IRC log of dnt on 2011-12-14
Timestamps are in UTC.
- 16:50:22 [RRSAgent]
- RRSAgent has joined #dnt
- 16:50:22 [RRSAgent]
- logging to http://www.w3.org/2011/12/14-dnt-irc
- 16:50:29 [Zakim]
- Zakim has joined #dnt
- 16:50:36 [aleecia]
- Zakim, this is dnt
- 16:50:36 [Zakim]
- aleecia, I see T&S_Track(dnt)12:00PM in the schedule but not yet started. Perhaps you mean "this will be dnt".
- 16:50:42 [aleecia]
- Zakim, this will be dnt
- 16:50:42 [Zakim]
- ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 10 minutes
- 16:50:50 [aleecia]
- chair: aleecia
- 16:51:02 [aleecia]
- regrets+ ndoty
- 16:51:41 [aleecia]
- agenda+ Selection of scribe
- 16:52:02 [tedleung]
- tedleung has joined #Dnt
- 16:52:10 [Zakim]
- T&S_Track(dnt)12:00PM has now started
- 16:52:17 [Zakim]
- +aleecia
- 16:52:34 [aleecia]
- agenda+ Any comments on minutes from the last call
- 16:52:52 [aleecia]
- Review of action items: http://www.w3.org/2011/tracking-protection/track/
- 16:53:09 [aleecia]
- agenda+ Reminder: those drafting text, please send to those editing the text by the end of the day today
- 16:53:30 [aleecia]
- agenda+ ISSUE-101 What is a user? add to defns<http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#user>
- 16:53:44 [aleecia]
- agenda+ ISSUE-104 Could use a better defn of user agent, rather than browser <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#user%20agent>
- 16:53:56 [aleecia]
- agenda+ ISSUE-19 Data collection / Data use (3rd party) <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#third-party-compliance>
- 16:54:07 [aleecia]
- agenda+ Announce next meeting & adjourn
- 16:54:57 [jmayer]
- jmayer has joined #dnt
- 16:54:59 [Zakim]
- +tl
- 16:55:02 [Zakim]
- -aleecia
- 16:55:03 [aleecia]
- regrets+ Jeffrey Chester
- 16:55:03 [Zakim]
- +aleecia
- 16:55:23 [aleecia]
- zakim, who is on the call please
- 16:55:23 [Zakim]
- I don't understand 'who is on the call', aleecia
- 16:55:45 [aleecia]
- agenda?
- 16:57:25 [tl]
- zakim, who is on the phone?
- 16:57:25 [Zakim]
- On the phone I see aleecia, tl
- 16:57:40 [tl]
- thank you, was that that so hard zakim?
- 16:57:51 [Zakim]
- +jmayer
- 16:58:11 [efelten]
- efelten has joined #dnt
- 16:58:22 [justin]
- justin has joined #dnt
- 16:58:27 [Zakim]
- +tedleung
- 16:58:41 [Zakim]
- + +91.37.4.aaaa
- 16:59:01 [dsriedel]
- zakim, mute me
- 16:59:06 [Zakim]
- +efelten
- 16:59:11 [KevinT]
- KevinT has joined #dnt
- 16:59:22 [Zakim]
