<walter> grrr, can't get past the bloody password/captcha thing

<walter> damnit, I thought it was tpwg

<wileys> Nick - 408.349.xxxx is WileyS

we don't have the phone number to name mapping on the WebEx interface, I'm afraid

<wileys> Nick - It was tough but I was able to move the conflict to 8am tomorrow :-(

<walter> wileys: Shane, we all know you love being on this WG

<scribe> scribenick: npdoty

Schunter: summary from last call from my interpretation, more interest in pushing forward on more technical spec
... but want to gather more data
... main task from today is how do we get data from browsers and sites on willingness to use or implement specs

jeff: agree with most of summary, but recall wseltzer reminded us that when we originally chartered the group, we wanted to pair the technical and compliance pieces in time, so should be cautious of working only on the technical spec

<Schunter> Ack

<dsinger> I don’t want to ‘walk away’ and leave the job unfinished

<dsinger> I don’t want to subject members to un-needed meetings or have an apparent group with no activity.

<dsinger> I am trying to find a balance.

<dsinger> I think we should indicate we’re looking for implementations and reports thereof (the definition of CR), and somehow be prepared to handle bug reports etc.

<dsinger> The CRs need a place to report bugs and implementation experience, and a place where such reports can be viewed (a link or something in the header).

<dsinger> Chartered group but dormant? Willing to re-charter when needed?

<dsinger> technical questions:

<dsinger> * changing the exceptions API to async.? do we have the energy and editors? maybe a note in the spec.?

dsinger: you mentioned "pushing out", but both specs are at Candidate Rec, which is the stage where it's out in the world and asking people to implement

<wileys> Why can’t push the pause button for 3 months and check back in?

<wileys> Complete the TPE issues and drop TCS as there were no implementations

<vincent> wileys, isn't this what we've already done somehow?

dsinger: not interested in a lot of time, might just include an erratum about API should be asynchronous

<vincent> pushin pause I mean

<wileys> Vincent - agreed - and in that time we’ve only had very few implementations. So let’d fix the few technical issues with the TPE and hit pause again.

<Schunter> Ack

moneill2: I think where we're at is a call for implementations, don't need to distinguish between tcs and tpe. what exactly do we need?

<wileys> As our charter has elapsed I believe we need to re-charter at this point - Wendy spoke to this last week.

<vincent> we won't have more implementations without a final recommendation cause there is no incentive to implement

moneill2: have a server-side implementation from Medium, and browser implementations from IE and a plugin that I've been working on
... what additional is needed to demonstrate two interoperable implementations?
... to dsinger, interested in getting the async working (as a Promise)

<dsinger> yes, I think promises are probably the way to go.

Schunter: wseltzer noted that we needed two implementations of each feature
... should we expect more implementation than 2 in order to make it worthwhile?

<dsinger> doesn’t think that our crystal ball is very good (predicting the future) and therefore we should put it out and wait and see

Schunter: per vincent, implementations might wait on Recommendation being finished
... do we have browser folks on the call?

moneill2: might be a good question to come from the TPWG chair

<wileys> dsinger - I agree -I believe its time to hit the pause button again. If someone wants to implement the TPE is ready to do so. NOTE - none of the browsers have implemented much beyond sending the DNT signal. No handling of responses (relay to user), no handling of status in response, no handling of exceptions, etc.

[discussion of who to contact]

Schunter: assess the level of enthusiasm

<dsinger> wileys - agree, we discussed the chicken-and-egg problem last week. I hope Mike’s work can help reduce that

<walter> Schunter: are the browser makers all that relevant given the ability of extension makers to implement DNT?

dsinger: likely that browser vendors will say, as always, that they prioritize features based on usage from their community and server-side use/interest

jeff: use of getting a collection of people together to establish momentum together (since server and client side both wait for the other)
... business-level discussion between companies

moneill2: browser extensions relevant as well. what's the position of those vs. browser implementations?

aleecia: EFF's DNT policy being used in some form by several browser extensions (Privacy Badger, Disconnect, Ad Block), where ads are not blocked if DNT indicated as supported
... beginning of an ad server to honor DNT for that reason
... not sure what counts as "big", or what the threshold should be

<wileys> Disconnect is not honoring sites that send back DNT headers - they are “prepared” to do so but it is not technically implemented at this time. Note they do NOT support the W3C TCS, only the EFF Policy at this time.

