W3C

- DRAFT -

Tracking Protection Working Group Teleconference

04 Jun 2014

See also: IRC log

Attendees

Present
+1.646.654.aaaa, Ninja, Nielsen__Raymond_, WaltMichel, dsinger, +1.425.366.aabb, Jack_Hobaugh, vinay, Peder_Magee, Wendy, Amy_Colando, Chris_Pedigo, Alan(IAB), Chris_Mejia, moneill2, justin, schunter, +1.212.941.aacc, hefferjr, npdoty, brooks, WileyS, kulick, [FTC], Susan_Israel, [Microsoft], vincent
Regrets
carlcargill, fielding, johnsimpson
Chair
justin, schunter
Scribe
ninja, amyc

Contents


<trackbot> Date: 04 June 2014

<Nielsen__Raymond_> W3C Tracking Protection Working Group Call

<Nielsen__Raymond__> W3C Tracking Protection Working Group Call

<ninja> Nielsen__Raymond_ you should now be able to mute yourself

<Chris_Mejia> Hi Ninja, do you have a second?

<Chris_Mejia> Just joined the call from a private line

<ninja> volunteer to scribe today?

<sidstamm> hi all, I can't dial in today but will monitor IRC

<ninja> I can, sure

<justin> scribenick: ninja

<scribe> scribenick: ninja

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Service_Provider

Service Providers

justin: This issue has been on the agenda for some time now.
... In the last calls most people seemed fine with Roy's proposal.
... Some folks argued for siloing of customer data. Will follow up with an email to the mailing list.
... Roy is not online today. I will send out a note.

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_First_Party_Compliance

Data Append and First Parties

justin: More controversial issue. Let me walk you through the proposals on the wiki page

<vinay> that's correct, justin

justin: We may be down to two options here. Vinay's and Susan's proposal could be combined to one.
... The other proposal would be from John Simpson and Mike O'Neill

npdoty: Wanted to ask whether to add Roy's proposal on service providers to the draft now?

<npdoty> I have no objection to not taking an action item at this time.

justin: Hold it off until we made sure there is no disagreement.

<Chris_Mejia> This group has been historically resistant to requirements on the UI of a UA. For example, Alan and I (and others) proposed a set of requirements on the UI for UAs setting/sending DNT:1. We had proposed that the user be properly informed about the choice they were making before setting DNT:1. Essentially what we were proposing was the choice be "clearly and comprehensively explained" before the DNT:1 signal was set. As I recall, our proposal was lar[CUT]

<Chris_Mejia> So now, as I understand it, folks who rejected our similar proposal for the setting of DNT:1, want those rules applied for the setting of DNT:0, to servers?

Moneill2: My proposal is based on Rigo's idea of having DNT;0 as a consent mechanism.

<Chris_Mejia> wseltzer, I see it

Moneill2: Suggested some extra language to Matthias to convey that a consent needs to rely on specific information.

<Chris_Mejia> REPOSTING: This group has been historically resistant to requirements on the UI of a UA. For example, Alan and I (and others) proposed a set of requirements on the UI for UAs setting/sending DNT:1. We had proposed that the user be properly informed about the choice they were making before setting DNT:1. Essentially what we were proposing was the choice be "clearly and comprehensively explained" before the DNT:1 signal was set.

<Chris_Mejia> As I recall, our proposal was largely rejected. So now, as I understand it, folks who rejected our similar proposal for the setting of DNT:1, want those rules applied for the setting of DNT:0, to servers?

<npdoty> wouldn't that be a condition of when you ask for a user-granted exception? when you present that explanation to the user, you should do what you said.

Moneill2: Depending on the privacy policy the site needs to have some mechanism to differentiate between DNT;0 and more specific consent of UGE (not sure if I got Mike correctly)

justin: If the law requires you to provide clear information, what is the benefit in stating it here in TCS?

moneill: clearly and comprehensively should not be controversial.
... The user should be able to understand the circumstances.

<Zakim> dsinger, you wanted to say that the requirements on the quality of explanation for an exception belongs in the exception section

<Chris_Mejia> If there is a law around DNT, then the law would prevail, and don't need to be incorporated here.

justin: Chris had reminded the group that we did not want to be overly prescriptive on how UAs present information.

<Chris_Mejia> agree with dsinger's point here

dsinger: This is the wrong place to talk about requirements for exceptions. This should go in the section on exceptions

justin: Roy also made a point about testability. This would also be a case of difficult testability.

<wseltzer> dsinger: those who ask for exceptions will ask for "permission to track" generally, not specific ability to track particular data items

<JackHobaugh> The issue is that when a DNT:0 is set, it is not possible to determine whether the user set it with the intent of granting an exception or the “user prefers to allow tracking on the target site.” Even if the user had granted an exception previously, how do we know whether the user has started sending the DNT:0, not as an exception signal but as a preference to allow tracking? Accordingly, I believe it is not a good idea to overload the DNT:0 signal.

justin: The existing language by vinay would not prohibit data append. Mike's would. So this may be the main difference

<npdoty> +1 on dsinger. I think we have existing text on exceptions requiring explicit consent on the page before being stored in the user agent.

justin: Ask Mike whether he would be willing to move the second sentence to the section about requirements on exceptions and DNT;0

<npdoty> right, could we discuss the first paragraph/sentence as a proposal for issue-170 and then separately discuss the conditions of exceptions if need be?

