Re: Issue 115, exemptions, best practices: Issue 25 and 34

Hi Lauren - 

I've heard Mozilla, Apple and other first parties resist requirements that
negatively impact their ability to directly communicate with their
customers. (David and Tom ­ please correct me if mis stating something).

 I'm not saying that business need only comply with the law. I'm saying that
we should be very mindful of scope creep ­ and that Jeff's proposal falls
within that category.

I agree that publishers should be participating -- and others who will be
impacted by these standards if/when certain jurisdictions codify them into
law. I can't speak to the outreach to those communities that took place in
the past. I am happy that Nick and Aleecia have agreed to renew their
efforts in that area as it poses a credibility issue to the extent that such
groups will have requirements imposed upon them without having provided
their input.


Cheers,

Alan Chapell
Chapell & Associates
917 318 8440


From:  Lauren Gelman <gelman@blurryedge.com>
Date:  Mon, 13 Feb 2012 10:36:10 -0800
To:  Alan Chapell <achapell@chapellassociates.com>
Cc:  Jeffrey Chester <jeff@democraticmedia.org>, Lee Tien <tien@eff.org>,
"Amy Colando (LCA)" <acolando@microsoft.com>, Kathy Joe <K.Joe@esomar.org>,
Jules Polonetsky <julespol@futureofprivacy.org>, "public-tracking@w3.org"
<public-tracking@w3.org>, "adam.phillips@realresearch.co.uk"
<adam.phillips@realresearch.co.uk>
Subject:  Re: Issue 115, exemptions, best practices: Issue 25 and 34



I'm missing something here.  There is no dictation-- No one is required to
comply with this.  If all the standard says is that businesses have to do
what is already required by law, then what is the point of writing a
standard?

And why aren't the publishers here?  I completely agree that it is
irrational that they are not participating.  But the group is open to anyone
to join...

On Feb 13, 2012, at 9:05 AM, Alan Chapell wrote:

