W3C

- DRAFT -

Tracking Protection Working Group Teleconference

07 May 2014

See also: IRC log

Attendees

Present
Ninja, Jeff, dsinger, Wendy, Jack_Hobaugh, Peder_Magee, +31.65.275.aaaa, Carl_Cargill, Rob, Chris_Pedigo, eberkower, npdoty, justin, moneill2, Ari, hefferjr, [FTC], MattHayes, WaltMichel, Brooks, adrianba, kulick, rvaneijk
Regrets
walter, WileyS, wileys
Chair
justin, carl, schunter
Scribe
ninja, wseltzer

Contents


<trackbot> Date: 07 May 2014

<JackHobaugh> I just muted my phone

<npdoty> chair: Carl_Cargill, justin

<wseltzer> [_3538 is Peder_Magee]

<justin> anyone want to scribe today?

<ninja> yes

<ninja> scribenick: ninja

Disregard signal

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Disregarding

Rob and Mike spend some more time on their proposal

The normative req may be quite close to what we already have in TPE.

<dsinger> can I be clear; this is text for the compliance document, and is complementary to the TPE requirements? Or is this intended to modify TPE?

They have added non-normative language to encourage folks to use the Tk signal

<npdoty> dsinger, I understand this conversation to be just about the Compliance document, in a complementary fashion

justin: Answer to dsinger. Yes this is language for TCS.

<wseltzer> s/designer./dsinger,/

moneill2: Our text adds the motivation to add a reason by using a qualifier.

justin: this is non-normative. Therefore it is a recommendation.
... Does anyone have problem with this text?

<dsinger> I don’t have a major problem, but I am concerned that the first paragraph duplicates the normative requirement in TPE

<Ari> we're talking about something that will be included in the privacy policy, not anything that is returned in via signal, right?

<npdoty> Ari, the non-normative suggestion is that we could use the response signal to point to the particular part of the privacy policy

npdoty: I may have a friendly edit to this text proposal. Using a May instead of non-normative. (not sure if I got this right)

<Ari> thanks nick

<dsinger> to Ari: no, they are suggesting a return signal. If your policy says “I have 3 possible reasons to disregard” then they recommend that the return signal say “and you got caught by reason #2”

justin: Mike, would you be okay to rather point to TPE paragraph instead of rephrasing it in TCS? With the added transparency recommendation?

<Ari> yes, thank you david. I understand now. Although I wouldn't use the word caught as it sounds like we're trying to use a "gotcha" on the user

<wseltzer> scribenick: wseltzer

justin: any other questions about disregard signal?
... seems we're pretty closely aligned
... hope we can work out on list

Unknowing Data Collection

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Unknowing

justin: no one has picked up on language Jonathan suggested
... it's been two weeks, so I've closed the issue
... Second question, Lee Tien and David Singer were talking about short-term data collection
... think that's a different issue, so I'm going to postpone that
... to group with research

<dsinger> yes, short-term is different from both this and general research.

dsinger: I don't see how short-term is tied to other permission

<npdoty> has some editorial fixes for that section, I think ("reasonably feasible" sounds awkward to me), but fine to close that issue

dsinger: it's about recognizing that people can't do processing in real-time
... there can be a gap between collection and processing

justin: maybe a misunderstanding
... I had the impression that you could use for any purpose, including research
... but would be happy to discuss separately from research

dsinger: Only three exits for the raw data you collect:
... extract data that's non-tracking
... extract data for which you had consent
... or permitted use

justin: so is the first one research uses?

dsinger: current proposal, says there's "a processing step"
... changing to say you can keep doing processing on raw data kept around is a different proposal

justin: fine to add back to the agenda next week; I misunderstood

User agent compliance

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_User_Agent_Compliance

justin: wiki shows current editors' draft
... middle ground, some obligations on UA to make options available, but not prescriptive
... alternatively, nothing beyond TPE
... other proposals in the wiki. Chapell other UAs
... Hobaugh on which UAs

<Ari> The TPE seems ambiguous to me, so I think this needs to be addressed in the compliance document

justin: Biggest question: do we say it's addressed in TPE, or put something in TCS
... are you happy with language in editors' draft, or want to add more prescriptive requirements, if we're clarifying

npdoty: would like to know what's ambiguous

<dsinger> again, I am concerned with having two normative documents addressing the same question. overlap is not good practice

<moneill2> +q

npdoty: with the division we have now, UAs might think TPE contains their complete obligations
... seems less likely they'd review the TCS
... maybe we already have it in TPE
... Q2, Adrian had suggested common language for UAs and Websites seeking exception
... if that's what we're doing, cut it down to user indications

<npdoty> User agents and web sites are responsible for determining the user experience by which a tracking preference is controlled. User agents and web sites MUST ensure that tracking preference choices are communicated to users clearly and accurately and shown at the time and place the tracking preference choice is made available to a user. User agents and web sites MUST ensure that the tracking preference choices describe the parties to whom DNT applies and MUST make

<npdoty> available brief and neutral explanatory text to provide more detailed information about DNT functionality.