- sorry, dsriedel, I do not know which phone connection belongs to you
- 16:59:32 [Zakim]
- + +65141aabb
- 16:59:34 [rvaneijk]
- will do
- 16:59:42 [fielding]
- fielding has joined #dnt
- 16:59:46 [rvaneijk]
- .. thats me sorry
- 16:59:54 [sidstamm]
- sidstamm has joined #dnt
- 17:00:01 [ninjamarnau]
- ninjamarnau has joined #dnt
- 17:00:01 [Frankie]
- Frankie has joined #dnt
- 17:00:03 [rvaneijk]
- Zakim, +65141aabb is rvaneijk
- 17:00:11 [Zakim]
- +NinjaMarnau
- 17:00:19 [aleecia]
- who is on the call
- 17:00:19 [rvaneijk]
- Zakim, 65141aabb is rvaneijk
- 17:00:25 [aleecia]
- zakim, who is on the phone
- 17:00:27 [Zakim]
- +SueG
- 17:00:33 [sidstamm]
- Zakim, Mozilla has sidstamm
- 17:00:35 [tl]
- zakim aabb is rvaneijk
- 17:00:41 [Zakim]
- +Joanne
- 17:00:45 [rvaneijk]
- tnk Tom
- 17:00:48 [Zakim]
- - +91.37.4.aaaa
- 17:00:52 [Zakim]
- +rvaneijk; got it
- 17:00:53 [Zakim]
- +[Mozilla]
- 17:01:11 [hwest]
- hwest has joined #dnt
- 17:01:16 [Zakim]
- sorry, rvaneijk, I do not recognize a party named '65141aabb'
- 17:01:23 [Zakim]
- I don't understand 'who is on the phone', aleecia
- 17:01:27 [aleecia]
- zakim, aabb is rvaneijk
- 17:01:29 [Zakim]
- +sidstamm; got it
- 17:01:35 [Zakim]
- +dsriedel
- 17:01:43 [Zakim]
- +fielding
- 17:01:46 [WileyS]
- WileyS has joined #dnt
- 17:01:53 [Zakim]
- +Justin
- 17:01:58 [Zakim]
- +hwest
- 17:02:01 [Zakim]
- sorry, aleecia, I do not recognize a party named 'aabb'
- 17:02:03 [Zakim]
- -dsriedel
- 17:02:14 [adrianba]
- adrianba has joined #dnt
- 17:02:25 [Zakim]
- + +1.425.214.aacc - is perhaps bryan
- 17:02:29 [Zakim]
- +[IPcaller]
- 17:02:35 [Zakim]
- + +1.347.689.aadd
- 17:02:51 [Frankie]
- Zakim, IPcaller is frankie
- 17:02:55 [Zakim]
- + +1.310.292.aaee
- 17:02:58 [vincent]
- vincent has joined #dnt
- 17:03:04 [alex]
- alex has joined #dnt
- 17:03:06 [Zakim]
- +WileyS
- 17:03:09 [tl]
- zakim aaee is jsimpson
- 17:03:16 [Zakim]
- +dsriedel
- 17:03:20 [Zakim]
- +frankie; got it
- 17:03:23 [dsriedel]
- zakim, mute me
- 17:03:32 [efelten]
- I can scribe
- 17:03:33 [dsriedel]
- I can
- 17:03:43 [aleecia]
- agenda
- 17:03:46 [aleecia]
- agenda?
- 17:03:47 [Zakim]
- +[IPcaller]
- 17:03:50 [Zakim]
- dsriedel should now be muted
- 17:03:56 [Zakim]
- + +1.646.654.aaff
- 17:04:05 [efelten]
- scribe is efelten
- 17:04:14 [tl]
- zakim, who is on the phone?
- 17:04:16 [efelten]
- aleecia: Comments on last week's minutes?
- 17:04:22 [jmayer]
- Zakim, who is talking?
- 17:04:23 [tl]
- zakim, who is talking?