> Jeff ­ I respectfully disagree. Attempted an end around existing law just
> doesn't appear reasonable to meŠ.
> 
> Moreover, can you provide some evidence to back up the claim that it is a
> reasonable expectation for publishers to have a group with almost zero direct
> input from the publisher community dictate the terms of their interactions
> with their visitors?
> 
> 
> Cheers,
> 
> Alan Chapell
> Chapell & Associates
> 917 318 8440
> 
> 
> From:  Jeffrey Chester <jeff@democraticmedia.org>
> Date:  Mon, 13 Feb 2012 12:01:40 -0500
> To:  Alan Chapell <achapell@chapellassociates.com>
> Cc:  Lee Tien <tien@eff.org>, "Amy Colando (LCA)" <acolando@microsoft.com>,
> Kathy Joe <K.Joe@esomar.org>, Jules Polonetsky <julespol@futureofprivacy.org>,
> "public-tracking@w3.org" <public-tracking@w3.org>,
> "adam.phillips@realresearch.co.uk" <adam.phillips@realresearch.co.uk>
> Subject:  Re: Issue 115, exemptions, best practices: Issue 25 and 34
> 
> This isn't about existing law.  It's about defining practices related to
> exemption under DNT:1 to ensure meaningful user interaction.   That is a
> reasonable expectation for this group and also publishers.
> 
> 
> 
> Jeffrey Chester
> Center for Digital Democracy
> 1621 Connecticut Ave, NW, Suite 550
> Washington, DC 20009
> www.democraticmedia.org <http://www.democraticmedia.org/>
> www.digitalads.org <http://www.digitalads.org/>
> 202-986-2220
> 
> On Feb 13, 2012, at 11:47 AM, Alan Chapell wrote:
> 
>> They would learn the exemption options offered by each publisher (if any) in
>> a manner that is both clear and in conformance with applicable law. If you
>> and Jeff deem appropriate, you are certainly free to help educate regulators
>> in each jurisdiction regarding how YOU believe their laws should apply to
>> exemptions under the spec and/or issue complaints pointing out where you
>> think certain websites fall short of what you think the standard is or should
>> me. 
>> 
>> I'm not sure its appropriate for this group to be re-writing or otherwise
>> circumventing existing consumer protection law or interfering with websites
>> direct' relationships with their visitors in areas where laws are already in
>> existence.
>> 
>> 
>> Cheers,
>> 
>> Alan Chapell
>> Chapell & Associates
>> 917 318 8440
>> 
>> 
>> From:  Lee Tien <tien@eff.org>
>> Date:  Mon, 13 Feb 2012 08:33:06 -0800
>> To:  "Amy Colando (LCA)" <acolando@microsoft.com>
>> Cc:  Alan Chapell <achapell@chapellassociates.com>, Jeffrey Chester
>> <jeff@democraticmedia.org>, Kathy Joe <K.Joe@esomar.org>, Jules Polonetsky
>> <julespol@futureofprivacy.org>, "public-tracking@w3.org"
>> <public-tracking@w3.org>, "adam.phillips@realresearch.co.uk"
>> <adam.phillips@realresearch.co.uk>
>> Subject:  Re: Issue 115, exemptions, best practices: Issue 25 and 34
>> 
>> Alan and Amy,
>> 
>> What would users learn about what granting an exemption means for their data
>> under your approach?
>> 
>> Lee 
>> 
>> Sent from my iPod
>> 
>> On Feb 13, 2012, at 7:44 AM, "Amy Colando (LCA)" <acolando@microsoft.com>
>> wrote:
>> 
>>> Alan, I agree. Some of the text I previously submitted (will have to look up
>>> issue number) on user override/consent could be helpful here and would allow
>>> for the continued evolution of law/business model/consumer expectations.
>>> 
>>> Sent from my Windows Phone
>>> 
>>> From: Alan Chapell
>>> Sent: 2/13/2012 6:55 AM
>>> To: Jeffrey Chester; Kathy Joe
>>> Cc: Jules Polonetsky; public-tracking@w3.org;
>>> 'adam.phillips@realresearch.co.uk'
>>> Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34
>>> 
>>> Jeff -
>>> 
>>> I'm concerned that you're attempting to set a granular, world-wide standard
>>> for disclosures ­ which may conflict with local law, and create another
>>> layer of legal and technical hurdles for small to mid-sized publishers ---
>>> most of whom are already in compliance with local consumer protection law.
>>> And it would seem to me that a world-wide analysis of how these new rules
>>> work across jurisdictions would be a pretty significant undertaking on our