<npdoty> That text MUST indicate that:

<npdoty> if the tracking preference is communicated, it limits collection and use of web viewing data for certain advertising and other purposes;

<npdoty> when DNT is enabled, some data may still be collected and used for certain purposes, and a description of such purposes; and

<npdoty> if a user affirmatively allows a particular party to collect and use information about web viewing activities, enabling DNT will not limit collection and use from that party.

<Ari> is there a link to adrian's proposal you are referring to that we can look at now?

justin: 3d alternative, taking just a part for TCS

<npdoty> I get the impression that most of the other requirements are already present in the TPE, but I'd have to go line-by-line to compare

moneill2: If we made a general preference

<npdoty> right, and the first two sentences are generally duplicated from TPE

justin: sounds reasonable editorial change

<Zakim> dsinger, you wanted to talk about overlap

dsinger: It's not great practices for two specs to duplicate one another
... I'd rather we get the language right in the TPE

<npdoty> moneill2: on the first sentence (number of alternative choices), should make clear that that's for the general preference

dsinger: it's protocol compliance, and I thought we had

justin: so you're suggesting we strike the section in TCS

dsinger: yes

<ninja> the current TCS text is also missing our result from issue-153

Disregard signal

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Unknowing

Geolocation

<npdoty> [that's an editorial fix from moneill2, although maybe it would be obsoleted by other proposals]

justin: geolocation
... suggestion from Tom Lowenthal that we need to deal specifically with geoloc

<ninja> wiki page: https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Geolocation

justin: proposals to use existing language, or delete entirely
... because we don't treat any categories of sensitive info differently

<adrianba> think we should delete it

<npdoty> don't feel strongly, but thought we had already settled on this text

<JackHobaugh> I also think it should be deleted

justin: I don't think we got consensus

<Ari> we should delete it

<dsinger> sounds like we delete, and maybe have the non-normative note about careful handling as well

justin: if people want to keep it, burden on them to explain why we should keep it

ninja: would you take this up as a special case of de-id?
... or just drop talk of geoloc?

<adrianba> postal code could be very specific - in the UK it is often 4 or 5 houses

justin: maybe that's a middle ground

<dsinger> I suggested it go after the definition of tracking, but a lot depends on the shape of the TCS

justin: maybe reasonable to point out that geoloc can be identifying
... if no further thoughts, I'll suggest we drop and replace with dsinger's non-normative language

Editing

justin: we never added another editor to TCS when I became chair
... so we've asked Nick, from W3C staff, to join Heather as an editor of TCS

npdoty: Last week we discussed TCS snapshot publication; that should happen tomorrow

[adjourned]

trackbot, end teleconf

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2014-05-07 16:37:37 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/designer/dsinger/
FAILED: s/designer./dsinger,/
Succeeded: s/practive/practice/
Found ScribeNick: ninja
Found ScribeNick: wseltzer
Inferring Scribes: ninja, wseltzer
Scribes: ninja, wseltzer
ScribeNicks: ninja, wseltzer
Default Present: Ninja, Jeff, dsinger, Wendy, Jack_Hobaugh, Peder_Magee, +31.65.275.aaaa, Carl_Cargill, Rob, Chris_Pedigo, eberkower, npdoty, justin, moneill2, Ari, hefferjr, [FTC], MattHayes, WaltMichel, Brooks, adrianba, kulick, rvaneijk
Present: Ninja Jeff dsinger Wendy Jack_Hobaugh Peder_Magee +31.65.275.aaaa Carl_Cargill Rob Chris_Pedigo eberkower npdoty justin moneill2 Ari hefferjr [FTC] MattHayes WaltMichel Brooks adrianba kulick rvaneijk
Regrets: walter WileyS wileys
Found Date: 07 May 2014
Guessing minutes URL: http://www.w3.org/2014/05/07-dnt-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]