose DNT:)
14:26:44 [Weiss_]
14:27:13 [Weiss_]
Brookman: spec could be revised in 'minor' ways as a viable alternative to the idea here
14:27:39 [Weiss_]
Peter: next to standard contract, there could be another path
14:27:41 [Weiss_]
14:28:05 [Joanne]
ack rvaneijk
14:28:26 [Weiss_]
Vinay: could be a part of the compromise
14:28:36 [Weiss_]
Rob: important to emphasize the 'go' 'no go' discussion about the group after gap analysis. .. .
14:29:08 [Weiss_]
. . . second point is a procedural question about the mandate of the group. The blueprint itself should get an 'ok' consensus from the full group. Needs to be anchored in advance.
14:29:17 [Weiss_]
Swire: full group Wed call will review summary here
14:29:23 [Weiss_]
. .. or via email
14:29:26 [Weiss_]
Rob: it should be a formal group decision
14:29:46 [peterswire]
14:29:52 [Weiss_]
. . . I also have to explain back at the office to justify the travel and work; many are in this camp
14:30:03 [Joanne]
ack Weiss
14:30:21 [vinay]
at least some of us in the industry are in that camp, too
14:31:24 [peterswire]
14:31:26 [Weiss_]
Peter: Number 4 will be rewritten
14:32:03 [Weiss_]
Sherwood: how do we envision input from this group to an EU legislative process?
14:32:48 [Weiss_]
Peter: This language is carefully crafted to be cautious in characterization of the role of the group
14:33:13 [Weiss_]
. . . to 'provide' technical stakeholder input;
14:33:21 [Weiss_]
Sherwood: so is lobbying contemplated?
14:33:33 [vinay]
14:33:36 [Weiss_]
Peter: mere participation will inform other secondary outreach by participants
14:33:53 [Weiss_]
. .. taskforce members will provide the input directly themselves
14:34:02 [Weiss_]
Rigo: in Brussels, there is already DNT discussion
14:34:05 [peterswire]
14:34:58 [Weiss_]
. . .they may know very little about DNT technically. So if participants make factual statements about DNT, they can come to this group to ask whether it's aligned with our goals
14:35:14 [Weiss_]
Sherwood: members are provided as a resource to those involved in the legislative discussion
14:35:18 [Weiss_]
Peter: Agreed.
14:35:44 [Weiss_]
Rigo: explanations with pictures and such are contemplated. . .
14:36:03 [peterswire]
The GCTF had consensus that the W3C work should continue, and that these discussions will inform the participants and thus the ongoing debates.
14:36:06 [Weiss_]
Julia: there are diverse backgrounds within the steering group - some participants may want that kind of briefing too
14:36:59 [peterswire]
The GCTF had consensus that the its work should continue, and that these discussions will inform the participants and thus the ongoing debates.
14:37:16 [Joanne]
ack Vinay
14:39:31 [Weiss_]
Rob: let's document the criteria that will inform the 'go' 'no go' decision
14:39:44 [Weiss_]
Peter: Yes, we'll rewrite this text
14:41:30 [vinay]
14:41:32 [brookman]
Option: There was some recognition at the meeting that the DNT standard we're negotiating will in any event not be sufficient to reach the level of legal requirements in the European Union (and quite possibly elsewhere). Instead of repurposing DNT:0 as web-wide (or more granular) agreement to a set of less controversial uses (such as first-party analytics, first-party personalization, or audience measurement), we could edit the TPE (and to a lesser exten[CUT]
14:42:01 [brookman]
) to allow for *any* party (first or third) to take advantage of the exception-API mechanism to ask for consent if that party believes that adhering to the DNT standard alone will not be sufficient for legal compliance in a particular jurisdiction. Thus, if a first party believes it needs consent to do first-party analytics despite the TCS exemption of first parties from compliance obligations, that first party could call the exception-API to get permissi[CUT]
14:42:17 [brookman]
engage in tracking on its own domain. Or if market research was deemed a permitted use, an audience measurement company could still trigger a call to the API for consent to track around the web even if the TCS allowed for market research.
14:43:03 [Weiss_]
Brookman: lets' document this and consider as part of 'go' 'no go'
14:46:07 [Weiss_]
Rigo: if you want to have a description of the context, you have to give information before permission. But if you take permission out of the context, then you have another problem
14:46:22 [Weiss_]
Rob: more interesting to focus on purpose limitation and permitted uses, in function of consent
14:46:30 [Weiss_]
. .. and secondary uses
14:46:57 [rigo_]
rob: purpose limitation and secondary use are central to the consent. You should stay close to the purpose for which the data has been collected for.
14:47:14 [rigo_]
.. re-use may trigger a new request for consent
14:47:23 [rigo_]
Justin: unless it is compatible?
14:47:24 [Weiss_]
. . . you should stay close to the original purpose for which it was originally collected
14:47:28 [rigo_]
Rob: yes...
