Tracking Protection Working Group Teleconference

10 Sep 2014

See also: IRC log


Fielding, Jack_Hobaugh, WaltMichel, dsinger, vincent, justin, npdoty, vinay, eberkower, +1.813.907.aaaa, kulick, moneill2, Brooks, rvaneijk, ChrisPedigoOPA, walter, Chapell
cargill, wileys, wseltzer


<trackbot> Date: 10 September 2014


<npdoty> scribenick: vincent

justin: progress on TPE issue last call comments

<sidstamm> hey all, sorry I can't call in today but will be on IRC

justin: issues to be disuccsed at the end of the call
... the first thing on compliance, most issues are already addressed
... not many thing to bring to the group , mostly on security & fraud and discussing fraud prevention but wait for next week

<npdoty> issue-237?

<trackbot> issue-237 -- Revise Financial Logging section -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/237

justin: NAI has put an issue on financial login issue 237

JackHobaugh: that came out from discussion with indistry oin cotober 13 so would like to discuss that with other

justin: I'll send to the list to discuss
... if people notice issue on issue tracker that should be discussed, please send them

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification

justin: now disucssing de-identificaiton

<dsinger> So far, the definition itself seems to be surviving…

<dsinger> Jack H? Is this acceptable?

dsinger, revised the text on the wiki including based on previsous definitions by Roy, vincent, JackHobaugh

scribe: do we have a consensus on this definition

<dsinger> I tried very hard to incorporate what I could from Jack’s text, but it was a bit long as a *definition*

scribe: JackHobaugh,are you ok with the new definition

JackHobaugh: same than with issue 237, would have to go back with other participant so don't have an answer now
... best option would be to leave this option in

<fielding> dsinger, "can and will never" looks weird. either "cannot" or "cannot and will not" would be better

justin: we should go on the call on objection on this issue

<dsinger> to Roy: yes, you are right

<npdoty> dsinger, fielding, can we refer to "a user" or "a user, user agent or device" rather than new human subject terminology?

justin: do we want to modify the definition on the call or on the list

rvaneijk: I think we're very closed, discuss with vincent to see if we can align the definitions in that context

<rvaneijk> http://lists.w3.org/Archives/Public/public-tracking/2014Sep/0017.html

<fielding> npdoty, that is handled by the indirect language

<fielding> yes

rvaneijk: the email sent raises two questions: is the informative text be including in the spec

<fielding> yes (non-normative text intended for spec)

dsinger: yes

rvaneijk: the second thing is the non-binding nature of the informative text, the definition is more binding, the informative text is more a background context but does not describe what is expected

dsinger: if there is a need to make it normative I'm fine

<moneill2> im fine with normative also

dsinger: I can use information infromative or normative interchangeably

<npdoty> we use "informative" the same as "non-normative"

fielding: the reason I don't want more normative text, is becaase it is very strict

<ChrisPedigoOPA> can someone post a link to this issue again?

<npdoty> ChrisPedigoOPA, https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification#A_short_definition_followed_by_an_advisory_section

rvaneijk: the first thing is about the state of the de-identified data and we thing that calling for a requirement on transparency is not weakiening the definition

<justin> issue-188

<trackbot> issue-188 -- Definition of de-identified (or previously, unlinkable) data -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/188

<justin> there you go, chrispedigoOPA

<moneill2> +q

justin: does any want to explain why transparency was an issue

npdoty: on the transparency suggestion, we got to the point that you can have this defintion and have the transparency requirement in a seperate section

<dsinger> it is already a separate section

<npdoty> separate orthogonal requirement would look like this: https://www.w3.org/wiki/index.php?title=Privacy/TPWG/Change_Proposal_Deidentification&oldid=76100#Additional_.28orthogonal.29_transparency_requirement

moneill2: we should have something about transparency somewhere, in the definition as it is the issue the might be about the "high level of confidence"

<walter> +1

dsinger: the question of how confident you are to have de-identified the data is up to you, we require to be fully confident

<npdoty> dsinger, I thought your current text does use "a high level of confidence"

dsinger: how do we measure the confidence of people who make the de-identificaiton?