- 17:04:32 [justin]
- zakim, Justin has enewland
- 17:04:33 [enewland]
- enewland has joined #dnt
- 17:04:35 [Lia]
- Lia has joined #dnt
- 17:04:39 [dsinger]
- dsinger has joined #dnt
- 17:04:44 [efelten]
- No comments, take minutes as approved
- 17:04:45 [Zakim]
- On the phone I see aleecia, tl, jmayer, tedleung, efelten, rvaneijk, NinjaMarnau, SueG, Joanne, [Mozilla], fielding, Justin, hwest, bryan, frankie, +1.347.689.aadd,
- 17:04:51 [Zakim]
- ... +1.310.292.aaee, WileyS, dsriedel (muted), [IPcaller], +1.646.654.aaff
- 17:04:53 [Zakim]
- [Mozilla] has sidstamm
- 17:04:53 [dsinger]
- zakim, [apple] has dsinger
- 17:04:57 [Zakim]
- +enewland; got it
- 17:04:59 [Zakim]
- jmayer, listening for 10 seconds I heard sound from the following: [IPcaller] (5%), aleecia (72%)
- 17:05:09 [tedleung]
- zakim, [Disney] has tedleung
- 17:05:16 [Zakim]
- tl, listening for 10 seconds I heard sound from the following: 21 (57%), aleecia (68%)
- 17:05:19 [Zakim]
- +[Apple]
- 17:05:20 [tl]
- zakim, aaee is jsimpson
- 17:05:22 [Zakim]
- +dsinger; got it
- 17:05:24 [eberkower]
- eberkower has joined #dnt
- 17:05:25 [efelten]
- aleecia: If you're drafting text, by end of today please send to those editing the text
- 17:05:31 [aleecia]
- http://www.w3.org/2011/tracking-protection/track/actions
- 17:05:36 [Zakim]
- sorry, tedleung, I do not recognize a party named '[Disney]'
- 17:05:37 [efelten]
- ... quick look through action items
- 17:05:45 [Zakim]
- +AlexDeliyannis
- 17:05:48 [Zakim]
- +jsimpson; got it
- 17:05:53 [bryan_]
- bryan_ has joined #dnt
- 17:06:03 [bryan_]
- present+ Bryan_Sullivan
- 17:06:04 [efelten]
- ... start with action 26; Karl not on call; 26 is overdue
- 17:06:19 [vincent]
- zakim, [IPcaller] is vincent
- 17:06:21 [Zakim]
- +vincent; got it
- 17:06:21 [efelten]
- ... action 27, is that open?
- 17:06:50 [efelten]
- tl: 27 is pending review; Tom trying to synthesize with Jonathan's work; will circle back
- 17:07:07 [efelten]
- ... can do by Friday
- 17:07:33 [efelten]
- aleecia: action 31, shane et al
- 17:07:57 [efelten]
- WileyS: have draft text, well thought through, will post today with some issues still open
- 17:08:17 [adrianba]
- scribenick: efelten
- 17:08:20 [efelten]
- aleecia: action 34, first party vs third party, Jonathan and Tom working together, related to previous
- 17:08:23 [adrianba]
- Present+ adrianba
- 17:08:29 [efelten]
- ... action 37, Karl not on phone
- 17:08:33 [efelten]
- ... done with open actions
- 17:08:45 [aleecia]
- http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#user
- 17:08:46 [efelten]
- ... look at text drafted by editors
- 17:08:56 [tl]
- sorry: action 27 is complete, action 34 is the current open action with jmayer
- 17:09:00 [efelten]
- ... start with definition of user
- 17:09:04 [hwest]
- I believe that I'm on the hook to help draft something about identity providers, but I don't see an action item - where do I find that?
- 17:09:22 [efelten]
- ... [reads definition]
- 17:09:26 [KevinT]
- Zakim Joanne is KevinT
- 17:09:36 [WileyS]
- +q
- 17:09:44 [efelten]
- ... text is coming from other related W3C specs, or other docs seen previously on mailing list
- 17:10:04 [aleecia]
- ack WileyS
- 17:10:09 [jmayer]
- tl, action 27 is not complete, nice try
- 17:10:25 [enewland]
- we used http://www.w3.org/2003/glossary/alpha/U/20 as a starting point
- 17:10:31 [enewland]
- for the definitions of user and user agent
- 17:10:36 [aleecia]
- thank you, erica
- 17:10:49 [jmayer]
- suggest marking this as pending review
- 17:10:50 [efelten]
- WileyS: on defn of user, will be difficult for some of us to evaluation without knowing more about how used later in documents; might need to return to defns later as uses develop
- 17:10:51 [fielding]
- user agent is already defined in the TPE document
- 17:11:01 [efelten]
- s/evaluation/evaluate/
- 17:11:03 [tl]
- jmayer, action 27 was sent to the list, reviewed, and turned into the new and shiny action 34 for both of us
- 17:11:03 [dwainberg]
- dwainberg has joined #dnt
- 17:11:13 [justin]
- We should probably reconcile those . . .