14:47:34 [peterswire]
5.After the gap analysis. One gap analysis is concluded, there will be a go/no-go discussion about how and whether the GCTF will proceed. That discussion will include consideration of the practicality and implementability of any normative text. One path may be drafting of a “standard contract” that could be understood in the EU as authorizing a number of actions by the server. Another path might recognize that meeting the DNT:0 standard will not be
14:47:35 [peterswire]
sufficient to reach the level of legal requirements in the EU (and possibly elsewhere). In that case, an option might be to explore if DNT:0 could be a mechanism for providing a specific grant of permission by a user to an action by a server.
14:48:21 [ionel]
ionel has joined #dnt
14:48:33 [Weiss_]
Rob: an option would also be to close the group
14:49:20 [Weiss_]
Rigo: if gap is too big, and prefer mutual destruction
14:49:24 [Weiss_]
. . . the game is over
14:49:53 [Weiss_]
Vinay: I think Brookman's language is an option, that would be surprising for the full DNT group to accept, but it's possible
14:50:25 [Weiss_]
Rigo: Brookman includes DNT: 0 mechanism, and excludes DNT:1 for first parties
14:50:45 [Weiss_]
. . . but even DNT 1 for first parties is a beneficial option for industry, serving as a safe harbor
14:51:13 [Weiss_]
. . . if you specify it, and it's recognized as an option, you are not forced - but you can claim in the absence of consent my implementation follows these rules
14:51:16 [Weiss_]
Vinay: I see that -- but customers don't want that
14:51:48 [Weiss_]
Rigo: but if this group had as much trouble understanding our discussion, so did the clients. Maybe a second pass is worth it with them.
14:53:58 [Weiss_]
Rigo: so from here we are now constituted
14:54:38 [Weiss_]
biweekly teleconference is the next step, probably starting next week
14:55:10 [ionel]
ionel has left #dnt
14:55:45 [Weiss_]
[group discusses scheduling]
14:57:15 [rigo_]
Action: Rigo to make a doodle for weekly calls and open an issue for gap analysis
14:57:16 [trackbot]
Created ACTION-384 - Make a doodle for weekly calls and open an issue for gap analysis [on Rigo Wenning - due 2013-03-19].
14:57:41 [Weiss_]
Ninja: timeline for gap analysis?
14:59:12 [rigo_]
15:00:17 [Weiss_]
Peter: May 6-8 will be F2F full working group
15:01:10 [Weiss_]
Thomas: F2F prior?
15:02:40 [tara]
Apologies - have been called away all morning here (worst possible time!) and haven't been able to phone in or follow along on IRC.
15:03:09 [tara]
But please do contact me for followup on Canadian issues!
15:03:19 [rigo_]
we will do, it is in the actions
15:03:25 [Weiss_]
Thanks Tara -- I've an action to speak with you about this
15:03:43 [Weiss_]
we didn't forget Canada!
15:03:45 [tara]
Yes, I did a quick scan - wanted to acknowledge and encourage!
15:03:48 [Weiss_]
15:03:57 [Weiss_]
We're closing out
15:03:58 [Weiss_]
15:04:21 [tara]
15:05:01 [Zakim]
disconnecting the lone participant, Berlin, in T&S_Track(DNT)4:00AM
15:05:02 [Zakim]
T&S_Track(DNT)4:00AM has ended
15:05:02 [Zakim]
Attendees were Ionel, Walter, Chris_Sherwood
15:26:17 [rigo_]
rrsagent, please draft minutes
15:26:17 [RRSAgent]
I have made the request to generate rigo_
15:26:26 [rigo_]
rrsagent, please set log public
15:26:38 [rigo_]
trackbot, end meeting
15:26:38 [trackbot]
Zakim, list attendees
15:26:38 [Zakim]
sorry, trackbot, I don't know what conference this is
15:26:46 [trackbot]
RRSAgent, please draft minutes
15:26:46 [RRSAgent]
I have made the request to generate trackbot
15:26:47 [trackbot]
RRSAgent, bye
15:26:47 [RRSAgent]
I see 7 open action items saved in :
15:26:47 [RRSAgent]
ACTION: Thomas_Schauf to organize german industry to participate in the work of the delta [1]
15:26:47 [RRSAgent]
recorded in
15:26:47 [RRSAgent]
ACTION: Rigo to play editor for the ePrivacy Directive - permitted uses delta and organize first teleconference [2]
15:26:47 [RRSAgent]
recorded in
15:26:47 [RRSAgent]
ACTION: Rigo to invite Frank into the Group [3]
15:26:47 [RRSAgent]
recorded in
15:26:47 [RRSAgent]
ACTION: Rigo to send email to Thomas Schauf, Kimon and Julia to get someone from DAA to help with the DIFF between permitted uses in TCS and the allowances under Opt-out in the EDAA framework [4]
15:26:47 [RRSAgent]
recorded in
15:26:47 [RRSAgent]
ACTION: Rigo to take Canadian references to OBA "Guidelines on Online Behavioral Advertisement" report and link it from the Global consideration page [5]
15:26:47 [RRSAgent]
recorded in
15:26:47 [RRSAgent]
ACTION: Rigo to ask Malcom Crompton about the Australian OBA guidelines [6]
15:26:47 [RRSAgent]
recorded in
15:26:47 [RRSAgent]
ACTION: Rigo to make a doodle for weekly calls and open an issue for gap analysis [7]
15:26:47 [RRSAgent]
recorded in