15:56:43 RRSAgent has joined #dnt 15:56:43 logging to http://www.w3.org/2013/03/27-dnt-irc 15:56:50 rrsagent, please make logs public 15:56:54 Zakim, this is 87225 15:57:00 Zakim has joined #dnt 15:57:06 Zakim, this is 87225 15:57:09 ok, npdoty; that matches T&S_Track(dnt)12:00PM 15:57:17 Zakim, who is on the phone? 15:57:17 On the phone I see +1.202.639.aaaa, ??P28, JeffWilson 15:57:20 David_MacMillan has joined #dnt 15:57:28 Zakim, ??P28 is Chris_IAB 15:57:28 +Chris_IAB; got it 15:57:29 efelten has joined #dnt 15:57:38 +[IPcaller] 15:57:43 WaltM_Comcast has joined #dnt 15:57:47 zakim, [IPCaller] is me 15:57:47 +moneill2; got it 15:57:49 + +1.202.587.aabb - is perhaps Yianni? 15:57:49 johnsimpson has joined #dnt 15:58:06 +npdoty 15:58:07 + +1.404.385.aacc 15:58:14 404 area code is peterswire 15:58:19 fielding has joined #dnt 15:58:20 Zakim, aacc is peterswire 15:58:20 +peterswire; got it 15:58:27 +efelten 15:58:29 + +1.215.480.aadd 15:58:38 +dwainberg 15:58:38 kulick has joined #dnt 15:58:42 +Fielding 15:58:45 Zakim, aabb is Yianni 15:58:45 sorry, Yianni, I do not recognize a party named 'aabb' 15:59:00 rvaneijk has joined #dnt 15:59:11 Zakim, aabb is Yianni 15:59:11 sorry, Yianni, I do not recognize a party named 'aabb' 15:59:13 215-480 iw alt michel 15:59:32 Zakim, aadd is WaltM_Comcast 15:59:32 +WaltM_Comcast; got it 15:59:32 thanks 15:59:49 Zakim, mute Yianni 15:59:49 Yianni? should now be muted 15:59:50 +??P45 15:59:50 + +1.212.768.aaee 16:00:18 +Susan_Israel 16:00:19 susanisrael has joined #dnt 16:00:20 jchester2 has joined #dnt 16:00:21 +johnsimpson 16:00:27 +RichardWeaver 16:00:31 Zakim, P45 is me 16:00:31 sorry, rvaneijk, I do not recognize a party named 'P45' 16:00:36 Zakim, ??P45 is me 16:00:36 +rvaneijk; got it 16:00:48 Richard_comScore has joined #dnt 16:00:48 hefferjr has joined #dnt 16:00:50 Zakim, aaee is lmastria 16:00:50 +lmastria; got it 16:00:53 +jchester2 16:00:56 jmayer has joined #dnt 16:00:58 zakim, mute me 16:00:58 jchester2 should now be muted 16:00:59 aleecia has joined #dnt 16:01:01 Zakim, aaaa is MECALLAHAN 16:01:01 +MECALLAHAN; got it 16:01:03 + +1.408.836.aaff - is perhaps kulick? 16:01:10 yes 16:01:21 zakim, mute me 16:01:21 johnsimpson should now be muted 16:01:22 +Jonathan_Mayer 16:01:46 +hefferjr 16:01:53 scribenick: susanisrael 16:01:53 (my regrets this week -- buried in other work.) 16:01:55 scribenick: susanisrael 16:01:56 prestia has joined #dnt 16:02:01 JC has joined #DNT 16:02:01 justin has joined #dnt 16:02:05 regrets+ aleecia 16:02:19 dstark has joined #dnt 16:02:20 peter swire: will do administrative matters until Mattias joins 16:02:31 Lmastria_DAA has joined #DNT 16:02:31 Wileys has joined #dnt 16:02:38 +[Microsoft] 16:02:39 +[Microsoft.a] 16:02:45 +[CDT] 16:02:48 +WileyS 16:02:52 + +1.941.539.aagg 16:02:53 -[Microsoft.a] 16:02:56 Zakim, who is making noise? 16:03:01 + +1.650.465.aahh 16:03:01 Peterswire: planning to have meeting april 10 re: user interface. Have not yet seen proposed agenda items for this. Please post to list in advance of call 16:03:09 npdoty, listening for 10 seconds I heard sound from the following: 24 (32%), [Microsoft] (62%) 16:03:12 David_MacMillan has joined #dnt 16:03:18 +Dan_Auerbach 16:03:19 I believe Alan Chapell has something for that agenda Peterwire, but he's not on the call yet. 16:03:22 ...if you want something on agenda post it by last date of march. We'll do things within the scope of things posted then. 16:03:23 q? 16:03:25 Zakim, mute [Microsoft] 16:03:26 hwest has joined #dnt 16:03:26 zakim, [CDT] has justin 16:03:37 +hwest 16:03:37 Zakim, mute Microsoft 16:03:39 .....questions or comments? [none] 16:03:39 [Microsoft] should now be muted 16:03:39 +justin; got it 16:03:39 [Microsoft] should now be muted 16:03:39 +[Microsoft.a] 16:03:39 +dstark 16:03:40 +Keith_Scarborough 16:03:43 zakim, who is making noise? 16:03:43 zakim, [Microsoft.a] is me 16:03:43 +adrianba; got it 16:03:47 sidstamm has joined #dnt 16:03:57 +[Mozilla] 16:03:58 Zakim, Mozilla has sidstamm 16:03:58 +sidstamm; got it 16:04:10 one of the Microsoft background numbers was providing static, hence muting; let us know if you want to speak 16:04:12 .....next point, no. 6, on agenda follows up and provides more language on item raised last week...will go through.... 16:04:19 robsherman has joined #dnt 16:04:19 johnsimpson, listening for 10 seconds I could not identify any sounds 16:04:43 +Rob_Sherman 16:04:50 ...need to recognize interdependcies in compliance spec. Many people are reluctant to say issues are truly closed because they are afraid they'll be permanently agreeing. 16:04:55 +chapell 16:05:24 kj has joined #dnt 16:05:24 +Craig_Spiezle 16:05:42 ...difficult to create new category of things, but we will create subcategory. At times, we have talked through something as much as we need to now, and text is stable pending whole package, we will call that ..... 16:06:05 CraigSpiezle has joined #dnt 16:06:05 +??P76 16:06:10 - +1.650.465.aahh 16:06:31 ....pending review - Stable. we would then add a note to issue tracker categorizing it as such. we might have one text or alternatives that are pending review-stable, meaning we won't discuss them more now.... 16:06:45 rigo has joined #dnt 16:06:46 + +1.650.465.aaii 16:06:57 q+ 16:07:00 q? 16:07:05 .....similar to re-opening a closed issue. This requires real concrete text supported by more than one person. 16:07:08 +vincent 16:07:13 q? 16:07:20 ack rvaneijk 16:07:28 vincent has joined #dnt 16:07:33 +Rigo 16:07:37 rvaneijk: where would be the transparency of visibility into status of all items? Maybe it would be good to highlight it within the agenda too...... 16:07:56 ...if the agenda comes out a day before meeting, we may overlook these items. 16:08:08 + +1.516.376.aajj 16:08:37 Chapell has joined #DNT 16:08:39 scribenick: npdoty 16:08:46 peterswire: editors of compliance text are now working on updating the bare bones compliance text, partly to alert people where text is stable. 