15:54:07 <RRSAgent> RRSAgent has joined #dnt
15:54:07 <RRSAgent> logging to http://www.w3.org/2014/08/20-dnt-irc
15:54:09 <justin> justin has joined #dnt
15:54:09 <trackbot> RRSAgent, make logs world
15:54:09 <Zakim> Zakim has joined #dnt
15:54:11 <trackbot> Zakim, this will be TRACK
15:54:11 <Zakim> ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 6 minutes
15:54:12 <trackbot> Meeting: Tracking Protection Working Group Teleconference
15:54:12 <trackbot> Date: 20 August 2014
15:54:23 <npdoty> chair: justin
15:54:27 <npdoty> regrets+ johnsimpson
15:55:00 <dsinger> dsinger has joined #dnt
15:55:16 <npdoty> npdoty has changed the topic to: agenda, August 20th: http://lists.w3.org/Archives/Public/public-tracking/2014Aug/0040.html
15:55:42 <eberkower> eberkower has joined #dnt
15:55:44 <schunter> schunter has joined #dnt
15:57:46 <moneill2> moneill2 has joined #dnt
15:58:00 <jeff> jeff has joined #dnt
15:58:25 <Zakim> T&S_Track(dnt)12:00PM has now started
15:58:32 <Zakim> +eberkower
15:58:50 <eberkower> Zakim, mute me please
15:58:50 <Zakim> sorry, eberkower, muting is not permitted when only one person is present
15:59:27 <Zakim> +RichardWeaver
15:59:28 <Zakim> +Jack_Hobaugh
15:59:40 <Zakim> +[FTC]
15:59:53 <Zakim> +[Apple]
16:00:01 <dsinger> zakim, [apple] has dsinger
16:00:01 <Zakim> +dsinger; got it
16:00:07 <Zakim> +npdoty
16:00:28 <amyc> amyc has joined #dnt
16:00:32 <npdoty> Zakim, agenda?
16:00:32 <Zakim> I see nothing on the agenda
16:00:34 <Zakim> +??P12
16:00:36 <Richard_comScore> Richard_comScore has joined #dnt
16:00:40 <npdoty> agenda+ issue-188
16:00:41 <schunter> Zakim, ??P12 is me
16:00:42 <Zakim> +schunter; got it
16:00:44 <npdoty> agenda+ issue-203
16:00:50 <eberkower> Zakim, please mute me
16:00:50 <Zakim> eberkower should now be muted
16:00:53 <Zakim> +[Microsoft]
16:00:53 <npdoty> agenda+ personalization
16:01:02 <npdoty> agenda+ audience measurement
16:01:04 <npdoty> agenda+ aob
16:01:11 <Zakim> +kulick
16:01:28 <kulick> kulick has joined #dnt
16:01:32 <Zakim> +Jeff
16:02:27 <Zakim> + +1.202.407.aaaa
16:02:32 <justin> zakim, who is on the phone?
16:02:32 <Zakim> On the phone I see eberkower (muted), RichardWeaver, Jack_Hobaugh, [FTC], [Apple], npdoty, schunter, [Microsoft], kulick, Jeff, +1.202.407.aaaa
16:02:34 <Zakim> [Apple] has dsinger
16:02:35 <amyc> I can scribe
16:02:36 <kj> kj has joined #dnt
16:02:36 <justin> zakim, aaaa is me
16:02:36 <Zakim> +justin; got it
16:02:55 <vincent> vincent has joined #dnt
16:02:58 <vinay> vinay has joined #dnt
16:03:00 <npdoty> scribenick: amyc
16:03:42 <amyc> justin: goes over four agenda items, focus on de-id and how to use term tracking in compliance doc
16:03:54 <Zakim> +vincent
16:03:55 <dsinger> q+
16:03:56 <Zakim> + +1.917.934.aabb
16:04:04 <amyc> ... start with deid, then pick up tracking when Roy joins
16:04:45 <amyc> dsinger: Apple has expert to answer limit ad tracking
16:05:12 <amyc> ... Eric can help respond, on iOS equivalent of DNT
16:05:12 <npdoty> Zakim, take up agendum 4
16:05:12 <Zakim> agendum 4. "audience measurement" taken up [from npdoty]
16:05:24 <npdoty> ack dsinger
16:05:37 <amyc> Eric: question about how others would use ad id for other uses
16:05:53 <dsinger> s/Eric/Erik/
16:06:04 <Zakim> + +1.813.366.aacc
16:06:13 <npdoty> present+ ErikN
16:06:20 <amyc> justin: yes, can still collect data for frequency cap, billing, but there have been questions about whether data can still be used for analytics and research
16:06:28 <WileyS> WileyS has joined #dnt
16:06:52 <Zakim> +WileyS
16:07:06 <amyc> ErikN: switch inside iOS that user can find and turn on, associated with Apple ID and sync across devices
16:07:26 <fielding> fielding has joined #dnt
16:07:30 <amyc> ... limit ad tracking brings contractual enforcement to app developers, program license agreement
16:07:44 <Zakim> +??P46
16:07:53 <justin> zakim, who is on the phone?
