Re: ACTION-69: Renaming ISSUE-54

+1

(And thanks for writing what I've been trying to communicate for days ­
albeit more eloquently.)


Cheers,

Alan Chapell
Chapell & Associates
917 318 8440


From:  Shane Wiley <wileys@yahoo-inc.com>
Date:  Mon, 13 Feb 2012 17:46:22 -0800
To:  JC Cannon <jccannon@microsoft.com>, "public-tracking@w3.org
(public-tracking@w3.org)" <public-tracking@w3.org>
Subject:  RE: ACTION-69: Renaming ISSUE-54
Resent-From:  <public-tracking@w3.org>
Resent-Date:  Tue, 14 Feb 2012 01:47:27 +0000

As we¹ve stated in other conversations, a user¹s explicit consent (out of
band or via site-specific exceptions) overrides DNT.  The conversation is
now turning to ³acceptable standards of user consent² instead of relying on
local laws surrounding deceptive activities to manage this for the working
group.  This is yet another area of scope creep for this working group.
 
In our time together, here is a partial list of privacy issues the working
group has attempted to solve in a single pass:
 
- Cross-site profiling (some of us would argue this was the extent of the
working group¹s initial focus)
- 1st Party vs. 3rd Party distinctions (I believe this is needed and we¹ve
made great progress here)
- Online/Offline Data Sharing
- Geolocation Privacy
- Online identity (where are cookies allowable vs. digital fingerprints)
- Data Retention (data minimization vs. arbitrary timeframes)
- Privacy Enhancing Technologies (everything from specific solutions to
forced implementation)
- Legal & Regulatory Compliance
- Consent Standards
- I¹m confident I¹ve missed other large buckets hereŠ
 
Even attempting to solve for cross-site profiling, party distinctions, and
data sharing is a daunting task on such a short time-frame.  Now that the
conversation has expanded into so many complex, detailed, and historically
rich side efforts (arguably ³related² to DNT), I believe we¹ll need to
figure out a way to solve for the core elements first and then come back to
each of these areas for a deeper effort to the specifics of the particular
broad privacy topic.
 
I would suggest we move out of scope the following detailed topics:
Geolocation Privacy, Online identity, Data Retention, Privacy Enhancing
Technologies, Legal Compliance, Regulatory Compliance, Consent Standards,
and ³Other² large privacy topic bucket issues.
 
I have an equally earnest desire to solve each of these areas for users
around the globe, but I believe our continued detours into these areas will
create unending swirl towards the larger goal ­ and we¹ll ultimately miss
it.  I know some of you feel this is a ³one time² dip at the well (so to
speak) and that industry won¹t come back to work on these deeper issues
after v1 of the DNT standard is released.  While I don¹t share your
skepticism here, I don¹t know how to overcome it other than to point out
that industry participates in MANY efforts to evolve the consumer privacy
agenda and rarely shy away from any.
 
That said, I don¹t see a short-term outcome where industry agrees to
definitions, standards, and limitations across all of these broad privacy
topics with only a few months of limited conversation.
 
In order to meet the aggressive timeline placed in-front of us ­ AND ­
develop a DNT standard industry will largely and quickly embrace, I
recommend we make an active decision to limit the scope of v1 of DNT to
items I listed as ³in scope².
 
I¹m confident this approach will be met with strong rejection by some and
I¹m curious to hear how those dissenting voices see the WG solving these
larger issues in such a short time-frame (outside of ³just do what we say² J
).  
  
- Shane
 

From: JC Cannon [mailto:jccannon@microsoft.com]
Sent: Monday, February 13, 2012 5:51 PM
To: public-tracking@w3.org (public-tracking@w3.org)
Subject: RE: ACTION-69: Renaming ISSUE-54
 
If I have an account with a company and I set my preferences a certain way,
I don¹t want DNT overriding that, while I¹m logged in. The alternative is to
try to set an exception in every browser on every computer I use when I¹ve
already stated my position. To me that would be nightmare scenario.
 
No, a privacy statement in and of itself should not override DNT. However, I
would like to see all privacy statements reference an organization¹s
position on DNT, including when they feel that a member¹s preferences may
override a DNT header.
 

JC
Twitter <http://twitter.com/jccannon7>
 

From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Monday, February 13, 2012 4:42 PM
To: JC Cannon
Cc: Shane Wiley; public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: ACTION-69: Renaming ISSUE-54
 
Is it your position that a privacy policy link would be adequate to override
DNT: 1?  If not, why can't we write that?