16:08:59 cOlsen has joined #dnt 16:09:14 peterswire: next thing Rob is asking, the day before (for agenda) is not a lot of time 16:09:21 +[FTC] 16:09:57 ... trying to assign things well ahead of time, encouraging people to post their language further ahead of time 16:10:04 q? 16:10:05 ok, thanks 16:10:05 ... in my own work, trying to find ways to see what's coming 16:10:29 *nick, sorry I can pick up again 16:10:35 zakim, who is here? 16:10:35 On the phone I see MECALLAHAN, Chris_IAB, JeffWilson, moneill2, Yianni? (muted), npdoty, peterswire, efelten, WaltM_Comcast, dwainberg, Fielding, rvaneijk, lmastria, Susan_Israel, 16:10:38 scribenick: susanisrael 16:10:39 ... johnsimpson (muted), RichardWeaver, jchester2 (muted), kulick?, Jonathan_Mayer, hefferjr, [Microsoft] (muted), [CDT], WileyS, +1.941.539.aagg, Dan_Auerbach, hwest, adrianba, 16:10:39 ... dstark, Keith_Scarborough, [Mozilla], Rob_Sherman, chapell, Craig_Spiezle, ??P76, +1.650.465.aaii, vincent, Rigo, +1.516.376.aajj, [FTC] 16:10:39 [CDT] has justin 16:10:39 [Mozilla] has sidstamm 16:10:43 On IRC I see cOlsen, Chapell, vincent, rigo, CraigSpiezle, kj, robsherman, sidstamm, hwest, David_MacMillan, Wileys, Lmastria_DAA, dstark, justin, JC, prestia, aleecia, jmayer, 16:10:43 ... hefferjr, Richard_comScore, jchester2, susanisrael, rvaneijk, kulick 16:10:59 Peterswire: financial auditing slides and audience measurement text went around to list 16:11:04 Zakim, aagg is prestia 16:11:04 +prestia; got it 16:11:22 ....do we have the right people? [richard weaver and george say yes] 16:11:23 topic: audience measurement 16:11:39 peterswire: can someone paste into the list the audience measurement text 16:11:41 http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0335.html 16:11:45 dan_auerbach has joined #dnt 16:12:15 ...very large players, the biggest companies in this space have contributed.....i think that's positive. 16:12:19 q+ 16:12:44 ....there is talk about the expansion of self-regulatory efforts, and this is a very serious professional document that was given to us. 16:13:11 peterswire: will convey some concerns i have heard then open to questions 16:13:22 +q 16:13:45 +??P84 16:13:52 q? 16:14:29 david stark: we looked at definitions of pseudonymous and didn't like [ ] definition 16:14:33 +schunter 16:14:39 -schunter 16:14:49 s/[ ]/ICO 16:14:55 comment...... 16:14:59 ....given our understanding of de-identified in dnt, we thought that would be confusing. 16:15:03 please want to react.... 16:15:20 +q (for Rob) 16:15:24 +q 16:15:25 -1 16:15:30 -q 16:15:30 q- (for 16:15:31 peter, queue please 16:15:35 q- Rob) 16:15:40 ack (for, Rob) 16:15:41 q? 16:15:46 schunter has joined #dnt 16:15:53 key question, thanks Peter 16:15:57 peterswire: a related question, from cambridge, you can have cookies, do those need to be scrubbed out for pseudonymized. 16:16:11 But you know device 16:16:11 q+ 16:16:41 richard: we're talking about cookie id. we are not looking within other cookies for audience measurement. That's irrelevant. 16:16:42 +q 16:16:49 +schunter 16:16:53 -??P84 16:16:56 you're putting unique identifiers on a k ow device 16:16:57 Presumably it would be a requirement that the research firms couldn't put email addresses in cookies. There's a related question if the referer urls include unique identifiers like UDIDs. There could be a requirement to have a process to strip those out in short order. 16:17:48 +q 16:17:50 q? 16:17:54 peterswire: up to now, dnt standard has not had 3 stages. had de-identified and not. So one difference is this intermediate stage, pseudonymized. some people favor this and some don't. I favor. 16:18:23 if you use my social security number as my cookie ID but don't attach my name.... 16:18:35 ....another question was length of time, 53 weeks. we had a presentation from mrc that talked about the similar length of time for auditing. They also said at that time that they have given privacy waivers.... 16:18:43 the definition as I read it would include device IDs as pseudonymous, justin 16:18:56 q+ 16:19:00 for shorter times, such as 60 or 90 days. Is this linked to MRC code? or from a different set of considerations. 16:19:46 richard weaver: MRC in US, but many different auditing bodies. 53 weeks is global standard. 16:19:51 npdoty, Not sure I understand your point. Yes, a random cookie is pseudonymous. SSN or email address or name would not be. 16:19:51 q+ 16:19:56 peterwire, I think there is some confusion about this idea of MRC "privacy waivers"-- I'd like to clarify 16:20:21 Chris_IAB: there are many people wanting to clarify many things here :) 16:20:27 q? 16:20:35 peterswire: most campaigns are 90 days or less, though some are last valentines day or last christmas. How easy or hard would it be to have a presumption based on shorter time.... 16:20:36 rigo, that's why you see me on the que 16:20:45 :) 16:20:52 ...with different approach for subset of campaigns that are year over year audience measurement. 16:21:18 richard weaver: I actually would not say that most campaigns are shorter. could you explain different approach for longer? 16:21:46 peterswire: idea is to compare in some cases to annual holiday runs in previous year. 16:22:05 justin, what makes an identifier pseudonymous and not identifying? my device's UDID can correlate traffic, and for some people it can lead you back to my name, but for others it would appear to be a random pseudonym 16:22:21 ....if we are trying to show we have done good measurement, we might imagine that for shorter campaigns/comparisons, we might have shorter retentions, but not for all. 16:22:50 .....for shorter campaigns, the 53 week retention seems much longer than the length of the campaign. Is it necessary for calibration? 16:23:12 q? 16:23:25 Nick, that is a key test for pseudonyms - the holder does not have the ability (technical, policy, process, etc.) to link the identifier to personally identifying information 16:23:31 richard weaver. initial thoughts: auditing might not take place immediately after campaign, and you might also compare several short campaigns. 