16:07:54 <Zakim> On the phone I see eberkower (muted), RichardWeaver, Jack_Hobaugh, [FTC], [Apple], npdoty, schunter, [Microsoft], kulick, Jeff, justin, vincent, +1.917.934.aabb, +1.813.366.aacc,
16:07:57 <Zakim> ... WileyS, ??P46
16:07:57 <Zakim> [Apple] has dsinger
16:07:57 <Zakim> +Fielding
16:08:40 <amyc> ... which contains restrictions on app developers. IDFA is non permanent ID that user can reset at any time. Can be used for interest targeting. If limit tracking is on, then contract requires that developer honor limit ad tracking choice
16:09:28 <moneill2> npdoty, i am on 735619 uk number
16:09:30 <amyc> ... in practice, most developers not doing their own ad work, using a third party framework. Generally speaking, code of that third party library will query with IDFA. Because developer ships code, the program license agreement comes into force.
16:09:30 <adrianba> adrianba has joined #dnt
16:09:52 <npdoty> Zakim, ??p46 is moneill2
16:09:52 <Zakim> +moneill2; got it
16:10:02 <amyc> ... pulling up program license agreement that has specifics as to what is included as permitted when limit ad tracking is on
16:10:10 <moneill2> zakim, mute me
16:10:10 <Zakim> moneill2 should now be muted
16:10:29 <WileyS> general reporting versus profiling
16:10:34 <amyc> justin: seems to conflicting info on whether analytics is allowed
16:10:40 <Zakim> + +1.425.707.aadd
16:10:49 <adrianba> zakim, aadd is me
16:10:49 <Zakim> +adrianba; got it
16:10:59 <adrianba> zakim, mute me
16:11:02 <Zakim> adrianba should now be muted
16:11:04 <amyc> ErikN: when limit ad tracking is on, there is not exhaustive list of forbidden uses. Instead, there is a list of allowed uses.
16:11:27 <npdoty> that sounds like a similar model to our document
16:11:41 <amyc> Justin: so can still collect IDFA for frequency capping, x, Y, Z, not a blanket prohibition?
16:13:06 <amyc> ErikN: set of permitted uses, we don't define behavioral advertising. We looked at core uses, impact to advertising and impact to advertising. Some basic uses of ID that aren't tailored or targeted to individual, but are about the mechanics of advertising
16:13:09 <Zakim> +Wendy
16:13:22 <justin> q?
16:13:25 <amyc> ... will send agreement to dsinger and list
16:14:03 <amyc> Justin: on Android platform, different language, the ad id must only be used for ad and analytics [not sure I am getting all this, can we submit to list?]
16:14:58 <amyc> ... specifcially prohibits creation of user profiles for advertising, looks like it is silent on pure analytics or market research
16:15:06 <npdoty> that Android text specifically prohibits some uses, as well as permitting some uses
16:15:28 <npdoty> http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Audience_Measurement
16:15:49 <justin> q?
16:16:34 <amyc> Justin: goes over ESOMAR proposal, on calibration of opt-in panels, not all users. If someone wants to propose that all research or product improvement is allowed, that would be possible. DAA has language like this in self reg.
16:16:41 <justin> q?