- 17:11:43 [WileyS]
- gr8
- 17:11:45 [efelten]
- aleecia: to re-open, need to have new information (could include interactions with new text elsewhere), also need proposed alternative
- 17:12:00 [efelten]
- ... Shane's suggestion seems consistent with this
- 17:12:15 [WileyS]
- link to the text?
- 17:12:16 [efelten]
- ... Any issues with defn of user?
- 17:12:22 [aleecia]
- http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#user
- 17:12:26 [justin]
- Here is how it's defined in the other spec: This specification uses the term user agent to refer to any of the various client programs capable of initiating HTTP requests, including browsers, spiders (web-based robots), command-line tools, native applications, and mobile apps [HTTP11].
- 17:12:27 [WileyS]
- thank you
- 17:12:36 [bryan_]
- q+
- 17:12:37 [Zakim]
- +dwainberg
- 17:12:46 [efelten]
- ... This seems staightforward and is based on past W3C docs
- 17:12:50 [aleecia]
- ack bryan_
- 17:13:11 [efelten]
- bryan: Group of individuals acting as an entity. Would that include an enterprise / company?
- 17:13:17 [jmayer]
- rescind suggestion of pending review, closed sounds right
- 17:13:21 [efelten]
- aleecia: Text could be read either way
- 17:13:22 [alanchapell]
- alanchapell has joined #dnt
- 17:13:33 [fielding]
- q+
- 17:13:38 [jmayer]
- +q
- 17:13:42 [ninjamarnau]
- q+
- 17:13:44 [tl]
- yes, corporations are people!
- 17:13:45 [efelten]
- bryan: Defn anticipates broad understanding of what a group is?
- 17:13:46 [dsinger]
- I think the definition applies, yes. Do we want it to?
- 17:13:47 [WileyS]
- What is the value of the "user" definition versus a "user agent"?
- 17:13:53 [efelten]
- aleecia: apparently yes
- 17:13:53 [WileyS]
- +q
- 17:14:04 [bryan_]
- q-
- 17:14:12 [aleecia]
- ack fielding
- 17:14:15 [efelten]
- ... should flag this for clarification
- 17:14:19 [Zakim]
- - +1.347.689.aadd
- 17:14:43 [efelten]
- fielding: unnecesarily complicating things; why not simple definition, user = person making request
- 17:14:45 [WileyS]
- Agree with Roy - User Agent is more important than "User"
- 17:14:45 [Zakim]
- + +1.347.689.aagg
- 17:14:52 [aleecia]
- ack jmayer
- 17:14:54 [efelten]
- aleecia: think we do need a defn of user
- 17:14:59 [amyc]
- amyc has joined #dnt
- 17:15:10 [efelten]
- jmayer: agree with Roy, can simplify this
- 17:15:14 [tl]
- WileyS, user agents should do things for users, like deciding to send dnt only after the user has made it clear that's what they want
- 17:15:19 [dsinger]
- q+
- 17:15:21 [efelten]
- ... propose that user should be only an individual person, not a group
- 17:15:22 [fielding]
- what requirements are applied to "user"?
- 17:15:30 [tl]
- q?
- 17:15:31 [aleecia]
- ack ninjamarnau
- 17:15:41 [amyc]
- on IRC, but unable to dial in to conf call
- 17:15:56 [jmayer]
- suggestion: "User: An individual person."
- 17:15:58 [WileyS]
- Would a user agent be able to do anything on its own? Outside of direction from the user?
- 17:15:58 [efelten]
- ninjamarnau: question about "on whose behalf ..." language. Covers e.g. mother accessing on behalf of children?
- 17:16:13 [efelten]
- aleecia: if mother and child acting together, would be covered
- 17:16:24 [aleecia]
- q?
- 17:16:30 [efelten]
- ... Do Ninja and Jonathan have different views?