16:23:39 npdoty, You could put in a requirement that the pseudonym be party-specific. Though not sure what you do with IP addresses then . . . 16:24:01 we will go to the Q once I do one more topic for question 16:24:17 george: premise, i guess of most campaigns are shorter....i am kind of aware of cookie data being used for both. 16:24:29 WileyS, actually the proposed definition for "pseudonymization" says they *do* have the ability to link to an individual. 16:24:44 q+ to ask how high the chances are that the auditing can innovate 16:24:53 ....I'm not sure about the numbers, i.e. which is higher value, regardless of number of projects that may be categorized as short-term vs. year over year. 16:25:00 right, WileyS, justin, I was just pointing out that the proposed definition in Kathy's email doesn't have those restrictions 16:25:17 Zakim, who is making noise? 16:25:23 npdoty, Yes, I was just assuming that would change :) 16:25:24 "identifiably individual" vs. "unique browser" - meaning I know the identifier is consistent for some period of time but I don't the identity of the individual the identifier is linked to 16:25:25 peterswire: last point has to do with opt out. In your approach it provides you with an opportunity for opt out of data collection. 16:25:28 npdoty, listening for 10 seconds I heard sound from the following: hefferjr (9%) 16:25:58 ...we understand that today an independent opt out makes a lot of sense, in a world with no dnt running at scale. 16:26:02 WileyS, the definitions says "attaching a coded reference to a record to allow the data to 16:26:03 be associated with a particular device or individual" 16:26:16 ...if dnt does get adopted and scaled, would you still need an independent opt out? 16:26:24 q? 16:26:30 q? 16:27:03 If you look at Yahoo advertising blog, it's clear that they know the identity of the individual to move them through the funnel/transaction. 16:27:10 george: audience measurement research in this context has typically worked with some control in hand of user or research subject. but we understand that internet is different from other modalities we measure.... 16:27:21 It sounds to me like you want to offer an opt-out that nobody will use .. 16:27:33 Wileys, the key is not only to know the name, but also to be able to single out. "Don't want to know your name" is not a possible way out as long as you can easily get back to a person (or discriminate this person) 16:27:55 we kind of conceive of what we are doing as core to Internet being viable medium for a lot of commercial purposes. We try to strike balance between giving user ultimate power and still wanting to exercise... 16:28:14 q? 16:28:22 exclusion from even most basic counting to [general research practices?] 16:28:28 q- 16:28:44 peterswire: mattias now on, and we have a speaker at 1. How long do you need mattias? 16:28:51 schunter: 20 min? 16:29:32 Rigo, that is not the goal of psuedonyms. The goal is to find the middle ground between "personally identifiable" and "de-identified". A psuedonym allows recognition of a unique ID associated with a browser (and therfore perhaps a person, Ed) for individual treatment - but in such a way as I don't know who that person really is in the world. 16:29:33 peterswire: i am inclined to have longer speaker queue comment but not have responses right now (due to time considerations). 16:29:34 ack rvaneijk 16:30:19 Zakim, who is making noise? 16:30:23 rvaneijk: I like text that says you need to process data before statistical analysis. 2nd. I don't see how oob consent description fits into this text proposal. You can't see them separately, can't have both. 16:30:34 q+ 16:30:36 npdoty, listening for 10 seconds I heard sound from the following: peterswire (5%) 16:31:06 Jeff, we do not know the "identity" of the user but we do know a unique ID stored in a cookie is seen both at ad impression and at further states through a purchase funnel. Again - not knowing the true identity is the goal. 16:31:22 .....3. If OOB consent description continues to play out, it's important to know where group stands on that. For me, it's important to see and focus on de-id possibility and relation of oob consent/permitted uses. 16:31:23 - +1.516.376.aajj 16:31:46 Wileys, in that sense all web log data is already pseudonymous, so nothing to do in any way, no processing needed. Isn't that a bit short to get into Rob's "yellow" area 16:32:17 + +1.516.376.aakk 16:32:17 ....this definition of pseudonymous data is old, out of date. more recently, article 29 wp has said that pseudonymization should not unduly remove data from definition of "personal" data. 16:32:45 q? 16:33:05 justin: i had a question re: processing before aggregation. I don't understand the point. It seems to me more logical to collect the data in pseudonymous form. Maybe i don't understand what you're trying to do 16:33:07 ack justin 16:33:11 ack jmayer 16:33:25 vinay has joined #dnt 16:33:26 +vinay 16:33:43 -hwest 16:33:59 jmayer: there is a longstanding debate in group about whether there should be some objection to pseudonymization, which in many spaces is already the norm. 16:34:51 ....many of us are concerned that it could be re-identified. some object on policy, some challenge comp sci research, but many of us find these practices objectionable. I am not certain why 16:35:12 no definition of personal data, it will create legal uncertainty since the definitions are part of the process towards a Regulation. Any concept/defintion on pseudonymous data has to be fully consistent with the defintion of personal data and that it does not lead to unduly removing certain categories of dat from the scope of the Regulation, in particular in cases where it is not clear whether the data has indeed been fully anonimised/de-identified/pseudon[CUT] 16:35:18 Rigo, to Rob's "yellow zone", that is part of the de-identification process where unique identifiers have been de-identified (no longer linkable to a unique browser) but that the key used to faciliate the process still exists (has not yet been destoryed). You only make it to "green" once the key is destroyed. Rob - is this a fair recollection? 