17:13:29 RRSAgent has joined #dnt 17:13:29 logging to http://www.w3.org/2016/11/30-dnt-irc 17:13:34 schunter: two main items, Frank wanted to update us on the progress plans 17:13:38 CRAIG has joined #dnt 17:13:56 present+ wseltzer, mikeoneill, schunter, wileys, npdoty 17:14:00 zakim, who is here? 17:14:01 Present: wseltzer, mikeoneill, schunter, wileys, npdoty 17:14:02 On IRC I see CRAIG, RRSAgent, Zakim, fwagner_, vincent3, dsinger, fwagner, npdoty, wileys, schunter, mikeoneill, walter, mkwst, adrianba, hadleybeeman, wseltzer, trackbot 17:14:07 present+ dsinger 17:14:30 schunter: charter is now available for voting, so if you want to support this group, contact your AC rep to vote 17:14:38 wseltzer: each member has one vote, exercised through their AC rep 17:14:49 ... if you want to continue, please ask your AC rep to vote there 17:15:06 ... note from the chairs to the AC with the message discussed on the list 17:15:12 ... thanks dsinger 17:15:41 Anyone can send an email to the email list but ACs may not be reading those 17:16:00 fwagner has left #dnt 17:17:39 Topic: update from Frank 17:17:42 present+ frank 17:18:24 can someone who can hear take notes? 17:18:50 frank: Conversation with Marit Hansen, Schleswig-Holstein 17:18:59 ... they will support a test 17:19:11 ... meeting with Mike O'Neill last week 17:19:19 q+ 17:19:33 ... during December, we will write a short proposal about the evaluation 17:19:54 ... share with Nielsen, Reuters, to ask how they could support the evaluation process 17:20:19 ... Also, I have been invited to speak to the European Academy of Free Information and Privacy in Berlin 17:20:24 ... founded by Berlin DPA 17:21:30 present+ fielding 17:21:37 present+ Roy 17:22:08 s/test/evaluation/ 17:22:33 ... Marit is aware our interest in using DNT to create opt-in mechanism for GDPR 17:22:56 ... she/her staff will support our efforts to build evaluation 17:23:07 ... good to have involvement from a DPA who's technical 17:23:57 ... good to see how an opt-in enforced by GDPR could work in real-life 17:25:04 ... European Academy, people highly interested to realize that DNT is not a blocking mechanism but one that can handle user consent 17:25:15 ... countered the perception that DNT is dead 17:25:30 ... showed option to use DNT to get consent from customers 17:25:42 Vincent: I second that 17:26:28 schunter: So our plan woudl be that labs and Mike work on a prototype, evaluate with Marit for compliance mechanism 17:26:40 frank: I don't expect DPA "endorsement" of a solution 17:26:52 ... but that mechanism is sufficient to comply with GDPR requirements 17:26:52 what kind of party is this an evaluation for? like a publisher showing that they have consent from their users? or a third-party embedded item? 17:27:02 schunter: and we might get feedback that more is needed 17:27:05 ... what's the timeframe? 17:27:14 frank: it would be good to finish by summer 17:28:05 Would likely be more accessible for a Publisher to setup their own OOB opt-in control versus supporting DNT as they’d have more control and wouldn’t be giving away messaging and controls to a web browser. 17:28:08 ... we also need to work on UI 17:28:22 ... some remarks to help the user understand, make sure it's a real consent 17:28:49 mikeoneill: most of the UI will ultimately go on the website 17:28:57 So while I see EU regulators stating DNT is “an option for opt-in consent” the likely outcome is that publishers will build their own experience so they can own messaging and controls from that point forward. 17:29:05 ChrisPedigoDCN has joined #dnt 17:29:22 schunter: sounds like good progress, we'll look forward to updates 17:30:22 frank: Nielsen and Thomson Reuters mentioned in Lisbon interst in pursuing evaluation 17:30:33 yeah, I'd like to read more about the details of the potential evaluation -- is this for publishers or third-parties? are they using DNT headers and browser controls, or storing consent with cookies? 17:30:35 Vincent: feedback from Peter Schaar was also useful 17:30:52 ... sharing info on DNT 17:31:03 schunter: Call 2 weeks ago didn't happen 17:31:15 ... or happened without chair 17:31:21 ... [or minutes] 17:31:34 wileys: peter walked us through EFF's position and thinking 17:31:44 ... fielding questions from WG on particular elements 17:32:04 mikeoneill: I talked with Alan Toner after meeting in Berlin, supporting TPE work 17:32:16 ... let's get away from 2 DNTs, collaborate 17:32:22 +1 on getting away from idea of multiple DNT's 17:32:34 schunter: what was the opinion on the call? 17:32:43 wileys: Peter saw value, wanted to spend more time looking at it 17:33:07 ... he could see value in single tech standard, allowing for differentiation on policy side 17:33:28 schunter: I'd like to get someone from EFF back into the call regularly 17:34:04 ... work through issues on TPE 17:34:21 ... I think it's good to get more implementations 17:34:29 npdoty: we opened some issues on EFF's implementation 17:34:33 ... to note the gaps 17:34:40 ... did that capture everything? 