>>> end.
>>> 
>>> Why not simply state that sites seeking exemptions should communicate those
>>> requests clearly and in line with consumer protection law(s) in the
>>> jurisdiction(s) in which they operate?
>>> 
>>> 
>>> Cheers,
>>> 
>>> Alan Chapell
>>> Chapell & Associates
>>> 917 318 8440
>>> 
>>> 
>>> From: Jeffrey Chester < <mailto:jeff@democraticmedia.org>
>>> jeff@democraticmedia.org>
>>> Date: Mon, 13 Feb 2012 09:12:52 -0500
>>> To: Kathy Joe < <mailto:K.Joe@esomar.org> K.Joe@esomar.org>
>>> Cc: Jules Polonetsky < <mailto:julespol@futureofprivacy.org>
>>> julespol@futureofprivacy.org>, Alan Chapell <
>>> <mailto:achapell@chapellassociates.com> achapell@chapellassociates.com>, "
>>> <mailto:public-tracking@w3.org> public-tracking@w3.org" <
>>> <mailto:public-tracking@w3.org> public-tracking@w3.org>, "
>>> <mailto:'adam.phillips@realresearch.co.uk>
>>> 'adam.phillips@realresearch.co.uk'" <
>>> <mailto:adam.phillips@realresearch.co.uk> adam.phillips@realresearch.co.uk>
>>> Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34
>>> Resent-From: < <mailto:public-tracking@w3.org> public-tracking@w3.org>
>>> Resent-Date: Mon, 13 Feb 2012 14:13:46 +0000
>>> 
>>> For any site seeking an exemption, it should be required to explain clearly
>>> upfront how the data is to be collected and used.  This isn't the privacy
>>> policy, which few people read and generally fails to explain what goes on.
>>> When a user has DNT:1 on, the bar for the exemption process should be
>>> reasonably higher in terms of candid disclosure.  If the research community
>>> can live with such candor, given what ever rules are applied by W3C, that's
>>> fine.  
>>> 
>>> Happy to discuss this issue further.  I understand the need to use panels,
>>> etc., but we should establish a clear digital bright line for the exemption
>>> process.
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> Hi Jeffrey,
>>>>  
>>>> The conditions on best practice for sites to manage exemptions include:A
>>>> site should not use a special landing page that has been
>>>> designedprincipally to convert a user to agree to permit an exemption. ŠA
>>>> site should not offer rewards and incentives for a user to approve of an
>>>> exemption.
>>>>  
>>>> We appreciate what you are aiming to do but a blanket ban would harm
>>>> research and make it impossible to ask people to take part in surveys as
>>>> research panels offer respondents small incentives to participate in
>>>> research. 
>>>>  
>>>> In our text for Issue 25 and 34 (see below), we outline how site users
>>>> might be recruited to a research panel and agree to participate in research
>>>> that could gather site specific or cross site data. The research site
>>>> explains what information would be collected, the purpose of the research
>>>> and provides a mechanism for the user to give their consent. If panel
>>>> members elect to be tracked, it is with their consent as part of their
>>>> agreement with the research organisation. They can opt-out at any time.
>>>>  
>>>> If a user agrees to the terms of participation having received transparent
>>>> information in the site¹s privacy policy they would be compensated for
>>>> their time and effort with small incentives such as a chance to participate
>>>> in a prize draw.
>>>>  
>>>> Best regards
>>>>  
>>>> Kathy Joe
>>>>  
>>>> Issue 25: Possible exemption forresearch purposes covered by conditions for
>>>> outsourcing and issue 34: Exemption for aggregated data
>>>> An exemption for research purposes is not required as this is covered under
>>>> conditions for outsourcing 3.6.1.2.1 where user¹s consent is required for
>>>> cross-site tracking or issue 34, exemption for aggregated data.
>>>>  
>>>> Description: The first party site has an agreement with a research company
>>>> to serve an invitation to a user as a result of something they have done on
>>>> the site, eg visited a travel section. The user has a first party
>>>> relationship with the site.
>>>>  