16:35:34 ....industry specific exceptions would be acceptable. Many services could be provided in privacy preserving way. I would love to help companies implement measurement without pseudonymous data. 16:35:37 ack dan_auerbach 16:35:57 -peterswire 16:35:59 - +1.516.376.aakk 16:36:16 For the minutes, to me the discussion on out of band consent can not be seen seperate from a call for a permitted use. 16:36:23 You can not have both 16:36:23 +peterswire 16:36:24 dan auerbach: will quickly reiterate points. at a high level, just preferring to continue to track these users shouldn't be enough to permit this permitted uses. I prefer 2 states of data, no pseudonymous. 16:36:43 Wileys: imagine the keys would be given to the auditor. For the moment, everything is in one hand and we are back to pure usage control and a raw store for 53 weeks, which raises eyebrows 16:36:57 To be clear, my comment was not my only concern --- but the "pseudonymization before processing" was just a point I did not understand. 16:37:01 For the minutes, I disagree that OOBC is necessarily tied to market research exemptions. 16:37:04 q? 16:37:08 ack moneill 16:37:16 ...there is an assumption that honoring dnt will bias studies. why not measure dnt:1 requests now, before they are being honored to see if that would create bias. 16:37:43 mike o'neil: i also object to pseudonymization. this is how people are tracked over time now. 16:38:05 so pseudonymization is also that not every information to single out a person/browser is in one hand. So personal data is if an ID permits to re-identify and single out, but not for that one actor 16:38:22 Rigo, there is risk that an outside force would legally compell an organization to release a key (wouldn't allow for direct reverse engineering but would allow for a dictionary attack). That is a risk an organization bears for holding the key (risk-based de-identification approach) 16:38:23 .....so i think this intermediate stage should be taken out. DNT is about stopping people's web history from being collected over time. this data should not be retained and associated with 16:38:33 ....same device or individual. 16:38:55 ack efelten 16:39:08 peterswire: pseudonymization before analysis is more rigorous than retaining identifiable data 16:39:37 Rigo, as we reviewed in the HIPPA discussions, there is always some level of risk but its up to organizations to decide to what level of risk they are willing to bear with respect to their de-identification process. If they fail, they are held accountable. 16:39:44 ack Chris_IAB 16:39:49 ed felten: i don't think definition is meaningful. And it's backwards. Should be in terms of what can no longer be done with data. I don't see how it would comfort user. 16:40:13 Wileys, sure, this is the democratic risk, and we can only mitigate that risk by shorter retentions (and 53 weeks is long for that) 16:40:24 chris_iab: my comment goes back to MRC requirement and idea of privacy waivers. MRC has legal obligation to review audit and attempt accreditation when asked. 16:40:25 WileyS, How are you accountable if you are legally compelled by an outside force? 16:40:30 -schunter 16:41:00 q? 16:41:08 but the other risk is that all data in one hand is just so easy to abuse. If the key is in a different hands, you need more eyes to abuse the data and higher chances that it will blow 16:41:14 ...they compare to industry standards or what's available. George ivie said they must review any audit, but in some cases they audit against the standard the party has offered, not indutry 16:41:21 (To be clear, I'm open to a middle state for pseudonymous data, but not sure this is the right place, and certainly not in this way!) 16:41:22 ack kj 16:41:29 ...or mrc standard. But might not accredit. that's not a privacy pass 16:41:34 Zakim, who is making noise? 16:41:42 +schunter 16:41:46 npdoty, listening for 10 seconds I could not identify any sounds 16:41:47 Justin, I believe private organizations have demonstrated their ability to resist legal requests where they feel this endangers the privacy protections their users expect or have been promised 16:41:52 Zakim, who is making noise? 16:41:57 q+ 16:42:02 npdoty, listening for 10 seconds I heard sound from the following: moneill2 (35%) 16:42:10 kathy joe: coming back to 53 weeks. These standards are drawn up by stakeholders in industry bodies that determine measurement elements and retention times..... 16:42:14 q? 16:42:28 ack hefferjr 16:42:34 .....but 53 weeks is industry global standard. No meaningful data. 16:42:53 ronan heffernan: oob consent is not tied to market research. they are different. 16:42:55 @Ronan: why are they two different things... 16:43:06 hefferjr: non-real-time out-of-band consent is really a different thing from market research permitted use 16:43:08 it is about panel data.. 16:43:19 lou mastria: this is not a preference. this is how ad funded content works. This has the objective of funding content. 16:43:23 rvaneijk, I think this particular permitted use is *not* about panel data 16:43:46 Nick, yes agree, but audience measurement depends on panel data 16:44:00 ....i also want to put a push pin in idea of whether comp sci is correct or not. we are not questioning that. But some people do not want to take into account additional administrative safeguards.... 16:44:06 the exemption cannot be seen seperate from the OOBC discussion !!! 16:44:06 q? 16:44:11 ...I don't think that is getting enough credence in this group. 16:44:12 ack Lmastria_DAA 16:44:19 topic: TPE 16:44:42 schunter: sorry for being late. OOB consent discussed in IRC channel. background as follows: 16:45:09 q+ 16:45:17 q+ 16:45:24 during tpe discussion people also said there is also oob consent for things otherwise not permitted by dnt:1. Should be registered. we agreed that this exists and will continue, for example.... 