<vinay> Just to clarify my language, I wasn't taking a stand one way or the other on data append. Instead, my language was cleaning up the existing text (which doesn't talk about data appends either)

<Chris_Mejia> Mike, I think it's already in there, under UGEs

Mike: If there is a better place to put it I will take a look at that.

<dsinger> I don’t mind it saying that IF the DNT:0 is a resilt of an exception, THEN you can only track to the extent you asked for permission to when the exception was granted. But I don’t think it will have any useful effect, since I expect sites will ask to track you generally.

<dsinger> And anyway, it’s clearly true whether we state it or not. “I want to remember your IP address” and then it turns out they remembered a whole load of other data, they’re in trouble whether or not this sentence exists in our spec.

What Chris is pointing at is that we jumped through a lot of hoops by putting up requirements for this special case that are not reflected in other sections that address consent in general.

<Chris_Mejia> the 170 proposal seems overly prescriptive and a bit misplaced.

scribe: If these don't align we have a problem. So please take a look at the text regarding consent in TPE and TCS.

<WileyS> The law should determine if Consent was valid - not our spec

<npdoty> TCS currently refers at a high level to "explicit and informed consent". TPE refers to "user's intention to grant an exception ... reflects informed consent".

Context Separation

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_use_in_Third_Party_Context

justin: The existing text does not limit what a first party could do with its data in third party context

I remember the folks from NAI and Walter said that this would be surprising to a user.

<npdoty> can we consolidate proposals on that? I think Walter's is particularly concise.

scribe: the other idea currently on the wiki was from Yanni and I is based on the idea of more transparency and is somewhat in the middle ground.
... Following up on Nick's comment, yes agree that Walter's proposal is more concise. We should encourage merging.
... Will talk to Alan offline.

dsinger: I don't see the privacy concern in this issue.

<Zakim> dsinger, you wanted to comment on use in 3rd party context: I thought we cared about privacy, not evidence of data collection?

<Chris_Mejia> +1 dsinger

dsinger: we are talking about data that was legitimately collected.

<moneill2> +q

<Chris_Mejia> I don't think we are going to solve EVERY privacy concern with this spec... nor should we attempt to boil that ocean.

wseltzer: Coming back to our definition of tracking and many definitions of privacy - use of data outside the context it occurred in could be seen as a violation of privacy

<npdoty> (I have tended to avoid bringing in academic discussions of privacy definitions, but there's a certainly a variety of them and the "conextual integrity" one is common)

<dsinger> why should you not recognize the user?

<dsinger> they logged on or otherwise identified themselves, didn’t they?

<wseltzer> sometimes academics can say useful things...

moneill2: To recognize the user in a third party context you need to have a unique ID, cooke etc. People would see that as tracking

<Chris_Mejia> I really don't think we can go back in history

moneill2: They would feel cheated when sending DNT;1

<Chris_Mejia> not sure Alan Chappell would agree with that statment

<npdoty> moneill2, was the concern about having an identifier at all from a party you previously interacted with as a first party?

justin: I don't think it is limited to users being logged on to the first party. I could see some argument for bigger trust there.

<WileyS> Not sure I'm following on this one but don't disagree with that position - but would argue if the data was collected while logged-in a company would argue they had consent for use.

justin: Right now the spec does not limit data collection to a logged-on state.

<npdoty> correct. we don't refer to "logged in" status in the Compliance doc at the moment, I believe.

<Zakim> wseltzer, you wanted to suggest specific concerns, e.g. ads tracking across public browsing

<moneill2> if the identifier is there it should at least not be used, preferably deleted if DNT:1

justin: Any first party could use the data in a third party context and it could confuse users.

<Chris_Mejia> it seems like we are talking about this idea of "the right to be forgotten"

wseltzer: Giving an example. User has been bra shopping and an ad pops up during presentation.

<Chris_Mejia> that's been a very controversial concept

wseltzer: We need to decide whether protection against this is within scope of DNT

<moneill2> third party cookie blocks by browsers addresses this issue

justin: Don't see us to coming to easy consensus here

<amyc> sure, no problem

<justin> scribenick: amyc

<ninja> scribenick: amyc

Justin: two positions (yes, never) calling for middle ground, perhaps clarifying that you need to be logged in in order to use data in another context

<npdoty> for people who have supported existing text (maybe Rob or Shane), would a branding or other proposal work for you?

Justin: encourages finding middle ground, or will need to go for call for objections
... last issue is data minimization

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Unique_Identifiers

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Retention_Permitted_Uses

Nick: any action items on context separation?

Justin: will follow up with Alan to see if OK with adopting Walter's proposal, and then Rob's proposal is clear cut. Call for middle ground proposal, up to WG members to come up with proposal

<npdoty> thanks, just wanted to get a summary of our milestones/action items on that issue.