- 17:16:31 [rvaneijk]
- Why not dropping 'acting as a single entity'
- 17:17:10 [jmayer]
- +q
- 17:17:14 [efelten]
- ... mother is doing access so is user, less clear about child
- 17:17:23 [efelten]
- ninjamarnau: this might be a misunderstanding
- 17:17:32 [tl]
- WileyS, i think we expect UAs to take care of all the tedious busy-work, leaving users free to enjoy the wind in their hair on the information highway
- 17:17:34 [aleecia]
- ack WileyS
- 17:17:54 [efelten]
- WileyS: ref email discussion with Jonathan
- 17:18:20 [efelten]
- ... not clear on where there is value in treating user separately from user agent
- 17:18:31 [Zakim]
- +[Microsoft]
- 17:18:33 [efelten]
- ... seems redundant to have separate definitions, complicates text
- 17:18:39 [adrianba]
- zakim, [Microsoft] is me
- 17:18:39 [Zakim]
- +adrianba; got it
- 17:19:04 [efelten]
- ... not sure why user is needed, why not just user agent
- 17:19:17 [fielding]
- for example, a browser user agent sometimes has profiles for multiple users, one of whom uses it at a time
- 17:19:26 [efelten]
- aleecia: user agent is software, like browser. user is a person
- 17:19:29 [WileyS]
- one example please
- 17:19:34 [bryan_]
- q+
- 17:19:49 [efelten]
- ... think we will need to distinguish them, can merge them if that turns out not to happen
- 17:20:16 [aleecia]
- q?
- 17:20:22 [aleecia]
- ack dsinger
- 17:20:36 [fielding]
- q+
- 17:20:42 [tl]
- WileyS, UA manages site-specific preferences on user's behalf
- 17:21:06 [efelten]
- dsinger: see major diff between user and user agent. user is who we are trying to protect, user agent is software which doesn't have a privacy interest in itself
- 17:21:13 [tl]
- +q
- 17:21:23 [ninjamarnau]
- thanks dsinger, this was the differnce I was referringt to
- 17:21:27 [tl]
- -q
- 17:21:41 [efelten]
- ... mistake to write in passive voice here?
- 17:22:06 [efelten]
- aleecia: others have used separate defns, but we can do otherwise if it makes sense to us
- 17:22:13 [WileyS]
- "An individual human" +1
- 17:22:26 [efelten]
- ... Is the suggestion to drop language about groups?
- 17:22:38 [WileyS]
- User Proxy should be defined separetely
- 17:22:51 [fielding]
- I prefer the CC/PP definition … "An individual or group of individuals acting as a single entity. The user is further qualified as an entity who uses a device to request content and/or resource from a server."
- 17:22:52 [bryan_]
- +1 to dropping "group of individuals" and "on behalf of"
- 17:22:53 [jmayer]
- agree with shane
- 17:23:08 [tl]
- WileyS, +1
- 17:23:11 [aleecia]
- ack jmayer
- 17:23:12 [efelten]
- dsinger: No. My concern is that "on behalf" language. Why not define more directly: individual, or group acting as an entity, who accesses a service
- 17:23:22 [dsriedel]
- Maybe this phrase just tries to acknowledge that a service might not be able to disinguish if the request comes from an individual enity or another network. More of a technical thing.
- 17:23:27 [aleecia]
- q?
- 17:23:29 [efelten]
- jmayer: Would drop "who accesses a service" language.
- 17:23:51 [efelten]
- ... probably will be covered by discussion elsewhere in spec
- 17:23:54 [aleecia]
- ack bryan_
- 17:24:08 [efelten]
- bryan: Definitely see distinction between user and user agent
- 17:24:28 [efelten]
- ... important to treat actions of user agent done on user's behalf as if they were done by the user
- 17:24:33 [aleecia]
- the user accesses or is accessed on behalf of the user?
- 17:24:43 [efelten]
- ... key is to think in terms of user's intent
- 17:25:04 [dsinger]
- got it. agree
- 17:25:18 [efelten]
- aleecia: Might be good to avoid trying to distinguish between what user does and what browser does
- 17:25:24 [rvaneijk]
- wikipedia: A user is an agent, either a human agent (end-user) or software agent, who uses a computer or network service.