>>>> Suggestion: Site users¹individualised data can be collected with
>>>> permission, the use of the data cannot be applied in an interactive way and
>>>> no products or services are offered to respondents on the basis of their
>>>> individual responses. The researcher and sponsor use theinformation
>>>> gathered strictly for research purposes. Researchers aggregate research
>>>> data and when reported, the data is de-identified and cannot be linked to a
>>>> specific user, computer or device. Any disclosures of identifiable research
>>>> data must be used strictly for research purposes and with respondent
>>>> consent.  
>>>>  
>>>> If the respondent consents to be tracked, the data that is shared with the
>>>> client is anonymised and aggregated in such a way that no discernable
>>>> patterns can be attributed to a single individual.
>>>>  
>>>> Online surveys are usually interactive with the site user indicating their
>>>> consent (YES) and not filling them (or pressing the "no" button) is
>>>> equivalent to NO (meaningful interaction). Ie explicit yes or no.
>>>>  
>>>> Example and use cases: A site user is browsing a site. If they fulfil
>>>> certain criteria, they may be served a pop up invitation which they may
>>>> choose to click through to accept in which case the research company would
>>>> then become the first party. The research company may ask to be granted an
>>>> exception, site-specific or cross-site. The data collected would be
>>>> aggregated in the results as the research company is not interested in
>>>> identifying that particular person.
>>>>  
>>>> Opt back in for panel members who have DNT- see 4.3.1: how should a
>>>> tracking reference interact with user over-rides of the tracking
>>>> compliance, Issue 27: How should the ³opt-back in² mechanism be designed?
>>>> Description: Research panel member eg Suppress DNT because there is a
>>>> contractual agreement with the user (ie users have a pre-existing agreement
>>>> to be tracked)
>>>> Panel Members are individual users that have expressed the desire to be
>>>> part of a research study and/or group as part of a behavioral tracking
>>>> research program which would need to over-ride the DNT standard. We
>>>> introduce this to distinguish it from a site-specific exemption which may
>>>> represent a desire/preference whereas a panel member relationship
>>>> represents a contractual obligation with the research organization that may
>>>> cover different domains.
>>>>  
>>>>  
>>>>  
>>>> Kathy Joe
>>>> Professional Standards & Public Affairs Director
>>>> <image002.jpg>
>>>>  
>>>> 
>>>> Eurocenter 2, 11th floor
>>>> Barbara Strozzilaan 384
>>>> 1083 HN Amsterdam
>>>> The Netherlands
>>>> Tel: +31 20 664 2141
>>>> Fax: +31 20 664 2922
>>>> www.esomar.org <http://www.esomar.org/>
>>>> 
>>>> 
>>>>  
>>>> 
>>>> From: Jeffrey Chester [ <mailto:jeff@democraticmedia.org>
>>>> mailto:jeff@democraticmedia.org]
>>>> Sent: 09 February 2012 01:41
>>>> To: Jules Polonetsky
>>>> Cc: 'Alan Chapell';  <mailto:public-tracking@w3.org> public-tracking@w3.org
>>>> Subject: Re: Issue 115, exemptions, best practices
>>>>  
>>>> It's a panel, which is distinct from user impact/expectations.  That is
>>>> covered by research issue.
>>>>  
>>>>  
>>>> On Feb 8, 2012, at 6:24 PM, Jules Polonetsky wrote:
>>>> 
>>>> 
>>>> Here is a current example of users being paid for tracking
>>>>  
>>>>  
>>>> <http://www.huffingtonpost.com/2012/02/08/google-screenwise-project_n_12631
>>>> 28.html?ref=tw>
>>>> http://www.huffingtonpost.com/2012/02/08/google-screenwise-project_n_126312
>>>> 8.html?ref=tw
>>>>  
>>>> From: AlanChapell [ <mailto:achapell@chapellassociates.com>
>>>> mailto:achapell@chapellassociates.com]
>>>> Sent: Wednesday, February 08, 2012 3:59 PM
>>>> To: Jeffrey Chester
>>>> Cc:  <mailto:public-tracking@w3.org> public-tracking@w3.org (
>>>> <mailto:public-tracking@w3.org> public-tracking@w3.org)
>>>> Subject: Re: Issue 115, exemptions, best practices
>>>>  
>>>> Jeff -
>>>>  
