First Draft of Customer Experience Digital Data Acquisition published by Customer Experience Digital Data Community Group

On 2013-05-17 the Customer Experience Digital Data Community Group published the first draft of the following specification:

Participants contribute material to this specification under the W3C Community Contributor License Agreement (CLA).

If you have any questions, please contact the group on their public list: public-custexpdata@w3.org. Learn more about the Customer Experience Digital Data Community Group.

7 Responses to First Draft of Customer Experience Digital Data Acquisition published by Customer Experience Digital Data Community Group

  1. Phil Pearce says:

    Hi,

    Firstly this is a very good start in a small space fo time, well done.

    Secondly, here is my feedback…

    I have converted the spec into an HTML file and CheatSheet here:
    https://www.dropbox.com/s/l352srcmz52qx6o/W3C_DataLayer_Examples.html
    https://www.dropbox.com/s/2cxq7tptf4kh9y1/W3C_DataLayer_CheatSheet_v0.5.pdf

    Also I have converted the PDF to MS word and made corrections to the spec here. I have also added some text for the PII section:
    https://www.dropbox.com/s/b23p16ouekizkf7/W3C_DataLayer_CustomerExperienceDigitalDataAcquisition_Draft_v0.5.docx

    —- Naming conventions..
    1. The case of the name values is this CamelCase or camelCase?

    2. There is inconsistency in the spec with regards to the use of character case on related attributes for example, look at xxxMethod and xxxmethod below:
    – cart_shippingmethod
    – cart_items_price_shippingmethod
    and
    – transaction_total_shippingMethod
    – transaction_items_price_shippingMethod
    Note: Infact lowercase might actually be simpler/safer?

    3. Also, is it pageID or pageId?

    4. And is it pageIdentity or pageIDentity?

    —- Syntax
    5. “page[.]attribute” should be “page_attribute” in order to avoid JS error.

    6. Rather than use nested objects, underscores might be simpler e.g. “page_attribute” rather than {“page”:{“attribute”:”value”}}

    7. For numbers is it safer to use “” for null values e.g. “revenue”: “”, rather than “revenue”: ,

    8. Personally, I prefer to declare null JSON values on a page rather than hiding these as the structure becomes the same on all pages.

    9. Inorder to validate to JSON RFC4627 spec and avoid JS errors, I have encapsulated names in double “quotes”.

    Useful links:
    JSON spec summary: http://jsonlint.com/
    JSON RFC4627 spec: http://www.ietf.org/rfc/rfc4627.txt
    JSON validator: http://www.json.org/

    —- PII
    10a. profileID MUST be must be a number NOT a string e.g. “profileID”: 12345

    10b. Use with caution “userName”: “phil.pearce”

    11. Proposed digitalData object for visitor and user:

    digitalData = {
    “visitor”: {
    “preferenceForDNT”: window.navigator.doNotTrack,// 1|0|”not-set”.Defaulted to “not set”
    “anonymizeIp”: false, // hash last 3 characters of IP address in GA. Defaulted to off/false
    “geoplugin_status”: geoplugin_status, // 403 error, 200 is look-up ok
    “geoIPcountryCode”: geoplugin_countryCode, // geo-plugin JS variable
    “geoIPcontinentCode”: geoplugin_continentCode // geo-plugin JS variable
    },{
    “user”: {
    “profile”:{
    “auth_isSignedIn”: true, // set on login or register page
    “auth_userIDtoSessionIDoveride”: false // set on login or register page
    “profileID”: 12345
    }
    }
    }

    12. Also I have some concerns about RECOMMENDING the use of these PII values pairs which can be access by external JS (e.g. online behavioral advertising scripts)

    {“transaction”: {
    “profileIDaddress”: {
    “line1″: “673 Mystreet”,

    “postalCode”: “78610”,

    }
    }
    {“user”: {
    “profile”: {
    “attributes”: {
    “userName”: “joe.bloggs”,
    “email”: “somebody@somesite.com”,

    }
    }
    }
    }

    {“user”: {
    “profile”: {
    “attributes”: {
    “line1″: “673 Mystreet”,

    “postalCode”: “78610”,

    }
    }
    {“user”: {
    “profile”: {
    “social”: {
    “twitter”: “username1234″,

    “facebook”: “username1234″,

    }
    }
    }
    }

    —- Additions
    Also, I would like to see these added to the spec:

    page_httpResponseCode: “”, // e.g 200 or 404 or 500
    settings_ga_forceSSL
    tagTypeBlacklist
    visitXPurpose: preview
    socialAction
    socialpagePath
    socialTarget
    page_forumPosts: 25
    page_lastModified: 20130522
    page_createdDate: 20130502
    settings_ga_id
    settings_ga_id_secondTracker
    setDomainName
    conversion_Type
    page_Grouping[n]

    —- The importance of these two values need to be made clearer in the spec:
    “environment_Identifier”: “dev”, // dev, staging or live
    “page_attributes_SysEnv”: “desktop”, // Responsive CSS = desktop | tablet | mobile.