 

As for sites where the user already has an account, why grant them a special
tracking privilege?  Any third party could put together a page for managing
preferences.  (And several do.)

 

Jonathan

 

On Feb 13, 2012, at 4:38 PM, JC Cannon wrote:
 

I feel measuring the efficacy of a company¹s notice is out of scope here. I
also don¹t feel we are focusing on social sites, but sites where the user
has an and can manage their preferences in a centralized persistent fashion.

 

JC

Twitter <http://twitter.com/jccannon7>

 

From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Monday, February 13, 2012 4:33 PM
To: Shane Wiley
Cc: JC Cannon; public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: ACTION-69: Renaming ISSUE-54

 

This is why standards of notice are important.  If "the user has already
given Facebook consent" means Facebook asked explicitly for permission to
identify the user on other sites and got an exception through the exception
API, all's well.  But if Facebook merely links to its privacy policy at
signup, no, that's not enough notice.  To the extent others believe it is,
I'd like to hear why social networks deserve a special carveout from the
ordinary rules.

 

Jonathan

 

On Feb 13, 2012, at 4:00 PM, Shane Wiley wrote:



Wouldn¹t the current Facebook structure be considered an ³out of band
consent² exception?  Meaning the user has already given FB consent to this
data collection web wide?

 

- Shane

 

From: JC Cannon [mailto:jccannon@microsoft.com]
Sent: Monday, February 13, 2012 4:55 PM
To: Jonathan Robert Mayer
Cc: public-tracking@w3.org (public-tracking@w3.org)
Subject: RE: ACTION-69: Renaming ISSUE-54

 

How about this:

 

1)    For social sites, manage social feature at that site or by logging
out.

2)   For tracking and personalization opt-out use DNT.

 

JC

Twitter <http://twitter.com/jccannon7>

 

From: Jonathan Robert Mayer [mailto:jmayer@stanford.edu]
Sent: Monday, February 13, 2012 3:19 PM
To: JC Cannon
Cc: public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: ACTION-69: Renaming ISSUE-54

 

Without DNT, users would not be guaranteed the ability to opt out. That's
the status quo.