- 17:25:25 [Zakim]
- +sharvey
- 17:25:35 [aleecia]
- q?
- 17:25:40 [efelten]
- ... Can we come up with text that does what we seem to want here?
- 17:25:43 [WileyS]
- wikipedia, +1
- 17:26:04 [BrianTs]
- BrianTs has joined #DNT
- 17:26:23 [efelten]
- fielding: Typically talk in terms of activities initiated by the user; these might involve several steps done by the user agent
- 17:26:30 [fielding]
- An individual or group of individuals acting as a single entity. The user is further qualified as an entity who uses a device to request content and/or resource from a server.
- 17:26:33 [efelten]
- ... pasted in text to IRC about this
- 17:26:40 [ksmith]
- ksmith has joined #DNT
- 17:27:05 [dsriedel]
- Wouldn´t it be easier to drop user completely and just referr to user-agent as this is the entity DNT works on/is implemented?
- 17:27:10 [efelten]
- ... agree with dsinger, get rid of "on behalf of"
- 17:27:30 [aleecia]
- An individual or group of individuals acting as a single entity. The user is further qualified as an entity who uses a device to request content and/or resource from a server.
- 17:27:31 [efelten]
- aleecia: Anybody want to argue for "on behalf of"?
- 17:27:37 [Zakim]
- + +44.789.449.aahh
- 17:27:56 [fielding]
- that's from the glossary for CC/PP
- 17:27:57 [Zakim]
- + +385221aaii
- 17:28:14 [efelten]
- ... glossary definition here seems pretty good
- 17:28:25 [efelten]
- ... group of individuals understood as including a company
- 17:28:39 [efelten]
- ... not sure we need "from a server", might be too specific/restrictive
- 17:28:45 [jmayer]
- +q
- 17:28:48 [dsinger]
- we can add "including access actions by the user-agent on behalf of the user", if we want to be clear...
- 17:28:48 [efelten]
- ... Any suggestions on this text?
- 17:28:54 [andyzei]
- andyzei has joined #dnt
- 17:28:54 [rvaneijk]
- suggestion: replace from a servwer with: who uses a computer or network service.
- 17:28:55 [aleecia]
- ack fielding
- 17:28:58 [aleecia]
- ack jmayer
- 17:29:47 [aleecia]
- sounds like an argument back for "on behalf of"
- 17:29:53 [efelten]
- jmayer: Defn seems to require some state of mind of the user, or some knowledge
- 17:30:08 [fielding]
- fine with me to remove the second sentence
- 17:30:12 [efelten]
- ... but need to protect user even when technology is doing something the user wants, but doing it automatically
- 17:30:30 [aleecia]
- J: try some text?
- 17:30:31 [bryan_]
- q+
- 17:30:41 [kj]
- kj has joined #dnt
- 17:30:51 [efelten]
- ... can break this down into a set of binary choices
- 17:31:05 [efelten]
- ... suggest starting simple, adding extra stuff only as needed
- 17:31:19 [efelten]
- aleecia: jmayer, can you suggest specific text?
- 17:31:22 [aleecia]
- ack bryan_
- 17:31:53 [WileyS]
- Roy, +1
- 17:32:00 [efelten]
- bryan: Don't need to talk about user agent privacy concerns separate from the user's privacy concerns
- 17:32:08 [WileyS]
- Disagree with Aleccia (sorry :-( )
- 17:32:15 [Zakim]
- + +1.650.924.aajj
- 17:32:33 [bryan_]
- CC/PP had that language because it was addressing user-agent capabilities as something distinct from the user, but such a distinction does not exist for privacy concerns
- 17:32:48 [efelten]
- aleecia: Move on, will circle back to this
- 17:33:09 [jmayer]
- Suggested: "An individual person." Open issues: 1) users acting on behalf of other users, 2) users acting as a group, 3) qualifiers on types of behavior (network interaction, device usage, mental state)
- 17:33:09 [efelten]
- ... discuss defn of "user agent"
- 17:33:14 [aleecia]
- A "user agent" retrieves, accesses, and/or renders, content or services on behalf of the user. Examples of user agents include browsers, plug-ins for a particular media type, and assistive technologies.