16:45:47 q? 16:45:54 by contract. led by ronan we now have a discussion about how this actually works in practice and how privacy can be preserved in such a setting. 16:46:04 who is speaking? 16:46:14 +q 16:46:35 ack rvaneijk 16:46:42 q+ 16:46:46 Rob, DNT is one type of a consent mechanism but is not the only one - I believe that is the point. There are other methods to obtain user consent - not only DNT. 16:47:07 rvaneik: I am concerned that oob consent could undermine consent mechanism and global considerations work. could just result in use limitations framework. Limited. 16:47:16 q+ 16:47:33 rvaneijk, is your concern about the short-term collection? we had currently proposed an exception for short-term data, for example to de-identify data you collected 16:47:44 yes agree that there is OOBC 16:47:45 +q 16:47:49 q? 16:47:49 schunter: would like to push time gap out a bit. where i think we have agreement is that there is something like out of band consent. dnt: 0 is not only means to gather consent. do we have agreement? 16:47:51 yes 16:47:57 I think there is agreement that it's compliant to get consent out-of-band 16:47:58 q+ 16:48:11 schunter: please offer comments on this topic 16:48:34 we already have a "time gap" for existing permitted uses, so I don't see how that makes any difference -- DNT doesn't mean the UA is invisible. 16:48:38 jmayer: my understanding of group history to explain why i think agreeing on this is"sort of right" 16:48:43 topic is "out of band consent in general" (not yet implementation details) 16:49:06 + +1.415.695.aall 16:49:21 ....initially we focused exclusively on oob consent, then we developed interest in browser based api. there would still be background of oob consent but maybe something like a "should." 16:49:27 - +1.650.465.aaii 16:50:08 ...now it seems group has shifted back and people want to have both modes that will co-exist. so I agree oob consent would EXIST. But your suggestion that this is a normal mode of operation, is something... 16:50:53 + +1.650.465.aamm 16:50:55 ...where i think there will be much less comfort. to say that you can use it instead of API where API is available. I and others are concerned about race to bottom, with web sites stretching definition.... 16:51:15 q? 16:51:26 ack jmayer 16:51:41 ....of consent. There are 2 checks on this. 1 = policy check, and 2= procedural, moving consent into browser on notion (which i know is controversial) that browswers are a user interface. 16:52:23 It hardly matters what comfort there is in the group -- it is impossible to make use of an API which has not been implemented anywhere and is unlikely to be implemented correctly for a long time (if ever). Hence, OOB consent is the only option right now and will remain the only option for a very very long time. 16:52:28 schunter: so if i understood, your view is if there is api consent use that, and only go to oob consent if api is not available. 16:52:46 q- 16:52:50 jmayer: anything that gives users meaningful choice and prevents race to bottom is ok with me 16:52:54 ack Wileys 16:52:56 ack Wileys 16:52:56 ack Wileys 16:53:28 - +1.650.465.aamm 16:53:39 shane: i am with jonathan re: oob consent being necessary. It already exists by law and we have agreed standard will not modify law. so any agreement i have with user under law has to be honored. 16:54:17 q? 16:54:22 fielding, Perhaps you misunderstood. I'd be more fine with using out-of-band consent where in-band consent isn't implemented by a browser. 16:54:31 ack moneill 16:54:35 but that said, [.....] i look at this from browser questioning consent point of view. I am afraid if they do this, they will create a race to bottom from browser perspective that will requiore oob consent to maintain.... 16:54:42 balance in the ecosystem. 16:54:50 q+ 16:54:56 + +1.650.365.aann - is perhaps david_macmillan? 16:55:05 mike o'neil: I don't see point of oob consent. easy enough to get browser based consent. 16:55:09 ack rigo 16:55:12 s/browswers are a user interface/browsers have better incentives and capacity to deliver meaningful consumer choice./ 16:55:13 ack ri 16:55:16 zakim, yes 16:55:17 I don't understand 'yes', David_MacMillan 16:55:23 + +1.206.716.aaoo 16:55:39 zakim, +1.650.365.aann is David_MacMillan 16:55:39 sorry, David_MacMillan, I do not recognize a party named '+1.650.365.aann' 16:55:43 rigo: for me signaling oob consent or "c", shane, is like signaling "d" for "dismissal." 16:56:01 Zakim, aaoo is probably Tim_Davis 16:56:01 +Tim_Davis?; got it 16:56:04 As I've said repeatedly, I don't care whether it's in-band or out-of-band --- let the marketplace work it out. But there has to be transparency if any claimed exception wants to trump DNT:1. 16:56:29 zakim ann is David_MacMillan 16:56:38 ....what shane is fearing, and I agree, is that if browsers create a reaction to dnt signal. .....and dnt is real communication mechanism....then c just means "give me the data, because 16:56:44 zakim aann is David_MacMillan 16:56:50 ...i promise that i have some reason you should open up." 16:57:07 Re: Shane's point, contract formation has been greatly watered down by some courts in the U.S. I would not link the Do Not Track consent standard to vague, diverse, and widely-criticized contract formation standards. 16:57:08 ....for now we just send people to pointer [link?] where we explain. 16:57:23 np - thanks 16:57:41 q? 16:57:44 ......this "c" as "d" would be race to bottom. But should be discouraged because we are only specifying that browser can make meaningufl choices. 16:57:46 Jonathan, I would leave it up to courts to decide what is a meaningful contract and not this working group 16:57:51 q? 16:57:57 ack adrianba 16:57:57 ack adrianba 16:57:58 ack adrianba 16:58:32 adrianba: i think we are drifting slightly off topic with discussion of whether there should or shouldn't be oob consent and how it should be used. we have discussed a lot in past.... 16:59:06 Shane, consumer protection law exists to, among other things, protect consumers from the excesses of contract law. Why would we devolve our responsibility to users? 