On Feb 13, 2012, at 2:41 PM, JC Cannon <jccannon@microsoft.com> wrote:
> 
> That looks like something that is handled by Facebook, which seems great to
> me. Why does DNT have to get involved?
> 
>  
> 
> JC
> 
>  
> 
> From: Jonathan Mayer [mailto:jmayer@stanford.edu]
> Sent: Monday, February 13, 2012 2:33 PM
> To: public-tracking@w3.org (public-tracking@w3.org)
> Subject: Re: ACTION-69: Renaming ISSUE-54
> 
>  
> 
> Social widgets would not "stop working."  Users certainly would not need to
> "re-enable [widgets] on every site."  To clarify, here's our Facebook mock-up.
> 
>  
> 
>  
> 
> Embedded widget:
> 
>  
> 
>  
> 
> <image001.png>
> 
>  
> 
>  
> 
>  
> 
> Consent option:
> 
>  
> 
> <image002.png>
> 
>  
> 
>  
> 
>  
> 
> On Feb 13, 2012, at 2:07 PM, JC Cannon wrote:
> 
> 
> 
> 
> If we start making changes that degrades consumers¹ online experience or makes
> them work too hard to get their experience back to normal they won¹t use. As a
> consumer I want to just click  a button and be protected without everything
> else changing. If I enable DNT:1 and all of a sudden all my social widgets
> stop working or you tell me to ³just² re-enable them on every site, I¹m just
> going to turn it off.
> 
>  
> 
> Rob provided a good example of a site
> <http://www.heise.de/newsticker/meldung/Apple-will-deutschen-Patentstreit-mit-
> Motorola-in-den-USA-gewinnen-1433070.html>  that manages social widgets
> (widgets at bottom of article). I like the way it works, but I wouldn¹t want
> to manage the settings on every site.
> 
>  
> 
> Responses to your suggestions below.
> 
>  
> 
> JC
> 
> Twitter <http://twitter.com/jccannon7>
> 
>  
> 
> From: Jonathan Mayer [mailto:jmayer@stanford.edu]
> Sent: Monday, February 13, 2012 1:12 PM
> To: Geoff Gieron - AdTruth
> Cc: JC Cannon; Jeffrey Chester; John Simpson; Justin Brookman;
> public-tracking@w3.org
> Subject: Re: ACTION-69: Renaming ISSUE-54
> 
>  
> 
> I've seen a few suggestions that I'd disagree with on this thread.  Since they
> seem fairly independent, I'll break them out individually.
> 
>  
> 
> 1) We should allow social widget personalization because some users might want
> it.
> 
>  
> 
> The same argument applies to any prohibited practice.  That's why the TPE
> specification provides an explicit exception mechanism.  If a user wants to
> see more personalized content from a third party or using third-party data,
> whether stuff their friends liked or (tracking-based) interest-targeted
> advertising, they can provide an exception.  We mocked up an exception flow
> for Facebook's social widgets at http://donottrack.us/cookbook/.
> 
> [JC] I feel the logged in state is different from standard third-party
> interaction. As a consumer I don¹t want to provide an exception our use the
> cookbook strategy for something I already control. If I don¹t want the
> functionality I will log out.
> 
>  
> 
> 2) Social widget providers are first parties if the user has logged in since
> the user has a business relationship with the website.
> 
>  
> 
> I thought we had agreement in Santa Clara and on the list that third-party
> widgets become first party by means of user interaction, not logged-in status.
> 
> [JC] I agree the widget does not get first-party status, but they should still
> be able to personalize my experience, which I control. I don¹t see that as
> first party functionality.
> 
>  
> 
> 3) Social personalization isn't the same as third-party data collection.
> 
>  
> 
> I don't follow this line at all.  Embedded social content is from a third
> party, and that third party collects data.  Moreover, the data collection
> practices currently used for social personalization rely not only on a unique
> ID‹they rely on an ID tied to the user's identity.
> 
> [JC] Third parties have the ID information whether DNT is enabled or not. The
> header tells them their obligations to me as a consumer and whether or not
> they can process my data.
> 
>  
> 
> On Feb 13, 2012, at 10:40 AM, Geoff Gieron - AdTruth wrote:
> 
> 
> 
> 
> 
> JC ­ you raise a valid point on tracking vs social sharing.  One thing I would
> like to point out about this though is how logged in entities like Facebook
> already supersede existing browser solutions, such as Private Browsing (notice
> how Facebook still knows it is you on sites outside their network when you are
> suppose to be incognito to all entities).
> 
>  
> 
> So based on your ascertainment ­ I do agree that DNT should not disrupt the
> value of social sharing when you are logged in and remained logged AND Private
> Browsing/Incognito Mode should be what cuts even this level of detection by
> these types of services regardless of login. However ­ we are not
> standardizing Private Browsing/Incognito Mode so I'm concerned that the