- 17:33:14 [fielding]
- An individual or group of individuals acting as a single entity to initiate requests on the Web?
- 17:33:24 [punderwood]
- punderwood has joined #dnt
- 17:33:24 [efelten]
- ... pasted text into IRC
- 17:33:28 [efelten]
- ... comments?
- 17:33:34 [tl]
- also: robots
- 17:33:49 [Zakim]
- - +44.789.449.aahh
- 17:33:51 [efelten]
- ... seeing no suggestions, let's go back to "user"
- 17:33:52 [jimk]
- jimk has joined #dnt
- 17:34:05 [efelten]
- ... Jonathan suggested "An individual person", full stop
- 17:34:08 [efelten]
- ... comments?
- 17:34:10 [WileyS]
- I'm fine with "an individual human or person"
- 17:34:13 [bryan_]
- q+
- 17:34:13 [tl]
- +q
- 17:34:21 [Zakim]
- + +44.789.449.aakk
- 17:34:25 [bryan_]
- q-
- 17:34:31 [jmayer]
- +q
- 17:34:40 [aleecia]
- ack tl
- 17:34:44 [efelten]
- bryan: has to be an individual person using this service
- 17:34:57 [WileyS]
- dogs have no privacy rights :-)
- 17:35:01 [eberkower]
- Why not just "an individual"?
- 17:35:10 [efelten]
- tl: should say "human" rather than "person" since person might have unintended legal consequences
- 17:35:41 [eberkower]
- yes - a corporation can be a legal person
- 17:36:04 [dsinger]
- "An individual who accesses a service (who has the ability to express a legitimate desire for privacy)"??
- 17:36:05 [bryan_]
- boo hiss
- 17:36:07 [efelten]
- WileyS: sometimes a corporate entity qualifies as a legal person, agree with Tom that we should use "human"
- 17:36:07 [tl]
- also: we disenfranchise robots
- 17:36:09 [ninjamarnau]
- why not "an individual" ?
- 17:36:09 [tl]
- and aliens
- 17:36:23 [jmayer]
- "An individual human or equivalent conscious entity."
- 17:36:36 [aleecia]
- an individual who access a service
- 17:36:47 [aleecia]
- q?
- 17:36:50 [efelten]
- aleecia: How about "an individual who accesses a service"?
- 17:37:22 [ksmith]
- There are several individual's working here whose human status I question:-D
- 17:37:30 [aleecia]
- (or on behalf of whom an service is accessed?)
- 17:37:38 [dsriedel]
- +1 to jmayer definition. Other details can be added to the definition of "user-agent", like accessing (et al.) a service
- 17:37:57 [jmayer]
- sidstamm raises the important issue of zombies
- 17:38:19 [WileyS]
- +q
- 17:38:19 [efelten]
- jmayer: Important not to put limitations on which people are covered, at least until we know that limitations won't have complicated consequences
- 17:38:28 [jmayer]
- -q
- 17:38:37 [efelten]
- aleecia: Don't want to parse apart different groups of people based on ability, age, etc
- 17:38:46 [efelten]
- ... Does this really have to be so complicated?
- 17:38:51 [aleecia]
- ack WileyS
- 17:39:23 [dsinger]
- I agree to take a place-holder and refer to PSIG; too many legal nuances come up
- 17:39:32 [efelten]
- WileyS: propose that we use "an individual human" for now, consider it as quasi-closed, and come back to it later
- 17:39:50 [fielding]
- q?
- 17:39:51 [efelten]
- aleecia: Don't see full consensus now
- 17:40:13 [efelten]
- ... What is starting point for text? Language in draft; language from Roy.
- 17:40:31 [efelten]
- ... Questions: need "on behalf of"? need to cover groups?
- 17:40:55 [efelten]
- ... Those who care strongly, if any, should go off and talk about this, make a joint proposal
- 17:41:06 [ninjamarnau]
- I would be interested
- 17:41:14 [efelten]
- ... Volunteers?