<rvaneijk> ok, fine with me!

<npdoty> it seems like Rob/Vincent's #3 is already covered by existing informative text in the proposal

dsinger: the second point on transprency, fine with moving it to the definition

<dsinger> confidence is a poor requirement. it cannot be measured, and it weakens the definition

<walter> disclosure doesn't mean putting it in a privacy policy

<walter> and if you have that many processes it may be time to standardise them

fielding: I would not know how to put all the different anonymzation process in the policy, never gonna happen

<dsinger> can we meet on ‘it is a best practice to disclose the means…’ (which is informative)?

fielding: it is impossible to maintain the policy at the same rate than the anonymization process

justin: I'm find with having that as a separate issue

<npdoty> rvaneijk, vincent -- would you accept Roy's suggestion that this text can't or won't be implemented?

<npdoty> vincent: part of the issue would be ...

<kulick> cant hear

<kulick> better

<kulick> thx

<npdoty> ... transparency requirement is a way to assess the level of confidence

<fielding> legal document

<npdoty> justin: do you have a response to fielding's comment that providing real-time, public-facing details is not scalable?

<npdoty> vincent: could be a separate section of a privacy policy

<npdoty> justin: the argument was that there may be thousands of datasets

<walter> or a separate set of documents altoghether

<walter> eh, altogether

<npdoty> vincent: if we keep it as a "should", isn't that a solution?

<dsinger> a SHOULD would mean that Roy’s organization would state in their policy why it is impractical for them

<rvaneijk> is there no way to generically describe the applied methodologies?

<dsinger> “SHOULD This word, or the adjective "RECOMMENDED", mean that there

<dsinger> may exist valid reasons in particular circumstances to ignore a

<dsinger> particular item, but the full implications must be understood and

<dsinger> carefully weighed before choosing a different course."

<npdoty> fielding: we want 100% permanent deidentification, but effectively impossible in a sufficiently large organization

justin: the two option would be to say that in the policy or describe it generally and then to recommand it instead

<fielding> effectively impossible to describe all of the processes on how it is achieved given that we are talking about many datasets managed by many organizations.

<moneill2> +q

npdoty: it would be great if we can an agreement, if we want to continue the discussion the issue might be the level of detail fo transparency
... if we're gonna continue this way, maybe we should specify the type of garantee we expect

<dsinger> can we ask for a disclosure of either the process, or the ‘quality’ target (e.g. “exceeds the level required in HIPPA”)?

moneill2: 99% of tracking done through cookie UID, they don't have to provide a lot of detail about how they de-identify it, but a general explanation

walter: the defintion is not only about what data is being process but how data is process, anonymization is a type of processing
... I'd say you are required to do so by the durrent european regulation

<fielding> I don't see what this has to do with DNT

<npdoty> I think walter was saying that if you're already required by European law to satisfy certain transparency requirements, maybe it's not impossible

<walter> fielding: anonymisation is a way of processing personal data and under EU DP rules you must disclose your methods for processing personal data upon request of data subjects anyway

dsinger: in the informative text, I attached the text about small about group of users for webstie that do a lot of aggregation

<walter> Ok, Skype was cocking up again here

dsinger: we could say you publish either the method or the quality that you acheived

justin: is that possible in any way?

<walter> My point was that you should provide pointers (points of contact) in your organisation where someone would be able to obtain the current information

fielding: woould have to check with vinay

<justin> 813 area code?

<kulick> +1 to Roy

<eberkower> That MIGHT be Ronan Heffernan

<eberkower> with the 813 area code

<dsinger> (I also fear we are straying outside DNT into general data protection)

<rvaneijk> a permanently identified state is a black-box concept without transparency

fielding: if this would limited to log file data that may work, if a dataset is comming from a company and ask for detail about how data is being processed for a specific user, we could do that, it's expensive

<walter> fielding: that's why I'm in favour of keeping it outside the legal document

<walter> fielding: because this is not easy to do in general

fielding: my issue is that if we do it generally the answer would be wrong most of the time cause policy are not easy to modify

<eberkower> Nick, Ronan (813 area code) does not appear to be on IRC, so you may have to ask on the phone line

vinay: we have many different product and a typicall consumer would not understand the anonymization process or care at that level of detail

<rvaneijk> consumers may not care, but resuarchers would, and advocates and regulators

<npdoty> +1, many people see transparency requirements as useful not all for end users, but for enabling external review (like researchers or regulators)

<moneill2> +q

justin: privacy policy are more for regulators anyway

<dsinger> (I support Justin’s idea that we make this a separate issue, and take the de-id sections otherwise forward.)