16:16:54 <amyc> ... unless new text proposed, will go to poll on Esomar proposal in week or two
16:17:03 <npdoty> Zakim, take up agendum 1
16:17:03 <Zakim> agendum 1. "issue-188" taken up [from npdoty]
16:17:13 <justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification
16:17:27 <fielding> actually, I just updated the wiki
16:17:34 <amyc> Justin: Status of deid, three proposals, plus language from dsinger that is being finalized
16:17:40 <Zakim> +Brooks
16:17:40 <dsinger> yes, my last email is http://lists.w3.org/Archives/Public/public-tracking/2014Aug/0036.html
16:17:45 <Brooks> Brooks has joined #dnt
16:17:47 <fielding> oh, never mind -- other page
16:17:58 <dsinger> right, I was waiting for dust to settle
16:18:00 <fielding> I updated the one on 203
16:19:04 <amyc> ... may have been questions about dsinger text
16:19:06 <moneill2> zakim, unmute me
16:19:06 <Zakim> moneill2 should no longer be muted
16:19:20 <amyc> ... EFF and Jeff seemed supportive
16:19:46 <justin> q?
16:19:49 <fielding> q+
16:19:54 <amyc> Moneill2: concern was about making method public, text looks good at moment
16:20:03 <moneill2> zakim, mute me
16:20:03 <Zakim> moneill2 should now be muted
16:20:04 <npdoty> q+
16:20:10 <dsinger> I am totally cool with a change of name, to avoid confusion
16:20:11 <amyc> fielding: drop all proposals and change word to anonymize
16:20:40 <dsinger> De-associated?
16:20:50 <amyc> ... didn't want to use unlinkable because link is important term for web
16:21:28 <amyc> ... a few places where we use deidentified, where we should use anonymized
16:21:49 <amyc> Justin: wouldn't we still have to define anonymize, would we use these definitions?
16:22:00 <dsinger> as my email indicates I am happy to use this text to define a better term (and use that term in the document)
16:22:12 <amyc> fielding: Yes, but discussion would be closer to finalize.
16:22:24 <amyc> ... confirms his proposal would work with anonymize
16:22:27 <npdoty> q+
16:22:33 <justin> q- field
16:22:35 <justin> ack npd
16:22:41 <amyc> Justin: does anyone care about using anonymize rather than deidentified?
16:22:58 <dsinger> q+
16:23:33 <amyc> npdoty: anonymize is used in dramatically different ways, could lead to confusion. Deid matches FTC language, more accurately describes process that involves pseudonymized records
16:23:40 <justin> ack ds
16:23:58 <npdoty> I'm fine with a descriptor to add to de-identified
16:24:07 <WileyS> Either has its pros/cons - anonymous at least fits better into the anonymous, pseudonymous, personal paradigm.
16:24:09 <amyc> dsinger: could use common term and define ourselves, risking confusion. Or pick a new term of our own choosing.
16:24:10 <npdoty> "sufficiently deidentified" "permanently deidentified"
16:24:54 <dsinger> “non-tracking data” has the advantage of clearly marking it as out of our scope
16:24:58 <amyc> Justin: something like non-tracking data, data that meets these measures or goes through this process are non-tracking data
16:25:05 <WileyS> "non-tracking" would require an update to the term of "tracking" to add identity w/ across contexts
16:25:07 <moneill2> non-tracking data fine by me
16:25:07 <amyc> fielding: OK with that
16:25:18 <amyc> npdoty: OK with that too
16:25:20 <WileyS> +q
16:25:24 <justin> ack wileys
16:26:13 <fielding> q+
16:26:19 <amyc> wileys: tracking doesn't have strong connection to identification, more about across contexts. Maybe we need to update tracking to include concept of identification
16:26:22 <npdoty> I think this is one way to make data not tracking data; (not that all data that isn't tracking would have this process applied)
16:26:40 <amyc> Justin: non-tracking is not opposite of tracking data
16:26:51 <justin> ack fielding
16:26:53 <npdoty> what was the conflict on "deidentified"? I think this closely matches use of it by FTC, for example
16:27:21 <amyc> fielding: agrees with Shane, all the data about user collected by single site is not tracking data (all identified/personal)
16:27:39 <npdoty> how about adverb to add to deidentified? if there's a conflict
16:27:39 <amyc> ... we should stick with something like anonymous
16:28:46 <amyc> ... deidentified was way of unlinking data from user in a way unknown to outside world. References to data sets that have been scrubbed for publication, rather than preventing controller of data set from re identifiying
16:28:46 <dsinger> OK, either use anonymized, or invent a new term (‘de-associated’?)