    Thanks

    Phil.

  2. Phil Pearce says:

    Hi,

    I would like to pose a 3 more question for the group:

    1. For PII values such as emailAddress, userName or zipCode – is there a way (or need) to set these JSON object to be a “local” variables rather than “global” variables?

    Obviously this would need to be done in a way so that the TMS still functions.

    Please also read this related article:
    http://en.wikipedia.org/wiki/JSON#Security_issues

    2. This maybe an edge case example, but… On a large UK dating website which is using iFrames, I noticed that they output a login token a JSON object onto account details page after login. This page also contains 3rd party scripts such as DoubleclickFloodlight, addThis, FBconnect etc.

    Is it technically possible that a 3rd party script could read the login token, which is output via this JSON object and accessible via the DOM?

    3. Should there be something in the spec to either warn about this JSON login tokens, or provide recommendations (e.g login tokens should only be stored in 1st party cookies, not as JSON objects).

    Thanks

    Phil.

  3. Phil Pearce says:

    Hi (me again),

    Here are some more name value pairs to add to the spec…

    // Debug mode – this can be triggered by environment_Identifier=dev but better to add a own variable:
    “settings_ga_isDebugConsoleEnabled”: “true”, // Set document.cookie=”tag_debug=1″ on dev environment

    // Use TMS to load jQuery
    “load_jquery”: “1.10.1”, // Load jQuery version

    // Add local currency variable for sale page, cart page and product pages
    “transaction_currency”: “USD”, // Global currency rollup profile
    “transaction_currency_secondTracker”: “GBP”, // Local currency profile

    // Add more granular value pair settings for large websites:
    “settings_ga_brandName”: “big brand”, // If using multiple brand in rollup use this field
    “settings_ga_country”: “UK”, // Use 2character ISO Country list
    “settings_ga_region”: “London”, // Only needed for large localised websites

    // Add support for default Cross domain tracking settings:
    “settings_ga_setDomainName”: “clientdomain.com”, // INSERT Top-level domain here
    “settings_ga_externalCrossDomainlinksToDecorate”: “otherdomain1.com, mycart.com”,

    // Standardise JS plugin functions names to load:
    “settings_ga_isExternalLinkTrackingEnabled”: “true”, // Exit links to other websites
    “settings_ga_isDownloadLinkTrackingEnabled”: “true”, // PDF tracking
    “settings_ga_isMailtoLinkTrackingEnabled”: “true”, //
    “settings_ga_isHashUrlFragmentsTrackingEnabled”: “false”, // Append location.hash within page_virtual#url
    “settings_ga_isScrollTrackingEnabled”: “false”, // Blog content pages customHTML script
    “settings_ga_isYoutubeTrackingEnabled”: “false”, // Youtube API auto-tracking customHTML script
    “settings_ga_isFacebookAndTwitterButtonTrackingEnabled”: “false”, //Auto-social button tracking

    // enable GApremium specific features e.g. 21-200 customDimension/customMetrics
    “settings_ga_isGApremium”: “true”, // Set document.cookie=”tag_debug=1″ on dev environment

    // Custom Variables with 3digit number for 0-200 customDimension or customMetrics
    “user_cd001_isNewRegistration”: “”, // customDimension001
    “user_cd002_isUserNewCustomer”: “”, // customDimension002
    “user_cd003_isLoggedIn”: “”, // customDimension003
    “user_cd004_class”: “”, // customDimension004
    “user_cd005_ID”: “”, // customDimension005 – aka Universal auth.user.getId
    “user_cm001_visitorLifetimeValue”: “” // EventValue or CustomMetric value

    Thanks!

    Phil.