> ability by a few customer facing companies like Google, Yahoo, Facebook,
> Amazon, AOL and Microsoft essentially may have the ability to completely work
> around all existing browser based solution offered to a consumer.
> 
>  
> 
> Is my concern valid to you?
> 
>  
> 
> Geoff Gieron
> 
> Business Development Strategist
> 
>  
> 
> <B6D349F0-DB69-481C-A4A8-5CC1CDE1C45E[87].png>
> 
>  
> 
> O:   +1.480.776.5525
> 
> M:  +1.602.418.8094
> 
> ggieron@adtruth.com
> 
> www.adtruth.com <http://www.adtruth.com>
> 
>  
> 
>  
> 
> From: JC Cannon <jccannon@microsoft.com>
> Date: Mon, 13 Feb 2012 17:29:21 +0000
> To: Jeffrey Chester <jeff@democraticmedia.org>
> Cc: John Simpson <john@consumerwatchdog.org>, Jonathan Robert Mayer
> <jmayer@stanford.edu>, Justin Brookman <justin@cdt.org>,
> "public-tracking@w3.org" <public-tracking@w3.org>
> Subject: RE: ACTION-69: Renaming ISSUE-54
> Resent-From: <public-tracking@w3.org>
> Resent-Date: Mon, 13 Feb 2012 17:30:10 +0000
> 
>  
> 
> I¹m not stating that data can be collected on me. I¹m only stating that during
> a logged-in state a social site may personalize my experience based on my
> settings on the social site. The social site does not have the right to
> capture my browsing habits or process any data on me unless I interact with
> its widget.
> 
>  
> 
> JC
> 
> Twitter <http://twitter.com/jccannon7>
> 
>  
> 
> From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
> Sent: Monday, February 13, 2012 9:16 AM
> To: JC Cannon
> Cc: John Simpson; Jonathan Robert Mayer; Justin Brookman;
> public-tracking@w3.org
> Subject: Re: ACTION-69: Renaming ISSUE-54
> 
>  
> 
> Let's have a further discussion on this.  Can you say what data can be
> collected from a user when DNT:1 is on as they access social services?
> 
>  
> 
>  
> 
>  
> 
> Jeffrey Chester
> 
> Center for Digital Democracy
> 
> 1621 Connecticut Ave, NW, Suite 550
> 
> Washington, DC 20009
> 
> www.democraticmedia.org <http://www.democraticmedia.org/>
> 
> www.digitalads.org <http://www.digitalads.org/>
> 
> 202-986-2220
> 
>  
> 
> On Feb 13, 2012, at 12:09 PM, JC Cannon wrote:
> 
> 
> 
> 
> 
> 
> Jeff,
> 
>  
> 
> I disagree with your position, because I would still want that feature if I¹m
> logged in and have DNT:1 enabled. This is part of the concern I have about
> making decisions for consumers that they may not want. If I can disable the
> article annotation by logging off from the social site, why bundle it with DNT
> taking away my flexibility?
> 
>  
> 
> JC
> 
> Twitter <http://twitter.com/jccannon7>
> 
>  
> 
> From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
> Sent: Monday, February 13, 2012 6:46 AM
> To: JC Cannon
> Cc: John Simpson; Jonathan Robert Mayer; Justin Brookman;
> public-tracking@w3.org
> Subject: Re: ACTION-69: Renaming ISSUE-54
> 
>  
> 
> JC:  
> 
>  
> 
> DNT:1 serves as a form of granular privacy protection.  If one has DNT:1 on,
> they don't want tracking process working--even if it means they can't find out
> their friends enjoyed reading your latest book!  Happy to discuss.
> 
> 
> 
> 
> 
> 
> 
> I would like to drill into this a little further. How would this apply to a
> logged in state? If I¹m logged into a social site and reading an article I
> would be interested to know if people I trust from that social site enjoyed
> the article or not without necessarily letting people know that I viewed the
> article, unless I select the share button. I don¹t want to have to enable
> tracking just to see if my friends liked the article.
> 
>  
> 
> JC
> 
> Twitter <http://twitter.com/jccannon7>
> 
>  
> 
> From: John Simpson [mailto:john@consumerwatchdog.org]
> Sent: Wednesday, February 08, 2012 11:53 AM
> To: Jeffrey Chester
> Cc: Jonathan Robert Mayer; Justin Brookman; public-tracking@w3.org
> Subject: Re: ACTION-69: Renaming ISSUE-54
> 
>  
> 
> I agree that when a site acts as a third party it MUST not engage in targeting
> based on data gathered when it was a 1st party if DNT is enabled.
> 
>  
> 
>  
> 
> On Feb 8, 2012, at 8:43 AM, Jeffrey Chester wrote:
> 
> 
> 
> 
> 
> 
> 
> 
> I don't think if DNT is enabled a third party should be able to engage in
> profile-based targeting that they have collected as first party, as Justin
> perhaps as proposed.  That would weaken user intent on DNT.
> 
>  
> 
>  
> 
> Jeffrey Chester
> 
> Center for Digital Democracy
> 
> 1621 Connecticut Ave, NW, Suite 550
> 
> Washington, DC 20009
> 
> www.democraticmedia.org <http://www.democraticmedia.org/>
> 
> www.digitalads.org <http://www.digitalads.org/>
> 
> 202-986-2220
> 
>  
> 
> On Feb 8, 2012, at 11:34 AM, Jonathan Robert Mayer wrote:
> 
> 
> 
> 
> 
> 
> 
> 
> In the interest of clarity, I recommend we make two ISSUEs from ISSUE-54.
> 
>  
> 
> 1) What can a first party do on its own website with provided information? I
