16:00:06 RRSAgent has joined #dnt 16:00:06 logging to http://www.w3.org/2016/08/10-dnt-irc 16:00:08 RRSAgent, make logs world 16:00:09 present+ dsinger 16:00:10 Zakim, this will be TRACK 16:00:10 ok, trackbot 16:00:11 Meeting: Tracking Protection Working Group Teleconference 16:00:11 Date: 10 August 2016 16:00:26 grrr, can't get past the bloody password/captcha thing 16:00:33 present+ npdoty 16:00:36 vincent has joined #dnt 16:00:48 present+ moneill2 16:00:53 present+ weiler 16:00:57 damnit, I thought it was tpwg 16:01:39 present+ schunter 16:01:49 jeff has joined #dnt 16:02:06 present+ aleecia 16:02:22 present+ walter 16:02:25 present+ jeff 16:02:48 npdoty has changed the topic to: TPWG calls: 10 August, 31 August 16:03:07 Nick - 408.349.xxxx is WileyS 16:03:27 present+ wileys 16:04:01 we don't have the phone number to name mapping on the WebEx interface, I'm afraid 16:05:01 Schunter has joined #dnt 16:05:20 Nick - It was tough but I was able to move the conflict to 8am tomorrow :-( 16:05:43 wileys: Shane, we all know you love being on this WG 16:05:44 present+ vincent 16:06:34 scribenick: npdoty 16:07:21 Schunter: summary from last call from my interpretation, more interest in pushing forward on more technical spec 16:07:26 ... but want to gather more data 16:07:33 q+ 16:07:36 q+ 16:08:03 ... main task from today is how do we get data from browsers and sites on willingness to use or implement specs 16:08:09 q+ 16:08:29 ack jeff 16:09:18 jeff: agree with most of summary, but recall wseltzer reminded us that when we originally chartered the group, we wanted to pair the technical and compliance pieces in time, so should be cautious of working only on the technical spec 16:09:22 ack dsinger 16:09:26 Ack 16:09:52 I don’t want to ‘walk away’ and leave the job unfinished 16:09:53 I don’t want to subject members to un-needed meetings or have an apparent group with no activity. 16:09:54 I am trying to find a balance. 16:09:56 I think we should indicate we’re looking for implementations and reports thereof (the definition of CR), and somehow be prepared to handle bug reports etc. 16:09:57 The CRs need a place to report bugs and implementation experience, and a place where such reports can be viewed (a link or something in the header). 16:09:59 Chartered group but dormant? Willing to re-charter when needed? 16:10:00 technical questions: 16:10:00 * changing the exceptions API to async.? do we have the energy and editors? maybe a note in the spec.? 16:10:06 dsinger: you mentioned "pushing out", but both specs are at Candidate Rec, which is the stage where it's out in the world and asking people to implement 16:10:36 Why can’t push the pause button for 3 months and check back in? 16:11:37 Complete the TPE issues and drop TCS as there were no implementations 16:11:39 wileys, isn't this what we've already done somehow? 16:11:58 dsinger: not interested in a lot of time, might just include an erratum about API should be asynchronous 16:11:59 pushin pause I mean 16:12:15 q? 16:12:15 Vincent - agreed - and in that time we’ve only had very few implementations. So let’d fix the few technical issues with the TPE and hit pause again. 16:12:23 ack moneill 16:12:23 Ack 16:12:44 moneill2: I think where we're at is a call for implementations, don't need to distinguish between tcs and tpe. what exactly do we need? 16:12:48 As our charter has elapsed I believe we need to re-charter at this point - Wendy spoke to this last week. 16:13:14 we won't have more implementations without a final recommendation cause there is no incentive to implement 16:13:21 ... have a server-side implementation from Medium, and browser implementations from IE and a plugin that I've been working on 16:13:51 ... what additional is needed to demonstrate two interoperable implementations? 16:14:17 ... to dsinger, interested in getting the async working (as a Promise) 16:14:43 yes, I think promises are probably the way to go. 16:14:47 Schunter: wseltzer noted that we needed two implementations of each feature 16:15:25 ... should we expect more implementation than 2 in order to make it worthwhile? 