    P.S. I am hoping that Adwords dynamic re-marketing which uses fix naming conventions will re-map to digitalData equivalents. I can manually map these in GTM, but auto-mapping to digitalData names is preferred.
    “ecomm_pagetype”: “”, // home|searchresults|category|product|basket|purchase|other
    “ecomm_prodid”: “”, // e.g. 123
    “ecomm_totalvalue”: [""], // e.g 100.00 pounds
    “ecomm_pname”: [""], // optional – use arrays for multiple products on same page
    “ecomm_pcat”: [""], // optional – use arrays for multiple products on same page
    “ecomm_rec_prodid”: [""], // related productID e.g. shoe shine

  4. Phil Pearce says:

    Forgot to add this (from the TPE spec)…

    serverSide_httpResponseToDntRequest =
    1. obeyDNT
    2. ignoresDNT
    3. inProgressDNT
    4. notSpecified

    Here is a JSON example.

    Note: I have separated analytics-TRACKING and behavioural-TARGETING as this was missing from the DNT Preference Expression Spec status-representation example:
    http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#status-representation

    {
    “targeting”: “yes”, // IsOnlineBehaviouralTargeting for Publishers OR onsite remarketing for Advertisers enabled?
    “tracking”: “yes”, // Is AudienceMeasurementTracking enabled
    “qualifiers”: “afc”, // external “A”udit + “F”raud prevention + ad-frequency “C”apping
    “controller”: “http://www.yourdomain.com/privacy.html”,
    “same-party”: [{
    "google-analytics.com",
    "stats.g.doubleclick.net",
    "api.youtube.com"
    }],
    “third-party”: [{
    "googleadservices.com"
    "ads.doubleclick.net",
    }],
    “audit”: [{
    "http://policy.cookiereports.com/caf4f823-en-gb.html" // e.g. w3.org/P3P/validator.html
    }],
    “policy”: “/privacy.html#cookies”,
    “edit”: “http://www.yourdomain.com/user-dashboard/edit-your-data”
    }

  5. Mark Prince says:

    Hi Phil,
    I just finished documenting the Privacy and Security objects.

    Any data stored in this data standard is subject to any script the site owner deploys, unless the site owner adds privacy and (optionally) data security metadata to the object, and employ a technology configured prevent any script from accessing the data standard.

    The way to prevent access would be to add the source domain of the script to the “Categories” for the site, and either:
    1) Add a privacy technology to prevent the script from firing.
    2) Add a security technology and configure .Security nodes to prevent script access to any PII-containing JSON within the data standard.

    I think the ways this standard can handle the cases you identified should be clear. If not, please submit more comments, and I will be glad to help.

    Best wishes,
    Mark

  6. Phil Pearce says:

    Hi Mark,

    Thanks for the reply, thats really interesting. Do you have a URL example of security module or security meta?

    Sounds similar to the field type=password which encodes field values when they ate entered in the browser.

    New JSON object request for the spec: JS whitelists:
    https://developers.google.com/tag-manager/devguide#security

    Thanks

    Phil.

    P.S. ping me an email/tweet if you reply, as your last comment got stuck in spam.

  7. Phil says:

    Hi

    Please add new JSON object for “server_isDeviceFingerPrintTrackingEnable”: ,

    So that the TMS can change tracking deployed on the page.

    Thanks

    Phil.

    digitalData = {
    “visitor”: {
    “returningStatus”: “new”, // new or returning visitor: used to only trigger consent
    message for new visitors
    “preferenceForDNT”: window.navigator.doNotTrack, // yes|no|”not specified”. MUST
    defaulted to “not specified”
    “anonymizeIp”: false, // hash last 3 characters of IP address in GA. Defaulted to
    off/false.
    “geoplugin_status”: geoplugin_status, // 403 error, 200 is look-up ok
    “geoIPcountryCode”: geoplugin_countryCode, // geo-plugin JS variable
    “geoIPcontinentCode”: geoplugin_continentCode // geo-plugin JS variable
    },
    {// Server-side USER values on login or registration
    “user”: {
    “profile”: {
    “auth_isSignedIn”: true,
    “auth_isNewRegistration”: true, // used to only trigger consent message on
    first registration
    “server_isDeviceFingerPrintTrackingEnable”: false, // ADDED
    “auth_userIDtoSessionIDoveride”: false,
    “profileID”: 12345
    }
    }
    }
    }

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Before you comment here, note that this forum is moderated and your IP address is sent to Akismet, the plugin we use to mitigate spam comments.