<fielding> walter, it is considerably easier to deal with a specific question from a specific user than to attempt to generalize across all data sets and publish a single set of processes that we expect to be 100% accurate across all of the data sets.

<justin> disinger, if we can't resolve this, then we are definitely doing that!

moneill2: we're jsut talking about tracking here, if you are collecting a unique piece of data about someone of vesiting your website, so it should focus on explaining why keeping persistent unique ID is not tracking

justin: the question is what level of detail a company can offer about that

rvaneijk: I'm just discussing about the process of "permanently de-identifying" the data, not focusing on persistent cookie which a pseudonymous

<npdoty> +1 to dsinger, justin on a separate issue for the orthogonal text. we could iterate on that text offline

justin: does the context of anonymization require transparency?

rvaneijk: no it does not, you should explain why this data is being de-identified

<dsinger> I made the editorial/textual change Roy put in IRC. Are there any other changes to this definition and accompanying section?

justin: we're going to go for a call from objection and try to see if we can result the issue on the list, if there is a middle ground on transparency

<walter> vincent: Rob said that you have to be able to explain why you think the data is no longer personal data

<npdoty> dsinger, I was hoping for "a user" rather than new "human subject"

dsinger: are there any other change that I should make to the text?

<walter> I actually disagree with rvaneijk's reading of the transparency obligation, his is narrower than the grammatical text in the Directive

thx walter

<npdoty> +1, I think the 3rd is already covered

<dsinger> to Roy on that; I wrote “user, user-agent, or device"...

<npdoty> that's why I suggested "a user" rather than "the user"

I did not catch that

justin: why user, user-agent or device does not accomplish the same thing

<walter> vincent: don't worry, scribing is bloody hard

<npdoty> fielding: don't want it to be about any human subject, including humans that aren't the particular user (like my friend's email address)

<walter> fielding: I understood that bit and I would be in favour of a transparency obligation that takes that route instead of forcing Adobe to publish everything in a privacy policy

<npdoty> we haven't interpreted "user agent" before as "a version number of a browser software"

fielding: if I want data about a specific version of user-agent, it is not about a human, it is about a user-agent

<dsinger> sounds like we should insert something in the accompanying section.

justin: we do define user-agent already and it's not a browser version

<walter> fielding: what may have been to mutilated by Skype when I said it, but I wouldn't want something that burdensome to anyone.

justin: it could be misinterpratated in both ways

<npdoty> maybe fielding is suggesting "indirectly, for example via user agent or device"

dsinger: we could improve the text on the informative section to address the confusion

<fielding> parenthetical would be better

<fielding> indirectly (e.g., via association with an identifier, user agent, or device),

npdoty: roy's text on IRC is good

fielding: I'd keep human subject and add the parenthesis

<walter> consistency is a good thing

npdoty: if we go through the document it is confusing to have the word "human subject" in several places

<dsinger> I inserted the parenthesis https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification#New_Text

<npdoty> I believe so, yes

dsinger: is the new text correct

<npdoty> thanks, dsinger

<fielding> looks good

justin: everyone seems on bord with that

<JackHobaugh> Correct

<npdoty> yes, I'll do that

justin: we're going to go on a call for objection about personalization and audience measurement

<JackHobaugh> My “Correct” was to Justin’s statement regarding personalization.