16:15:55 doesn’t think that our crystal ball is very good (predicting the future) and therefore we should put it out and wait and see 16:16:16 ... per vincent, implementations might wait on Recommendation being finished 16:16:26 schunter: do we have browser folks on the call? 16:17:03 q+ to ask about test suites 16:17:08 moneill2: might be a good question to come from the TPWG chair 16:17:38 dsinger - I agree -I believe its time to hit the pause button again. If someone wants to implement the TPE is ready to do so. NOTE - none of the browsers have implemented much beyond sending the DNT signal. No handling of responses (relay to user), no handling of status in response, no handling of exceptions, etc. 16:17:52 [discussion of who to contact] 16:18:45 Schunter: assess the level of enthusiasm 16:18:47 wileys - agree, we discussed the chicken-and-egg problem last week. I hope Mike’s work can help reduce that 16:19:57 Schunter: are the browser makers all that relevant given the ability of extension makers to implement DNT? 16:20:01 dsinger: likely that browser vendors will say, as always, that they prioritize features based on usage from their community and server-side use/interest 16:20:41 jeff: use of getting a collection of people together to establish momentum together (since server and client side both wait for the other) 16:21:18 ... business-level discussion between companies 16:22:06 moneill2: browser extensions relevant as well. what's the position of those vs. browser implementations? 16:23:14 aleecia: EFF's DNT policy being used in some form by several browser extensions (Privacy Badger, Disconnect, Ad Block), where ads are not blocked if DNT indicated as supported 16:23:43 ... beginning of an ad server to honor DNT for that reason 16:23:52 q+ 16:24:02 ... not sure what counts as "big", or what the threshold should be 16:24:10 Disconnect is not honoring sites that send back DNT headers - they are “prepared” to do so but it is not technically implemented at this time. Note they do NOT support the W3C TCS, only the EFF Policy at this time. 16:24:11 q+ to continue Aleecia's discussion about thresholds 16:25:02 Setting something and suggesting that reflects a user’s “hopes” is a bit of a stretch 16:25:07 Ack 16:25:14 ack 16:25:16 ack ds 16:25:16 dsinger, you wanted to ask about test suites 16:25:24 dsinger: most specs have a test suite, not sure exactly what that would look like 16:25:36 q- mon 16:25:38 ack jeff 16:25:38 jeff, you wanted to continue Aleecia's discussion about thresholds 16:25:46 Please ask Disconnect to provide their details directly. I’ve been on one call with them but don’t have those details in writting (received them verbally) 16:26:21 q+ 16:26:37 jeff: if we as a group determine what we think is a good threshold in terms of implementation, that might be worthwhile, for me to reach out to site owners 16:27:33 ... if several browser vendors, several large sites and several governments would be the necessary threshold, I could call those people to ask 16:28:18 q+ 16:28:23 ack mon 16:28:36 moneill2: q about Medium 16:29:05 ... a caching problem with consent response header, Tk: C 16:30:04 I’m hearing (a) get clear on our CR-exit criteria. (b) decide what to do about async. (c) Solicit feedback and link to feedback received, in the CRs. Perhaps the async problem could simply be in the ‘list of feedback/bugs received’? 16:30:28 ack np 16:31:30 https://github.com/EFForg/dnt-policy/issues/25 16:31:38 https://github.com/EFForg/dnt-policy/issues/26 16:32:47 npdoty: hoping to get written implementation reports from companies 16:33:06 ... and opened issues as promised, regarding whether EFF's compliance could still take advantage of the TPE system for communicating compliance 16:34:03 Schunter: value in encouraging more implementations and using that to continue the specs on the Rec track, but would require recharter 16:34:24 ... but if only a few implementations, less likely to cover every feature 16:34:28 q+ to discuss hackathons 16:34:30 Sort of a plugfest? 16:34:39 moneill2: what about an event for working on implementations? 16:34:45 Yes, that sounds like a plugfest 16:34:48 aleecia: like a hackathon? sounds like a great idea 16:34:49 q- 16:35:19 npdoty: it was a thing in Europe before hackathon became the hip term 16:35:33 and hackathon is a bit of a tired overabused label 16:35:44 Still a tremendous lack of activity 16:35:49 jeff: team didn't propose rechartering last spring primarily because of lack of activity 16:36:07 wileys: the uptake of Disconnect and Privacy Badger is not exactly a 'lack' 16:36:23 ... if there were energy, and some way of measuring that, that would provide encouragement for rechartering 16:36:23 If 20 people show up to a “Plugfest” does that mean there is now “tramendous activity”? 