16:59:12 -Keith_Scarborough 16:59:30 ... a use case was if a service wants to roam across devices. exception api should only be called when user wants to authenticate for exception. I don't think we should discuss if oob consent is necessary.... 17:00:05 ....it is. on strict issue of issue 252, this should be a may not should or must, shouldn't require particular ui implementation 17:00:09 Moreover, we already lack consensus on whether a contract should trump Do Not Track. We had that conversation in the context of service providers. 17:00:31 Lmastria_DAA has left #dnt 17:00:40 -lmastria 17:00:43 schunter: what we have to do on oob consent is discuss reasons, implemtnation, but no more time for this today. 17:01:15 peterswire: next week the whole meeting will be on compliance. Introducing rena mears and time davis re: financial auditing permitted use 17:01:27 -schunter 17:01:36 Topic: Financial Auditing 17:01:54 important questions are: how long do you need data for different uses? differeint in us and europe? specific text that would capture this permitted use? 17:02:25 Jonathan, I'm not suggesting we devolve our responsibilities to users (and you know that) - I'm saying that the concepts of what represents a valid, enforceable contract is a matter of law and this group shouldn't attempt to solve that for the courts. As you said, this is already a sticky situation but with respect to the FTC Sears Consent Decree, I believe industry has good guidance on how best 17:02:25 to address these situations from a consumer protection perspective. 17:02:26 rena mears has impressive background on privacy auditing, for deloitte and touche, and tim davis has been an expert on online advertising for them. 17:02:55 rena: it would be helpful if you ask questions. we will do slides quickly. 17:03:04 http://lists.w3.org/Archives/Public/public-tracking/2013Mar/att-0320/mears.financial_accounting_use.pdf 17:03:15 (direct link to PDF of slides) ^ 17:03:42 .....this addresses accounting and auditing standards, which are 2 different bodies of standards. 17:03:48 ...questions may apply differently to accounting and auditing. 17:03:56 Brooks has joined #dnt 17:03:56 +Brooks 17:04:40 tim: to frame discussion of what requirements there are for financial auditing, need to discuss what the auditing is and the frameworks against which it is conducted. 17:04:56 ...these are important but some audits may have greater need for that informatoin. 17:05:11 (page 3 of 7) 17:05:13 rena: next slide discusses some of your questions, peter. 17:05:23 not on irc, can't see questions.... 17:06:20 financial audits are only one set of audits that company is subject to....soc 1 and soc 2 have now replaced sas 70s, or regulatory audit, AT 101 type literature, industry audits, and others. 17:07:12 ....financial audits governed by many standards. country by country. ifrs is ongoing discussion to bring commonality to international discussion. 17:08:08 guidance from fasb, sec and pcob for public company, accounting requires keeping records in reasonable detail to support transactions that are merely economic events within companies. 17:08:27 aipc gives guidance that records should be kept for not shorter than 5 years. 17:08:34 ....pcob says 7 years.... 17:09:07 record retention differences apparent in different standards, and companies may produce records in different forms. 17:09:20 ...ex: GAAP based statements and regulatory statements 17:09:32 Say, log files? 17:09:42 "economic event" 17:09:47 peterswire: what triggers 5 year or 7 year requirement 17:10:12 rena: it depends, but it depends on economic event definition, and is changing [this is for data retention] 17:10:38 tim: predominant types of audits: about accuracy of financial statements and internal controls. 17:11:02 -[Microsoft] 17:11:04 Clearly the economic event should be documented in a truly privacy respectful way, esp in the real-time Big Data targeting environment. 17:11:13 ....in terms of detail needed, if it affects revenue of entities, basic elements, is there contractual arrangement in place, and if so what is it..... 17:11:51 ...auditors typically understand how systems work. may rely on how those systems work/report ....rely on reports at level of aggregation above pii 17:12:24 "all they want to see is some evidence that that ad was delivered" 17:12:28 "some evidence that ad was delivered" . . . 17:12:34 ...rarely is financial auditor concerned with how info collected. just want to confirm that ad was delivered 17:13:00 financial statement auditor is less concerned about the quality [apologies, trying to track phrases I know we'll have to come back to] 17:13:00 rarely is auditor concerned with quality (targeting) of delivery. wants to confirm payment for ad delivery.... 17:13:14 ...typically not concerned with level of detail that is subject of dnt.... 17:13:50 audit work of iab re: standards for impression membership, audience measurement, MRC as independent auditor using those standards..... 17:14:11 But isn't it so that auditing is also concerned with the quality of the delivery (interactions, for ex), even on a per user basis (given growing payment systems by brands related to performance) 17:14:14 want to confirm that impressions are legitimate and valid, (human initiated)..... 17:14:25 so they need more detail re: quality of delivery. 17:14:51 ....other concern advertisers have is brand protection. advertisers want to know where their ads are showing up online...... 17:14:53 MRC/IAB auditors more concerned with, for example, whether it was a human that viewed that ad 17:15:02 ....not places that would harm brand... 17:15:02 Basic question: do sites need to retain cookie data/IP address/referer url for 5-7 years? Is retention of referer url necessary? 