> completely agree with Shane that this falls into the current first party
> proposal, and I expect we'll get consensus and close the ISSUE quickly.
> 
>  
> 
> 2) What can a first party do with submitted information when it's a third
> party? We've already heard a range of views on this; I expect lengthy
> discussion and perspectives from many stakeholders before we close the ISSUE.
> 
> 
> On Feb 8, 2012, at 7:20 AM, Justin Brookman <justin@cdt.org> wrote:
>> 
>> I think Sean's restatement of the issue is a bit ambiguous.  The key question
>> is not whether a first party can alter its own websites and advertising on
>> those sites based on data it collected as a first party.  It's about whether
>> they can then leverage that data when they're in a third-party environment.
>> 
>> I was tasked with writing up language on this in Brussels, but upon
>> reflection, my vision is already allowed for in the text:  a third-party may
>> customize content or advertising on other sites based on data it had
>> collected as a first-party.  Thus, Yahoo! can serve ads on the New York Times
>> based on what I had done on the Yahoo! site (or registration information I
>> had provided to Yahoo!) and Facebook can tell me what my friends like in a
>> social widget when I go to the WashingtonPost.com
>> <http://WashingtonPost.com/>  --- as long as neither collects the fact that I
>> went to NYT or WaPo (apart from exceptions like ad reporting, fraud,
>> analytics) and certainly does not add that information to a profile about me.
>> The language in the draft currently allows for this.  However, I will try to
>> put together some non-normative language on this today to make it clear.  I
>> have heard the argument that this unduly favors first-party sites who have a
>> lot of user data, but I also think the privacy implications are dramatically
>> reduced when ads are influenced based on data that a party already has about
>> you.
>> 
>> Shane, you had seemed to disagree with this idea in Brussels, so if you want
>> to put forward a countersuggestion that's fine.  Alternatively, Tom had
>> disagreed on one of the calls that Facebook should be allowed to personalize
>> content based on data it had collected as a first-party, so he may want to
>> proffer another suggestion.  I could see a stronger argument against allowing
>> Yahoo! to use passively-collected data about what I read on the Yahoo! site
>> rather than using affirmatively provided info, but I personally wouldn't draw
>> the line there.  It's also possible this issue is currently being discussed
>> elsewhere on the mailing list, but I have not remotely been able to keep up.
>> 
>> 
>> 
>> 
>> 
>> 
>> Justin Brookman
>> Director, Consumer Privacy
>> Center for Democracy & Technology
>> 1634 I Street NW, Suite 1100
>> Washington, DC 20006
>> tel 202.407.8812
>> fax 202.637.0969
>> justin@cdt.org
>> http://www.cdt.org <http://www.cdt.org/>
>> @CenDemTech
>> @JustinBrookman
>> 
>> On 2/6/2012 10:10 AM, Shane Wiley wrote:
>> 
>> And the proposed answer, ³YES², as this appears to capture the 1st party
>> exception cleanly and we have other statements that disallow a 1st party from
>> sharing information with 3rd parties when DNT:1.
>> 
>>  
>> 
>> - Shane
>> 
>>  
>> 
>> From: Sean Harvey [mailto:sharvey@google.com]
>> Sent: Sunday, February 05, 2012 5:27 PM
>> To: public-tracking@w3.org Group WG
>> Subject: ACTION-69: Renaming ISSUE-54
>> 
>>  
>> 
>> Hi all, apologies for the delay in submitting my action item.
>> 
>>  
>> 
>> ISSUE-54 is intended to get at the question of whether or not a first party
>> is allowed to leverage their own data, including registration data provided
>> by the user at a previous time, in the context of a DNT header being ON.
>> 
>>  
>> 
>> Keep in mind I am not intending to provide an answer, only to more
>> appropriately rename the topic.
>> 
>>  
>> 
>> In light of this I propose the Issue be renamed:
>> 
>>  
>> 
>> "Can first parties customize their own websites or advertising based on their
>> own user data when a DNT header is ON?"
>> 
>>  
> 
>  
> 
>  
> 
> ----------
> 
> John M. Simpson
> 
> Consumer Advocate
> 
> Consumer Watchdog
> 
> 1750 Ocean Park Blvd. ,Suite 200
> 
> Santa Monica, CA,90405
> 
> Tel: 310-392-7041
> 
> Cell: 310-292-1902
> 
> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org/>
> 
> john@consumerwatchdog.org
> 
>  
> 
>  
> 
>  
> 
> The information contained in this e-mail is confidential and/or proprietary of
> AdTruth. The information transmitted herewith is intended only for use by the
> individual or entity to which it is addressed. If you are not the intended
> recipient, you should not copy, distribute, disclose or use the information it
> contains, please e-mail the sender immediately and delete this message from
> your system.
> 
>