16:28:49 <npdoty> q+ to agree on pseudonymous
16:29:09 <dsinger> Does ‘anonymized’ have similar baggage (existing definitions that are not the same)?
16:29:23 <npdoty> dsinger, yes, extremely so.
16:29:25 <amyc> ... the way we use in TPE is that we intend to say that the person holding the data no longer has ability to re identify the data
16:29:54 <justin> ack npd
16:29:54 <Zakim> npdoty, you wanted to agree on pseudonymous
16:30:05 <amyc> Justin: agrees that anonymous has baggage, perhaps not so much for anonymized
16:30:34 <Brooks> just from a language perspective, if the output of "anonymize" isn't "anonymous", you've lost me
16:30:56 <amyc> npdoty: true that some ppl use de id for release, but doesn't think that is FTC usage at all
16:31:23 <amyc> ... anonymous has been used in dramatically different ways
16:31:46 <amyc> justin: aren't we solving for this when we define anonymized?
16:32:14 <amyc> npdoty: true if they read doc, but may be more likely to confuse, Maybe add adverb to term.
16:32:28 <fielding> Maybe we should just replace the use of the term in our specs with an exact statement of what we mean ;-)
16:33:03 <npdoty> fielding, the text gets a little verbose if I have to repeat a few sentences in the place of every use of the word
16:33:07 <dsinger> It’s used 3 times, so we want a single definition
16:33:43 <amyc> fielding: hard to say something is out of scope and deal with that on case by case mention in spec. Challenging from editorial perspective.
16:34:34 <justin> q?
16:34:35 <amyc> justin: when we go to call for objection, we should list pros and cons for terms, but doesn't seem like there are strong feelings on the term. Call for objection should focus on substantive definition.
16:34:57 <npdoty> do dsinger and fielding agree on dsinger's latest text except for the name of the term?
16:35:01 <amyc> ... now have four definitions
16:35:14 <justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Tracking_Third_Party_Compliance
16:35:21 <dsinger> yes, can we check, do we have amical consensus on the definition, modulo the name?
16:36:12 <Zakim> +SusanIsrael
16:36:16 <npdoty> or would vincent or jack be interested, given the iterations on this definition?
16:36:18 <susanisrael> susanisrael has joined #dnt
16:36:34 <amyc> Justin: if roy wants to merge definition with dsinger. VIncent and Jack want their own definitions considered.
16:36:49 <vincent> I think this defintion could work for me actually woudl depend of the final version
16:37:12 <npdoty> Jack also refers to "irrevocably deidentified" in his text; although I think that's describing a different status
16:37:12 <dsinger> I inserted my latest text on de-id into the Wiki
16:37:59 <amyc> Justin:turns to tracking, dsinger suggested permitted use for first parties and that looks like proposal B
16:38:08 <npdoty> zakim, take up agendum 2
16:38:08 <Zakim> agendum 2. "issue-203" taken up [from npdoty]
16:38:15 <amyc> .... so first party data use allowed under this compliance regime.
16:39:24 <justin> q?
16:39:34 <amyc> fielding: all of the changes proposed for what a first party can do, replaced with first party permitted use. First party can, if they choose to, respond to server
16:41:02 <amyc> npdoty: intent of permitted use for first party to address issue that user is knowingly interacting with that party. But doesn't think that form of permitted use makes sense. You are just not tracking if you are interacting with a user as a first party
16:41:48 <amyc> justin: could argue that definition of tracking could encompass first party data collection (referrer headers). But roy's proposal would clarify this is ok.
16:42:14 <WileyS> We're not worried about referral headers.  If you don't want referral headers please change the HTTP spec.