17:15:20 *NICK: are you scribing, or just supplementing? 17:15:22 Contracts now included elements of "quality" of delivery, as Tim just mentioned, whereas we are being asked to prove impression by real human (not a bot), in the location expected (not low quality sites), and within the dimensions of targeting (geolocation for example). 17:15:35 +[Microsoft] 17:15:37 +q 17:15:50 peterswire: just to clarify, it sounds like you said mrc, is closer to quality 17:15:55 WileyS, so retention of referer url necessary? 17:15:56 *npdoty, tx 17:16:07 *again, tx 17:16:14 -Jonathan_Mayer 17:16:39 tim: financial statements are at levels of aggregation, not referring to dnt data itself. 17:16:53 Justin, yes - for site quality requirements (where possible - often obscurred via iFrame) 17:16:59 tim: might refer to auditors working papers, necessary support for financial statement. 17:17:19 WileyS, thanks, that's what I thought. 17:17:23 ...nothing says explicitly that the dnt level detail must be retained. judgment required..... 17:17:38 Justin, a real-world use case, advertiser states they do not want their ads to appear on "adult oriented" websites - how do we prove that we met that contractual requirement? 17:17:45 ....in my experience many companies don't keep data just because there is so much, so they provide aggregated reports. 17:18:26 WIleyS, no I get it, just wanted to be clear. But it doesn't sound like you're required to retain that for seven years --- speakers just said that companies often aggregate at some point. 17:18:27 .....less focused on is the back end data bases being collected for these reasons. these secondary repositories may be where the risk is. 17:18:59 rena: i want to be cautious. i would be concerned that someone walks away thinking there is or is not a definite need for specific information. 17:19:33 ...there are accounting requirements, and there are auditing requirements. Back end info that time is concerned about, granularity, is used in ACCOUNTING (not auditing) information.... 17:19:36 Wileys, you have to keep that as long as the prescription runs. There is a german company for toll roads called Toll collect that has a well developed concept for data deletion. And we need some kind of agreement there. IMHO this is a role for DAA to get to industry practices. Because this would be overkill for the TPWG 17:19:45 Justin, agreed - at some point aggregation is acceptable - question is when. Some argue a few years - some argue something longer. Its a corporate risk dimension - what level of financial risk do you take on by aggregating data too soon? 17:19:54 ....and that trend will probably continue. transaction acctg is just economic events.... 17:20:07 Can you identify Best Auditing Practices emerging from this field to address AdEx', predictive optimization, geo-targeting, etc? 17:20:19 accting is method of recording. what systems are in and out, which are financial, will affect what time just said..... 17:20:26 Wileys, exactly, you need a common practices, and those will be localized as they are closely tied to local law 17:20:54 q? 17:20:54 ....that same level of discussion (re browswers) goes on re: revenue recognition, what is transaction, what is cost, all requires judgment..... 17:21:07 it's an art and requires audit evidence to determine validity.... 17:21:11 q+ to ask if the data is still needed after audit 17:21:22 +q 17:21:40 where there is risk you will need more info....we are talking about controls. if there are good controls and you are comfortable with that.... 17:22:02 you may require less substantive auditing. More of this when risk that controls are not adequate. 17:22:17 about Q-- priority to get explanation of the slides, given limited time; sorry on that! 17:22:18 WileyS, Yikes. If you're saying companies need to keep at cookie/IP/referer individualized level for at least three years . . . 17:22:23 ...so controls will be analyzed at higher level, but if not good enough you need more granular data..... 17:22:50 how long do you keep? AICPA has list of how long you may need accounting records...... 17:23:02 ....depends on which acocunting schedule you fall under.... 17:23:19 peterswire: so lots of ways data may be swept in..... 17:23:58 tim: marked trends underway that buyers of behavioral advertising are increasingly looking for assurance on quality of the product they are buying, so more demand for auditing..... 17:24:09 q? 17:24:37 ....are ads being targeted as advertised. i.e. moms age 30-35, are you delivering to that demographic. today not much assurance but this is where it is headed..... 17:24:49 so i anticipate the need for a lot of retention of this information.... 17:24:50 q+ 17:25:24 peterswire: is it simplistically said that as this becomes more important economically for companies auditing will be more rigorous.... 17:26:10 ...as info from browser more restricted....lots of pressure on companies to justify what they do...advertisers understand.....and want assurances that they should pay a premium... 17:26:10 q+ 17:26:54 rena: one trend with impact on this is what is financial system, and what is auditing target (may be database with pii)... 17:27:20 tim: harder for us to be confident that this user is the same user as last week, or fits into that particular demographic (for which the advertiser is paying a premium) 17:27:20 ....as targeting becomes more mainstream that affects materiality , so requires more examination.... 17:27:35 q? 17:27:43 ack moneill 17:28:28 moneilll: same issue as for audience research. re: unlinkability, how long do you need to retain connection to a particular user or device? 17:28:40 zakim, unmute me 17:28:40 jchester2 should no longer be muted 17:28:45 ack rigo 17:28:45 rigo, you wanted to ask if the data is still needed after audit 17:29:09 -WaltM_Comcast 17:29:10 rigo: my qu is on retention....there is clear accounting data that for legal reasons you have to retain..... 