<wileys> Setting something and suggesting that reflects a user’s “hopes” is a bit of a stretch

<Schunter> Ack

<Schunter> ack

<Zakim> dsinger, you wanted to ask about test suites

dsinger: most specs have a test suite, not sure exactly what that would look like

<Zakim> jeff, you wanted to continue Aleecia's discussion about thresholds

<wileys> Please ask Disconnect to provide their details directly. I’ve been on one call with them but don’t have those details in writting (received them verbally)

jeff: if we as a group determine what we think is a good threshold in terms of implementation, that might be worthwhile, for me to reach out to site owners
... if several browser vendors, several large sites and several governments would be the necessary threshold, I could call those people to ask

moneill2: q about Medium
... a caching problem with consent response header, Tk: C

<dsinger> I’m hearing (a) get clear on our CR-exit criteria. (b) decide what to do about async. (c) Solicit feedback and link to feedback received, in the CRs. Perhaps the async problem could simply be in the ‘list of feedback/bugs received’?

https://github.com/EFForg/dnt-policy/issues/25

https://github.com/EFForg/dnt-policy/issues/26

npdoty: hoping to get written implementation reports from companies
... and opened issues as promised, regarding whether EFF's compliance could still take advantage of the TPE system for communicating compliance

Schunter: value in encouraging more implementations and using that to continue the specs on the Rec track, but would require recharter
... but if only a few implementations, less likely to cover every feature

<walter> Sort of a plugfest?

moneill2: what about an event for working on implementations?

<walter> Yes, that sounds like a plugfest

aleecia: like a hackathon? sounds like a great idea

<walter> npdoty: it was a thing in Europe before hackathon became the hip term

<walter> and hackathon is a bit of a tired overabused label

<wileys> Still a tremendous lack of activity

jeff: team didn't propose rechartering last spring primarily because of lack of activity

<walter> wileys: the uptake of Disconnect and Privacy Badger is not exactly a 'lack'

jeff: if there were energy, and some way of measuring that, that would provide encouragement for rechartering

<wileys> If 20 people show up to a “Plugfest” does that mean there is now “tramendous activity”?

<walter> wileys: depending what those people represent

<wileys> We’ll see…

<walter> wileys: if it involves mainstream webserver and UA communities, yes, it would

<walter> and the privacy extensions can be considered mainstream by now

dsinger: don't see a problem in just linking in an issue with a proposed design

<wileys> “mainstream” - top 100 website? “UA communities” - top 3 web browser vendor?

dsinger: being clear about CR exit criteria; provide links to provide feedback; recharter when we gather a certain amount of feedback

<walter> wileys: let me put it this way: the people who made Disconnect have more users in the EU than Yahoo! has

<jeff> [In terms of "tremendous activity" - I doubt that we will see much activity without some bootstrapping. Bootstrapping includes plugfests, workshops, companies having business discussions.]

dsinger: +1 on a plugfest

<dsinger> I wonder what’s wrong with (a) asking for implementations (b) inviting a plugfest (c) documenting the issues and providing links to submit them (d) going on ‘pause’ and promising to re-charter when needed (e) being clear about what the CR-exit criteria are for the two specs.?

<wileys> Compared to other W3C standards these feels like the lowest amount of interest I’ve seen at this stage - especially on the implementation side

Schunter: could meet formal exit criteria but also not get enough adoption to be useful

<jeff> [Shane, that is why we did not recharter.]

<walter> wileys: then it might not be worth your time

<wileys> Jeff - agreed

<wileys> walter - it’s worth my time to stay abreast of the continued lack of activity

moneill2: GDPR, EDPS and Art29 specific mentions all might be compelling

<wileys> “might"

<wileys> Still unclear what legal certainty is gained in the context of GDPR by supporting DNT

<walter> wileys: Art 21(4) GDPR offers a clear reference to technical specs and was put in there with W3C DNT primarily in mind

Schunter: if we find support in ecosystem because of GDPR or related

<walter> wileys: doesn't it warm your heart that our work has inspired European legislators?

<wileys> walter - agreed - a mention - but still doesn’t provided ocntext for what specific burden is relaxed or removed through support

Schunter: distribute some actions and then close the call

[who is calling whom]

<walter> wileys: GDPR compliance would be much easier if you implement DNT in a way that uses it to provide or withdraw consent

<wileys> walter - many other ways taht are easier to implement to gain/remove consent

<walter> wileys: and I do appreciate Yahoo!'s lack of interest in the European market since it is a marginal player there, but others may feel different

<wileys> walter - please keep it professional

<walter> wileys: it was a factual observation, trying to empathise with your perspective

[summary of Article 29 and European data regulation practices]

<wileys> walter - you’re stating Yahoo’s position where I have not - please don’t presume you have enough information to do so. Please stop.