16:42:30 <amyc> npdoty: if you are trying to find out where I was previously, that needs clarification
16:42:35 <WileyS> This is an overstretch - we should stop the referral header discussion.
16:42:47 <amyc> justin: maybe we need first party referral exception
16:43:16 <amyc> ... what does roy's proposal miss? are there problems with it?
16:43:23 <fielding> WileyS, we are trying to explain why referral data is still allowed even though it is tracking, not disallow referral data.
16:43:25 <justin> q?
16:44:38 <amyc> npdoty: concerned about party handing off data to someone else that would track the user. Would need to add this requirement for all cases. Or perhaps we have downstream language
16:45:12 <amyc> Justin: no requirement on first parties to stop embedding third parties, obligations fall on third parties.
16:45:13 <WileyS> Roy, okay - then we're on the same page.
16:45:17 <moneill2> +q
16:45:23 <Zakim> -SusanIsrael
16:45:28 <amyc> npdoty: agree that first parties embedding resources into page qualify as sharing
16:45:50 <justin> q?
16:45:52 <moneill2> zakim, unmute me
16:45:52 <Zakim> moneill2 should no longer be muted
16:45:59 <justin> ack mo
16:46:26 <WileyS> Implied consent
16:46:36 <npdoty> I'm not sure people were perfectly happy with it, but current text is: "A first party to a given user action MUST NOT share data about those network interactions with third parties to that action who are prohibited from collecting data from those network interactions under this recommendation."
16:46:37 <amyc> moneill2: likes permitted use for first parties, because of EU guidance on consent on eprivacy directive.
16:47:01 <amyc> ... then would be possible for someone to come up with EU compliance doc to remove that permitted use
16:47:44 <amyc> npdoty - I have to drop off shortly before 10
16:47:49 <justin> q?
16:47:56 <moneill2> zakim, unmute me
16:47:56 <Zakim> moneill2 was not muted, moneill2
16:48:00 <WileyS> Disagree with a specific 1st party permitted use.  The definition of tracking is focused on cross-context so it by definition is not tracking.  If we feel its absolutely required (I don't) then we can provide normative direction on referrals in the standard.
16:48:15 <moneill2> zakim, mute me
16:48:15 <Zakim> moneill2 should now be muted
16:48:27 <npdoty> q+
16:48:35 <justin> ack npd
16:49:21 <amyc> npdoty: will update text with that permitted use, not sure whether we want separate issue on referrals
16:50:14 <fielding> WileyS, yes, but referral data is obviously cross context when the user came from a different context (i.e., site owned by some other party). We are trying to *allow* a first party to keep that data even though it technically (and clearly from the user's POV) meets the definition of tracking data.
16:50:41 <dsinger> I think there is little doubt that a referer header can cross contexts, so it’s banned by the definition.  if we want to allow it sometimes, I think we’ll need to say so
16:51:14 <amyc> justin: referral is unique issue, agrees that it is raised by defintiion of tracking, would be useful to know that we considered the issue and decided it in the following way
16:51:19 <WileyS> Roy, then why not provide normative text to address referrers in headers?
16:51:40 <npdoty> issue: status of referrals in navigation (is it tracking, is it permitted for DNT:1)
16:51:40 <trackbot> Created ISSUE-265 - Status of referrals in navigation (is it tracking, is it permitted for dnt:1).  Please complete additional details at <http://www.w3.org/2011/tracking-protection/track/issues/265/edit>.
16:51:58 <npdoty> may need to improve on the name, but created the issue so that I wouldn't forget
16:52:05 <npdoty> Zakim, take up agendum 5
16:52:05 <Zakim> agendum 5. "aob" taken up [from npdoty]
16:52:07 <fielding> WIleyS, that's what I did … making it a permitted use works very well.
16:52:14 <WileyS> David, to a 1st party, the referrer comes in the page request and therefore it is "within their context" and not "across contexts" from that perspective.