Data Minimization

Justin: existing text from June draft - quoting text

<WileyS> Too broad - highly subjective determination of "where available"

Justin: Dan Auerbach had proposed no unique identifiers, then Mike fleshed out no persistent identifiers, focus on browser fingerprinting, text is available on wiki

<WileyS> Yes - to existing draft text - this is from the Swire/W3C Staff Draft

<Chris_Mejia> justin, ndoty, a suggestion: since we are working on a compliance doc that ties to the TPE, it would be great to post the pertinent TPE section with the proposals we are considering (so we view these proposals in proper context)

Justin: has there been text submission to modify that text? Would be helpful to submit language or remind of previously submitted alternative language

<ninja> We have not talked about data minimization for months. If the text proposals on the wiki are not up to date, please let us know (mail to me or the mailing list)

<Chris_Mejia> justin, npdoty, my suggestion would be to tie the compliance doc back directly to the TPE, calling out the relevant sections in the TPE. Does that make sense? Otherwise we risk these docs diverging.

Justin: does anyone want approach of hard numbers for specific purposes for data minimization?

<npdoty> Chris_Mejia, is that a suggestion for the wiki pages and change proposals? or adding notes in the Compliance doc itself with links to TPE sections?

Justin: responding to Chris suggestion - not sure I can do this real time, but will try to do this on wiki

<npdoty> (okay, the former, thanks.)

Chris: hard to match up compliance sections with pertinent TPE section
... would also be helpful in final doc for implementers

Justin: agrees generally, but not seeing direct connection on data minimization
... between TPE and Compliance

Chris: need this from engineering perspective, we should make this clear

<npdoty> I'm willing to do the general review to make sure the documents (TPE & Compliance) are in sync. (I've done some of those things already particularly around language / defined terms, but I think there are some additional things that need to be done.)

<Chris_Mejia> npdoty, both

<npdoty> ACTION: doty to do review of Compliance to make sure it's in sync with TPE LCWD [recorded in http://www.w3.org/2014/06/04-dnt-minutes.html#action01]

<trackbot> Created ACTION-451 - Do review of compliance to make sure it's in sync with tpe lcwd [on Nick Doty - due 2014-06-11].

<npdoty> action-451: we'll need to do this again at different stages, but now would be a good time to do another pass

<trackbot> Notes added to action-451 Do review of compliance to make sure it's in sync with tpe lcwd.

Justin: similarly, on advocate side, if anyone wants to run with hard limits on data uses, please speak up. Will send to list, otherwise not inclined to pursue if no one willing to work with this

<npdoty> action-451 due 2014-06-18

<trackbot> Set action-451 Do review of compliance to make sure it's in sync with tpe lcwd due date to 2014-06-18.

Next Steps

<ninja> link to justin's email: http://lists.w3.org/Archives/Public/public-tracking/2014Jun/0003.html

Justin: any other questions on data minimization? no response
... sent out old issues to mailing list earlier in week, believe that these are not controversial, but if anyone wants to discuss any of these, we will schedule time
... hope people will be ok with closing

nick: we have issue 233 with replacing limited with minimized, not sure if there is more of a text proposal

<npdoty> http://www.w3.org/2011/tracking-protection/track/issues/233

<ninja> yes, will do

<npdoty> via Jack, that refers to changing "limited" to "minimized"

justin: asking ninja to merge wiki and add issue 233, call for Jack or others to submit text
... will send note to group on mailing list

<npdoty> (if it's just find/replace, that's easy and sounds good to me. if there's more detail, we should have it to compare against others while we're trying to update this section)

Summary of Action Items

[NEW] ACTION: doty to do review of Compliance to make sure it's in sync with TPE LCWD [recorded in http://www.w3.org/2014/06/04-dnt-minutes.html#action01]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2014-06-04 16:49:16 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/Nielsen__Raymond_. upi//
Succeeded: s/reasons/ability to track particular data items/
Found ScribeNick: ninja
Found ScribeNick: ninja
Found ScribeNick: amyc
Found ScribeNick: amyc
Inferring Scribes: ninja, amyc
Scribes: ninja, amyc
ScribeNicks: ninja, amyc
Default Present: +1.646.654.aaaa, Ninja, Nielsen__Raymond_, WaltMichel, dsinger, +1.425.366.aabb, Jack_Hobaugh, vinay, Peder_Magee, Wendy, Amy_Colando, Chris_Pedigo, Alan(IAB), Chris_Mejia, moneill2, justin, schunter, +1.212.941.aacc, hefferjr, npdoty, brooks, WileyS, kulick, [FTC], Susan_Israel, [Microsoft], vincent
Present: +1.646.654.aaaa Ninja Nielsen__Raymond_ WaltMichel dsinger +1.425.366.aabb Jack_Hobaugh vinay Peder_Magee Wendy Amy_Colando Chris_Pedigo Alan(IAB) Chris_Mejia moneill2 justin schunter +1.212.941.aacc hefferjr npdoty brooks WileyS kulick [FTC] Susan_Israel [Microsoft] vincent
Regrets: carlcargill fielding johnsimpson
Found Date: 04 Jun 2014
Guessing minutes URL: http://www.w3.org/2014/06/04-dnt-minutes.html
People with action items: doty

[End of scribe.perl diagnostic output]