<walter> jeff: WP29 opinions are typically taken as fact by judges

<walter> jeff: as in, they typically do not contest WP29's interpretation of the law

jeff: not clear on the meaning of opinions of WP29

<wileys> walter - please state specific court cases where an A29 Opinion has been taken as fact by the court

aleecia: won't typically have regulations that require a specific thing, but regulations that describe a standard, and DNT fits that description, or is explicitly mentioned as an example
... GDPR requirement for consent on secondary use

<walter> wileys: http://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBUTR:2009:BJ1409

<walter> wileys: just a random lower court, first hits of several in just one EU member state

aleecia: timeline: not being enforced for 2 years (6 months in)

<walter> wileys: a member state that publishes only 4% of its case law

aleecia: can we get implementations in place prior to enforcement getting close, which could accelerate adoption

<wileys> walter - reviewing now for A29 opinion references

<walter> wileys: the term you're looking for in Dutch is "artikel 29 werkgroep"

<wileys> walter - turned on translate in Google Chrome

jeff: exciting thing to hear. couldn't we contact large players in Europe in advance who want to be prepared for this?

<walter> wileys: it is a family court case, grandparents that weren't allowed contact with their grandchildren had published photographs and information about their grandchildren online

vincent: in addition to GDPR, review of ePrivacy Directive in Europe, to be updated because of GDPR
... which might include specific reference to DNT

<walter> wileys: and as you can see a WP29 opinion is taken into account by the court and by the looks of it without either of the parties bringing it up

aleecia: could help with organizing hackathon or event in California. +1 to implementation guide, per npdoty, that would be easier to use than a specification

moneill2: I have started a draft

aleecia: also worked on one previously

[slow scheduling things in August]

Schunter: separate EU and US events?

moneill2: importance is getting the number of people

<Zakim> jeff, you wanted to discuss Art29, etc.

jeff: getting large EU firms up to date on upcoming rules and DNT applicability. TPAC is next month in Lisbon

<wileys> walter - found the reference in 5.11. It only points out the comments and doesn’t attempt to relate to them as facts. Basically the judge is saying “the A29WP also brings up this good point…”

<dsinger> supports Jeff, we could do with an informational paper for the membership on teh ‘public state of DNT’, presented to the AC/membership

jeff: it would be useful if we could contact people in advance of meeting

<walter> wileys: yes, so the judge takes the A29WP opinion into account, regarding his assesment of the factual harm of online publication of data about minors

https://www.w3.org/2016/09/TPAC/ 19-23 September

[remote attendance possible]

<walter> jeff_: there'll probably be talks within EU trade groups this fall

<vincent> I'll try to go :)

<Zakim> dsinger, you wanted to ask for Wendy/team action

dsinger: could we ask Wendy and the Team to add links to how to report bugs/current bugs/implementations

<wileys> walter - “taken into account” is far different than “taken as fact” - and he relates to the scenario they’ve outlined - not a specific decision or recommendation the opinion put forth.

npdoty: I do think those links exist, but if they're not apparent, that might be a problem

dsinger: want to specifically collect and see issues reported against CR, as opposed to mailing list

<walter> wileys: ok, next example, Google relying on WP29 recommendations regarding the right to be forgotten and the judge siding with Google http://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBAMS:2015:9515

npdoty: some WGs do this now with EDs

<walter> wileys: also, I respectfully disagree with your assessment of Dutch jurisprudence

dsinger: ask W3C to look into it, because it applies generally

npd: +1

<wileys> waler - fair to disagree - I’m only relaying what I just read from a translated document - something may have been lost in the translation

<wileys> Correct - 31st

<walter> wileys: also, you are armchair lawyering, while I am armchair engineering in this group

next call 31 August, can use mailing list in the meantime

<wileys> walter - not sure that’s of importance in this context. We’ll continue to agree to disagree :-)

[end of call]

<vincent> thanks npdoty for scribing :)

trackbot, end meeting

This is scribe.perl Revision: 1.144  of Date: 2015/11/17 08:39:34  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/that//
Found ScribeNick: npdoty
Inferring Scribes: npdoty

WARNING: No "Topic:" lines found.

Default Present: dsinger, npdoty, moneill2, weiler, schunter, aleecia, walter, jeff, wileys, vincent
Present: dsinger npdoty moneill2 weiler schunter aleecia walter jeff wileys vincent

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 10 Aug 2016
Guessing minutes URL: http://www.w3.org/2016/08/10-dnt-minutes.html
People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report