>>>> If we're starting with the premise that any attempt to get a User to agree
>>>> to an exemption is undermining User intent, we're going to have trouble
>>>> finding common ground. Are there ANY mechanisms for providing a reward for
>>>> the User's agreement to an exemption that are acceptable to you? What about
>>>> providing additional free content inexchange for an exemption? Is that ok?
>>>>  
>>>>  
>>>> Cheers,
>>>>  
>>>> Alan Chapell
>>>> Chapell & Associates
>>>> 917 318 8440
>>>>  
>>>>  
>>>> From: Jeffrey Chester < <mailto:jeff@democraticmedia.org>
>>>> jeff@democraticmedia.org>
>>>> Date: Wed, 08 Feb 2012 15:50:09 -0500
>>>> To: Alan Chapell < <mailto:achapell@chapellassociates.com>
>>>> achapell@chapellassociates.com>
>>>> Cc: " <mailto:public-tracking@w3.org> public-tracking@w3.org (
>>>> <mailto:public-tracking@w3.org> public-tracking@w3.org)" <
>>>> <mailto:public-tracking@w3.org> public-tracking@w3.org>
>>>> Subject: Re: Issue 115, exemptions, best practices
>>>>  
>>>> Alan:  As you know, online marketing practices are designed to process
>>>> users to agree to opt-in and data practices.  What I wrote below are just a
>>>> few of the practices used by the leading co's and many others.  If a users
>>>> decision on DNT is not to be undermined, we must ensure that practices are
>>>> incorporated the permit fair user choice.
>>>>  
>>>>  
>>>>  
>>>>  
>>>> Jeffrey Chester
>>>> Center for Digital Democracy
>>>> 1621 Connecticut Ave, NW, Suite 550
>>>> Washington, DC 20009
>>>>  <http://www.democraticmedia.org/> www.democraticmedia.org
>>>> <http://www.democraticmedia.org/>
>>>>  <http://www.digitalads.org/> www.digitalads.org
>>>> <http://www.digitalads.org/>
>>>> 202-986-2220
>>>>  
>>>> On Feb 8, 2012, at 3:23 PM, Alan Chapell wrote:
>>>> 
>>>> 
>>>> 
>>>> Jeff ­ In looking at what you've provided here, I'm a bit concerned that
>>>> you are dictating the terms that a website has with its visitors. Can you
>>>> share the rationale for each of these ­ and specifically, what you are
>>>> trying to guard against?
>>>>  
>>>> Alternatively, I'm happy to have a one-off discussion on this topic on
>>>> Friday early AM with Ninja and Jim.
>>>>  
>>>>  
>>>> Cheers,
>>>>  
>>>> Alan Chapell
>>>> Chapell & Associates
>>>> 917 318 8440
>>>>  
>>>>  
>>>> From: Jeffrey Chester < <mailto:jeff@democraticmedia.org>
>>>> jeff@democraticmedia.org>
>>>> Date: Wed, 08 Feb 2012 14:05:40 -0500
>>>> To: " <mailto:public-tracking@w3.org> public-tracking@w3.org (
>>>> <mailto:public-tracking@w3.org> public-tracking@w3.org)" <
>>>> <mailto:public-tracking@w3.org> public-tracking@w3.org>
>>>> Subject: Issue 115, exemptions, best practices
>>>> Resent-From: < <mailto:public-tracking@w3.org> public-tracking@w3.org>
>>>> Resent-Date: Wed, 08 Feb 2012 20:08:56 +0000
>>>>  
>>>>   <https://www.w3.org/2011/tracking-protection/track/issues/115>
>>>> https://www.w3.org/2011/tracking-protection/track/issues/115
>>>>  
>>>> [I await input from Ninja, Alan and Jim]
>>>> 
>>>> 
>>>> 
>>>> Best Practices for sites to manage exemptions should include:
>>>> 
>>>> A site must provide accurate information to users on the actual data
>>>> collection and use practices of the site.  This should include all
>>>> information used for tracking, targeting, sales of profiles.
>>>> A site should not suggest that the ability to access information is
>>>> dependent on blanket acceptance of a site's data practices.
>>>> A site should not use "immersive" multimedia applications designed to
>>>> foster opt-in as a way to encourage a user agreeing to an exemption.
>>>> A site should not use a special landing page that has been designed
>>>> principally to convert a user to agree to permit an exemption.
>>>> A site should not use social media marketing to urge a user to ask their
>>>> "friends" to approve exemptions.
>>>> A site should not offer rewards and incentives for a user to approve of an
>>>> exemption.
>>>>  
>>>>  
>>> 
> 

Lauren Gelman
BlurryEdge Strategies
415-627-8512
gelman@blurryedge.com
http://blurryedge.com