17:29:44 ...but raw data to justify fulfillment of contract, must this also be held beyond the audit? when you then stand for the accuracy of data? and how long do you take to audit campaing? 17:29:45 -[Mozilla] 17:29:52 ack jchester 17:30:03 zakim, mute me 17:30:03 Rigo should now be muted 17:30:33 q? 17:30:33 jeff chester: given flood of big data in digital advertising system that is now material can you describe debate in privacy audit community re: best practices 17:30:33 zakim, mute me 17:30:33 ack Brooks 17:30:37 jchester2 should now be muted 17:30:37 -Rob_Sherman 17:30:42 -efelten 17:30:50 ack dan_auerbach 17:30:58 brooks dobbs: can you clarify that what you are talking about is not simply re: oba but for all online advertising; the measure of where economic event occurred 17:31:18 Brooks, that was my understanding as well 17:31:29 dan auerbach: if i am an ad network that wants to delete raw log data after 2 months, rena urged caution. Might that change? 17:31:50 robsherman1 has joined #dnt 17:31:51 rena: divide between true financial and other audit 17:32:01 Nick, I just think it is important that this is well understood, not that it should be particularly contraversial 17:32:15 tim: how long does underlying detail have to be retained. Judgment for company and audit based on risk that auditor received 17:32:32 ...there is also judgment in interpretation of legal requirements too, so no precise answer..... 17:33:16 so as a practical matter, i have seen companies disposing of data after some time, but i advise they speak to stakeholders, attorneys, auditors, customers (who may have audit rights in contract).... 17:34:12 rena: may seem obvious but whatever standard you adopt must be incorporated into a corporate policy document because you will talking about policy and compliance.... 17:34:18 peterswire: one question is what are trend and why....heard about increasing materiality 17:34:39 -dwainberg 17:34:57 rena: my concern, which also addresses my cautioin note, is that since this is judgment call, and i am on advisory board of oba company, you see this moving to mainstream company.... 17:35:01 -JeffWilson 17:35:14 ultimately, an audit is only as good as the market perceives it to be rigorous, fair and accountable and impartial 17:35:39 when you audit you look at main chunks of revenue and assign more risk there..... 17:35:53 you end up with auditors having to recognize major business model change which is a risk, along with amount, when it becomes material..... 17:36:11 need to understand requirements given those trends...... 17:36:12 -Fielding 17:36:37 And "Do Not Track" is only useful insofar as it's perceived as a meaningful limitation on data collection. 17:36:59 tim: we have seen major corporations getting into this business but also a tremendous amount of fragmentation in this business with many intermediaries in the value chain...... 17:37:28 Justin, I believe the focus on "collection" versus "use" is still murky. While all agree on "use" not as many agree on "collection". 17:37:40 but if you are small to medium player you will not do everything yourself but will rely on third parties, and complexities makes it hard for intermediaries to determine who is responsible and has data and for how long..... 17:37:41 -WileyS 17:37:53 -adrianba 17:37:53 what about emerging ethical best practices from the auditng field? Are they working on it? 17:37:55 peterswire: how tied to financial auditing.... 17:38:22 tim....goes back to popularity of soc 1 and soc 2 reports, may ahve to get representations from other auditors.... 17:38:43 +1, yes, many thanks 17:38:47 peterswire: thank you , we look forward to possibly continue the conversation 17:39:12 rvaneijk has left #dnt 17:39:12 Zakim, list attendees 17:39:39 As of this point the attendees have been +1.202.639.aaaa, JeffWilson, Chris_IAB, moneill2, +1.202.587.aabb, npdoty, +1.404.385.aacc, peterswire, efelten, +1.215.480.aadd, 17:39:43 ... dwainberg, Fielding, WaltM_Comcast, +1.212.768.aaee, Susan_Israel, johnsimpson, RichardWeaver, rvaneijk, lmastria, jchester2, MECALLAHAN, +1.408.836.aaff, Jonathan_Mayer, 17:39:43 ... hefferjr, [Microsoft], WileyS, +1.941.539.aagg, +1.650.465.aahh, Dan_Auerbach, hwest, justin, dstark, Keith_Scarborough, adrianba, sidstamm, Rob_Sherman, chapell, 17:39:47 ... Craig_Spiezle, +1.650.465.aaii, vincent, Rigo, +1.516.376.aajj, [FTC], prestia, schunter, +1.516.376.aakk, vinay, +1.415.695.aall, +1.650.465.aamm, +1.650.365.aann, 17:39:47 ... +1.206.716.aaoo, Tim_Davis?, Brooks 17:39:47 -Craig_Spiezle 17:39:47 -[FTC] 17:39:47 -[CDT] 17:39:47 -Dan_Auerbach 17:39:47 -[Microsoft] 17:39:47 -Susan_Israel 17:39:47 -RichardWeaver 17:39:47 -Tim_Davis? 17:39:48 -peterswire 17:39:48 -jchester2 17:39:48 - +1.415.695.aall 17:39:48 -kulick? 17:39:48 -vincent 17:39:50 -johnsimpson 17:39:50 -hefferjr 17:39:50 -rvaneijk 17:39:50 -npdoty 17:39:50 -Rigo 17:39:50 -moneill2 17:39:50 -dstark 17:39:50 -Yianni? 17:39:50 -prestia 17:39:50 -vinay 17:39:50 -Brooks 17:39:51 -??P76 17:39:51 -Chris_IAB 17:39:51 -chapell 17:39:54 -MECALLAHAN 17:40:01 -david_macmillan? 17:40:03 T&S_Track(dnt)12:00PM has ended 17:40:03 Attendees were +1.202.639.aaaa, JeffWilson, Chris_IAB, moneill2, +1.202.587.aabb, npdoty, +1.404.385.aacc, peterswire, efelten, +1.215.480.aadd, dwainberg, Fielding, WaltM_Comcast, 17:40:03 ... +1.212.768.aaee, Susan_Israel, johnsimpson, RichardWeaver, rvaneijk, lmastria, jchester2, MECALLAHAN, +1.408.836.aaff, Jonathan_Mayer, hefferjr, [Microsoft], WileyS, 17:40:04 ... +1.941.539.aagg, +1.650.465.aahh, Dan_Auerbach, hwest, justin, dstark, Keith_Scarborough, adrianba, sidstamm, Rob_Sherman, chapell, Craig_Spiezle, +1.650.465.aaii, vincent, 17:40:04 ... Rigo, +1.516.376.aajj, [FTC], prestia, schunter, +1.516.376.aakk, vinay, +1.415.695.aall, +1.650.465.aamm, +1.650.365.aann, +1.206.716.aaoo, Tim_Davis?, Brooks 17:40:19 johnsimpson has left #dnt 17:41:01 kulick has left #dnt 17:43:36 adrianba has joined #dnt 19:49:26 Zakim has left #dnt 21:15:15 schunter has joined #dnt 23:15:13 npdoty has joined #dnt