16:36:37 wileys: depending what those people represent 16:36:56 We’ll see… 16:37:06 wileys: if it involves mainstream webserver and UA communities, yes, it would 16:37:36 and the privacy extensions can be considered mainstream by now 16:37:40 dsinger: don't see a problem in just linking in an issue with a proposed design 16:37:42 “mainstream” - top 100 website? “UA communities” - top 3 web browser vendor? 16:38:17 dsinger: being clear about CR exit criteria; provide links to provide feedback; recharter when we gather a certain amount of feedback 16:38:20 wileys: let me put it this way: the people who made Disconnect have more users in the EU than Yahoo! has 16:38:27 [In terms of "tremendous activity" - I doubt that we will see much activity without some bootstrapping. Bootstrapping includes plugfests, workshops, companies having business discussions.] 16:38:28 ... +1 on a plugfest 16:38:33 I wonder what’s wrong with (a) asking for implementations (b) inviting a plugfest (c) documenting the issues and providing links to submit them (d) going on ‘pause’ and promising to re-charter when needed (e) being clear about what the CR-exit criteria are for the two specs.? 16:38:53 Compared to other W3C standards these feels like the lowest amount of interest I’ve seen at this stage - especially on the implementation side 16:39:13 Schunter: could meet formal exit criteria but also not get enough adoption to be useful 16:39:24 [Shane, that is why we did not recharter.] 16:39:28 wileys: then it might not be worth your time 16:39:36 Jeff - agreed 16:40:00 walter - it’s worth my time to stay abreast of the continued lack of activity 16:40:13 moneill2: GDPR, EDPS and Art29 specific mentions all might be compelling 16:40:25 “might" 16:40:30 q+ to discuss Art29, etc. 16:40:43 Still unclear what legal certainty is gained in the context of GDPR by supporting DNT 16:41:13 wileys: Art 21(4) GDPR offers a clear reference to technical specs and was put in there with W3C DNT primarily in mind 16:41:29 Schunter: if we find support in ecosystem because of GDPR or related 16:41:30 wileys: doesn't it warm your heart that our work has inspired European legislators? 16:41:46 walter - agreed - a mention - but still doesn’t provided ocntext for what specific burden is relaxed or removed through support 16:42:14 Schunter: distribute some actions and then close the call 16:42:41 [who is calling whom] 16:42:44 wileys: GDPR compliance would be much easier if you implement DNT in a way that uses it to provide or withdraw consent 16:43:03 walter - many other ways taht are easier to implement to gain/remove consent 16:43:23 wileys: and I do appreciate Yahoo!'s lack of interest in the European market since it is a marginal player there, but others may feel different 16:43:43 walter - please keep it professional 16:44:09 wileys: it was a factual observation, trying to empathise with your perspective 16:44:28 [summary of Article 29 and European data regulation practices] 16:44:44 walter - you’re stating Yahoo’s position where I have not - please don’t presume you have enough information to do so. Please stop. 16:44:55 jeff: WP29 opinions are typically taken as fact by judges 16:45:07 jeff: as in, they typically do not contest WP29's interpretation of the law 16:45:11 jeff: not clear on the meaning of opinions of WP29 16:45:17 jeff_ has joined #dnt 16:45:23 walter - please state specific court cases where an A29 Opinion has been taken as fact by the court 16:46:00 aleecia: won't typically have regulations that require a specific thing, but regulations that describe a standard, and DNT fits that description, or is explicitly mentioned as an example 16:46:22 ... GDPR requirement for consent on secondary use 16:46:28 wileys: http://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBUTR:2009:BJ1409 16:46:51 wileys: just a random lower court, first hits of several in just one EU member state 16:46:57 ... timeline: not being enforced for 2 years (6 months in) 16:47:11 wileys: a member state that publishes only 4% of its case law 16:47:41 ... can we get implementations in place prior