16:52:23 <amyc> Justin: wants to start bringing group back to TPE, what is timing to go through issues raised
16:52:27 <WileyS> Roy, okay
16:52:52 <amyc> fielding: ready to start on responses now, likely a week
16:53:00 <Zakim> -adrianba
16:53:23 <npdoty> we also have issue numbers, if we're having trouble keeping track
16:54:00 <amyc> ...best way is likely for fielding and dsinger to go through a pass of issues
16:54:24 <jeff> q+
16:54:29 <amyc> dsinger: finding modern javascript expert
16:55:02 <jeff> q-
16:55:25 <amyc> fielding: go through issues one by one, if UGE will defer to David. Will have quick response from editor, Then working group should go through the editorial responses. with prior review by chairs
16:56:29 <amyc> ... then we can discuss on mailing list or calls. Intent is not to state opinion of working group. For each group must be chair decision that working group has considered and here is response. Then someone needs to go through and respond to commenters
16:56:40 <dsinger> to WileyS — if the referer header identifies a context other than yours, and you remember it and associated it with the user, you’ve remembered tracking data in our definition, haven’t you?
16:56:40 <amyc> npdoty can you take over? thanks
16:56:43 <npdoty> I suspect that I'll be doing the responding to each comment step (with links)
16:56:47 <npdoty> scribenick: npdoty
16:56:55 <Zakim> -[Microsoft]
16:57:03 <npdoty> justin: will bring it up if I see anything that concerns me. will need to refresh
16:57:27 <npdoty> fielding: when I respond to a comment, I'll CC the mailing list, the group should feel free to discuss on the mailing list if I disagree
16:57:28 <WileyS> David - I don't believe that's appropriate so am supportive of any instrument to remove this perspective from the standard (such as Roy's choice of a Permitted Use).
16:57:59 <npdoty> ... a lot of the comments were repeats of comments we had before Last Call. WG doesn't need to repeat a discussion if there's no new information.
16:58:11 <npdoty> justin: right, something we've mentioned before
16:58:22 <npdoty> justin: a process that we'll start next week on the call, or the week thereafter
16:58:34 <npdoty> Zakim, take up agendum 3
16:58:34 <Zakim> agendum 3. "personalization" taken up [from npdoty]
16:58:44 <npdoty> justin: an issue we've described before
16:59:01 <npdoty> ... concern over the DNT signal and the possibility of targeting (with data hygiene) when the signal is turned on
16:59:13 <justin> q?
16:59:25 <npdoty> ... an object of dispute in the group, likely need to proceed to CfO on that. positions are well understood
16:59:33 <Zakim> -[FTC]
16:59:35 <Zakim> -justin
16:59:35 <Zakim> -RichardWeaver
16:59:36 <Zakim> -moneill2
16:59:36 <Zakim> - +1.917.934.aabb
16:59:37 <Zakim> -Jack_Hobaugh
16:59:37 <Zakim> - +1.813.366.aacc
16:59:38 <Zakim> -Jeff
16:59:38 <Zakim> -Brooks
16:59:39 <Zakim> -WileyS
16:59:40 <Zakim> -[Apple]
16:59:43 <Zakim> -kulick
16:59:47 <npdoty> talk next week
16:59:48 <kulick> kulick has left #dnt
16:59:49 <Zakim> -eberkower
16:59:50 <npdoty> [adjourned]
16:59:51 <Zakim> -schunter
16:59:55 <Zakim> -npdoty
17:00:35 <Zakim> -Wendy
17:00:42 <Zakim> -Fielding
17:59:14 <schunter> I have to leave now.
17:59:57 <Zakim> -vincent
17:59:58 <Zakim> T&S_Track(dnt)12:00PM has ended
17:59:58 <Zakim> Attendees were eberkower, RichardWeaver, Jack_Hobaugh, [FTC], dsinger, npdoty, schunter, [Microsoft], kulick, Jeff, +1.202.407.aaaa, justin, vincent, +1.917.934.aabb,
17:59:58 <Zakim> ... +1.813.366.aacc, WileyS, Fielding, moneill2, +1.425.707.aadd, adrianba, Wendy, Brooks, SusanIsrael
18:21:03 <npdoty> rrsagent, please draft the minutes
18:21:03 <RRSAgent> I have made the request to generate http://www.w3.org/2014/08/20-dnt-minutes.html npdoty
20:09:57 <npdoty> npdoty has joined #dnt