<Zakim> npdoty, you wanted to comment on personalization

missed that

<npdoty> npdoty: to confirm, question is whether to remove the No Personalization section or to leave current text

thx npdoty

<npdoty> ... and separate to the Call for Objections, there's an editorial task about making sure we edit about the personalization or not

justin: the last issue left is how to incoprate the defintion of tracking

<npdoty> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Tracking_Third_Party_Compliance

fielding: offered two options

<fielding> http://lists.w3.org/Archives/Public/public-tracking/2014Sep/0016.html

npdoty: the wiki is now updated to reflect the options

justin: next week we are going to discuss this issue

<walter> fielding: feel free to get in touch on the transparency issue if you need clarification

justin: anyone on irc is ok with discussing issue next week?

TPE Last Call issues

justin: now moving to the TPE issue

<fielding> issue-261?

<trackbot> issue-261 -- requirement on UAs for user-granted exceptions -- closed

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/261

fielding: issue 261 is a comment wg members, it's an issue similar to issue 151 that has been closed

<fielding> issue-263?

<trackbot> issue-263 -- restriction on use of data by user agents -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/263

fielding: issue 161, but an issue can not be re-open after last call, that's why it's closed
... issue 263, is the restrictued use of data by user agent
... the comments is specifically about how a user would be able to configure it's user agent but it 's independant of the protocol so marked as "won't fix"

<npdoty> "MUST NOT rent, sell or share personal and behavioral data with any Third-party."

justin: what are they requiring from the UA
... might be similar to the issue chappel raised at some point

<walter> no, it would not

<walter> this has been discussed extensively

<walter> http://www.w3.org/2011/tracking-protection/track/issues/263

<dsinger> This is the Amazon browser conversation?

fielding: I think it's more about the fact that if the UA has access to user credentials, they should not use it for commercial use, but is not the scope of DNT

<JackHobaugh> I think 263 needs further discussion on the List Serve.

npdoty: there is some confusion about what the user agent should do, so when the browser is speaking to the vendor then the vendor is just a site and receive the signal

<fielding> JackHobaugh, you are welcome to do so -- my messages are sent to the list to be sure that the WG can comment (agree or disagree)

dsinger: the question remain about what DNT has to do with amazon browser, but this is not a dynamic choice that is sent to different website, the user made a choice when starting to use the browser
... so agree with fielding

<fielding> definitely, all sorts of privacy issues with browsers

<dsinger> There ARE privacy issues, for sure. They are not the scope of DNT, I think.

<walter> there are, but I'm with Roy Fielding when he says that it is outside the remit of this group

<npdoty> I think there could be interesting discussions about what browser privacy expectations should be, but I don't think DNT is the way to talk to your browser.

justin: there are privacy issues but it might be out-of scope

<fielding> issue-264?

<trackbot> issue-264 -- requirement on UAs for setting cookies -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/264

fielding: issue 264, also has nothing to do with DNT

justin: no objection

<npdoty> I think the latest on the cookie is this, fyi: http://tools.ietf.org/html/rfc6265

justin: thank you editors for all the work

<walter> dsinger: let's hope you're not holding your breath as part of that hope

<fielding> http://www.w3.org/2011/tracking-protection/track/products/6

dsinger: have you progressed on the JS issue?

<dsinger> notes that we are making progress on the JS issues (but Adrian is out for a few days). Hope for something for the list soon

<dsinger> notes that Roy and I have to make sure we have complete coverage between us

justin: fielding any update on other issues?

fielding: working on 254 and 257, could be discussed next week

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2014-09-10 17:06:15 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/extect/expect/
Succeeded: s/1561/151/
Found ScribeNick: vincent
Inferring Scribes: vincent
Default Present: Fielding, Jack_Hobaugh, WaltMichel, dsinger, vincent, justin, npdoty, vinay, eberkower, +1.813.907.aaaa, kulick, moneill2, Brooks, rvaneijk, ChrisPedigoOPA, walter, Chapell
Present: Fielding Jack_Hobaugh WaltMichel dsinger vincent justin npdoty vinay eberkower +1.813.907.aaaa kulick moneill2 Brooks rvaneijk ChrisPedigoOPA walter Chapell
Regrets: cargill wileys wseltzer

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 10 Sep 2014
Guessing minutes URL: http://www.w3.org/2014/09/10-dnt-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]