to enforcement getting close, which could accelerate adoption 16:47:47 walter - reviewing now for A29 opinion references 16:48:03 wileys: the term you're looking for in Dutch is "artikel 29 werkgroep" 16:48:16 walter - turned on translate in Google Chrome 16:48:37 jeff: exciting thing to hear. couldn't we contact large players in Europe in advance who want to be prepared for this? 16:49:18 wileys: it is a family court case, grandparents that weren't allowed contact with their grandchildren had published photographs and information about their grandchildren online 16:49:24 vincent: in addition to GDPR, review of ePrivacy Directive in Europe, to be updated because of GDPR 16:49:39 q+ 16:49:43 q- 16:50:14 ... which might include specific reference to DNT 16:50:42 wileys: and as you can see a WP29 opinion is taken into account by the court and by the looks of it without either of the parties bringing it up 16:50:54 aleecia: could help with organizing hackathon or event in California. +1 to implementation guide, per npdoty, that would be easier to use than a specification 16:51:05 moneill2: I have started a draft 16:51:27 aleecia: also worked on one previously 16:52:11 q+ to ask for Wendy/team action 16:52:13 [slow scheduling things in August] 16:52:38 Schunter: separate EU and US events? 16:53:00 moneill2: importance is getting the number of people 16:53:01 q? 16:53:07 ack jeff 16:53:07 jeff, you wanted to discuss Art29, etc. 16:53:48 jeff: getting large EU firms up to date on upcoming rules and DNT applicability. TPAC is next month in Lisbon 16:53:59 walter - found the reference in 5.11. It only points out the comments and doesn’t attempt to relate to them as facts. Basically the judge is saying “the A29WP also brings up this good point…” 16:54:15 supports Jeff, we could do with an informational paper for the membership on teh ‘public state of DNT’, presented to the AC/membership 16:54:33 ... it would be useful if we could contact people in advance of that meeting 16:55:03 wileys: yes, so the judge takes the A29WP opinion into account, regarding his assesment of the factual harm of online publication of data about minors 16:55:12 https://www.w3.org/2016/09/TPAC/ 19-23 September 16:55:25 q? 16:55:51 [remote attendance possible] 16:55:51 jeff_: there'll probably be talks within EU trade groups this fall 16:55:52 I'll try to go :) 16:55:59 ack dsinger 16:55:59 dsinger, you wanted to ask for Wendy/team action 16:56:23 s/that// 16:56:26 dsinger: could we ask Wendy and the Team to add links to how to report bugs/current bugs/implementations 16:56:41 walter - “taken into account” is far different than “taken as fact” - and he relates to the scenario they’ve outlined - not a specific decision or recommendation the opinion put forth. 16:57:13 npdoty: I do think those links exist, but if they're not apparent, that might be a problem 16:57:50 dsinger: want to specifically collect and see issues reported against CR, as opposed to mailing list 16:58:02 wileys: ok, next example, Google relying on WP29 recommendations regarding the right to be forgotten and the judge siding with Google http://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBAMS:2015:9515 16:58:44 npdoty: some WGs do this now with EDs 16:58:47 wileys: also, I respectfully disagree with your assessment of Dutch jurisprudence 16:58:54 dsinger: ask W3C to look into it, because it applies generally 16:58:58 npd: +1 16:59:18 waler - fair to disagree - I’m only relaying what I just read from a translated document - something may have been lost in the translation 16:59:36 Correct - 31st 16:59:47 wileys: also, you are armchair lawyering, while I am armchair engineering in this group 16:59:56 next call 31 August, can use mailing list in the meantime 17:00:15 walter - not sure that’s of importance in this context. We’ll continue to agree to disagree :-) 17:00:15 [end of call] 17:00:20 thanks npdoty for scribing :) 17:00:20 trackbot, end meeting 17:00:20 Zakim, list attendees 17:00:20 As of this point the attendees have been dsinger, npdoty, moneill2, weiler, schunter, aleecia, walter, jeff, wileys, vincent 17:00:22 wileys has left #dnt 17:00:28 RRSAgent, please draft minutes 17:00:28 I have made the request to generate http://www.w3.org/2016/08/10-dnt-minutes.html trackbot 17:00:29 RRSAgent, bye 17:00:29 I see no action items