17:35:30 mikeoneill: consent isn't emphasized in theirs 17:36:10 npdoty: issues captured in EFF's repo 17:36:30 Topic: Issues 17:36:44 schunter: Issue 5 17:36:49 https://github.com/w3c/dnt/issues 17:37:21 https://github.com/w3c/dnt/issues/5 17:37:28 Delivering Tk response via meta tag, and extending it to contain a reference to the TSR #5 17:37:38 ChrisPedigoDCN has joined #dnt 17:37:57 mikeoneill: basic problem: it's hard for sites to have control over response headers and access to .well-known location 17:38:56 do we need to define http-equiv meta tags? or is it already understood that browsers will interpret http-equiv as the corresponding response headers? 17:39:10 mikeoneill: so I suggested using META element 17:39:29 ... similar to CSP 17:40:19 ... Second, site with thousands of websites 17:40:26 ... how do they communicate control 17:40:56 schunter: start with first one, meta element 17:42:10 dsinger: 2 issues 17:42:19 ... should we put URL in TK header 17:42:29 ... should we allow http-equiv 17:42:41 s/allow/document/ 17:42:49 s/URL/TSR URL/ 17:42:53 I’d like to see this split into (at least) two issues: (a) mention the use of http-equiv as permitted; (b) allow the TSR URL to be in the response header 17:43:04 mikeoneill: origin policy manifest 17:43:36 ... you don't want to deliver on every webpage 17:44:05 ... why do they also need a TSR 17:45:10 can we postpone the possible later combination with other origin policy or other manifests? 17:45:26 schunter: I don't see a downside to saying we can also deliver http-equiv 17:45:43 ... unless someone here objects, propose a resolution and send to the list 17:45:55 I don’t see a problem with a “Note: the Tk header can also delivered using http-equiv (and give a reference)” 17:46:10 (presuming it’s true. Roy knows better than me) 17:46:46 schunter: Issue 6, JS API, homework to split into multiple issues 17:47:02 ... 7 17:47:27 mikeoneill: talking to Medium, issue came up how do you know whether browser supports DNT API 17:47:54 ... you used to be able to @@ 17:48:01 ... but Edge changed the function 17:48:12 q+ 17:48:17 q- 17:48:30 ... I sent a bug report to Edge 17:48:37 ... they responded, saying implementing API 17:48:44 ... it would be good to get feedback 17:49:17 schunter: since Edge implemnets API incorrectly, they always report false 17:49:27 npdoty: sounds like an implementation bug 17:49:39 ... impls need to make sure fn exists if implmented 17:49:46 ... I'd oppose adding to UA string 17:49:52 mikeoneill: timing problem 17:50:42 so can we open a bug on Edge and close this spec issue? 17:50:48 schunter: don't include functions in standard to work around buggy implementation 17:51:00 ... not an issue we should address in standard 17:52:27 mikeoneill: I'll close the issue 17:53:40 mikeoneill: @@ revoke consent 17:54:28 8? 17:55:06 https://github.com/w3c/dnt/issues/8 17:55:08 mikeoneill: you'd like to be able to say you've made a decision, revoked consent 17:55:15 ... so you don't get asked again 17:55:33 q+ sites can remember previous requests using cookies if they like 17:56:05 dsinger: this is off in the weeds 17:56:10 +1 to dsinger, don't need to add more to DNT: 1 here 17:56:18 ... don't think it helps, e.g. how far back do you remember 17:56:21 sites can remember whether they previously asked users things using cookies, if they like 17:57:24 npdoty: you can use a cookie. DNT-cookieflow=1 17:57:36 mikeoneill: you could have a low entropy cookie, consent-revoked 17:58:02 mikeoneill: I'll think about that and get back to the list 17:58:13 q+ 17:58:15 q- 17:58:21 sorry, I have to drop off now. 17:58:29 fwagner_ has left #dnt 17:58:31 q- 17:58:49 [discussion of charter status: we're currently in a short-term extension] 17:59:08 When is our next meeting? 17:59:36 12/14 is the next call? 17:59:51 I may need to join late for December 14th call 17:59:55 regrets for the 14th Dec, sorry (AB meeting) 18:00:02 schunter: next call Dec 14, technical issues 18:00:02 This will likely be the last one for this year due to holidays - agreed? 18:00:17 LOL 18:01:26 https://github.com/w3c/dnt/issues 18:02:07 [adjourned] 18:02:08 wileys has left #dnt 18:02:10 rrsagent, make minutes 18:02:10 I have made the request to generate http://www.w3.org/2016/11/30-dnt-minutes.html wseltzer 18:02:25 rrsagent, make logs public 18:02:26 rrsagent, make minutes 18:02:26 I have made the request to generate http://www.w3.org/2016/11/30-dnt-minutes.html wseltzer 19:03:23 dsinger has joined #dnt 19:30:05 WalterTamboer has joined #dnt 20:21:52 Zakim has left #dnt