- 17:41:25 [bryan_]
- bryan
- 17:41:31 [tl]
- pick me!
- 17:41:44 [tl]
- i am always serious
- 17:41:49 [efelten]
- ... ninjamarnau, bryan, tl have volunteered
- 17:41:54 [fielding]
- At some point we should decide whether it is okay to keep track of the ISP/Company that accessed a service even if DNT indicates the "user" is not tracked.
- 17:42:05 [tl]
- [except about the robots/aliens thing]
- 17:42:12 [ninjamarnau]
- okay, deadline?
- 17:42:14 [efelten]
- ... Ninja to take lead, work with bryan and tl, propose language back to the full group
- 17:42:31 [aleecia]
- action: ninjamarnau to draft user defn language due next week
- 17:42:31 [trackbot]
- Sorry, couldn't find user - ninjamarnau
- 17:42:35 [efelten]
- ... Please do within one week
- 17:42:53 [fielding]
- q+
- 17:42:54 [efelten]
- aleecia: Return to "user agent"
- 17:43:04 [tl]
- action: ninja to draft user defn language due next wee
- 17:43:04 [trackbot]
- Created ACTION-40 - Draft user defn language due next wee [on Ninja Marnau - due 2011-12-21].
- 17:43:16 [WileyS]
- "including, but not limited to, "
- 17:43:16 [efelten]
- ... Objections? (with alternative)
- 17:43:23 [justin]
- The issue fielding brings up can be addressed within the exceptions
- 17:43:24 [aleecia]
- A "user agent" retrieves, accesses, and/or renders, content or services on behalf of the user. Examples of user agents include browsers, plug-ins for a particular media type, and assistive technologies.
- 17:43:26 [tl]
- +q
- 17:43:33 [Frankie]
- q+
- 17:43:42 [efelten]
- fielding: Prefer to use definition already in the TPE document, which has been through years of standards review
- 17:44:01 [aleecia]
- ack tl
- 17:44:06 [efelten]
- tl: agree with fielding
- 17:44:09 [aleecia]
- ack Frankie
- 17:44:22 [fielding]
- TPE says This specification uses the term user agent to refer to any of the various client programs capable of initiating HTTP requests, including browsers, spiders (web-based robots), command-line tools, native applications, and mobile apps [HTTP11].
- 17:44:36 [efelten]
- Frankie: Should list of examples include smartphone apps?
- 17:44:49 [efelten]
- aleecia: [reads defn from TPE document]
- 17:45:01 [bryan_]
- +1
- 17:45:12 [Frankie]
- right +1
- 17:45:16 [tl]
- +1
- 17:45:17 [WileyS]
- +1 for TPE definition
- 17:45:19 [tedleung]
- +1
- 17:45:20 [sidstamm]
- +1
- 17:45:23 [jmayer]
- looks good
- 17:45:41 [jmayer]
- int rollover
- 17:45:53 [efelten]
- ... Differences: TPE defn drops language about rendering, accessing; seems to be fine
- 17:46:17 [efelten]
- ... Consensus on the TPE definition?
- 17:46:26 [tl]
- yay consensus!
- 17:46:27 [WileyS]
- Yay
- 17:46:31 [Zakim]
- -sharvey
- 17:46:40 [efelten]
- ... Nobody objecting, we have consensus to use the definition in the TPE
- 17:46:58 [enewland]
- sue
- 17:47:00 [enewland]
- sure
- 17:47:00 [efelten]
- dsinger: Friendly amendment: change "including" to "including, but not limited to,"
- 17:47:10 [fielding]
- okay
- 17:47:16 [efelten]
- aleecia: Nobody has objected to amendment, so have consensus to adopt it
- 17:47:26 [efelten]
- ... Closing definition of "user agent"
- 17:47:29 [WileyS]
- No issues with User Agent - just User
- 17:47:50 [aleecia]
- agenda?
- 17:47:55 [efelten]
- aleecia: Move on to issues 19 and 91
- 17:48:30 [efelten]
- ... issue 19: data collection and data use from third party [reads suggested text]
- 17:48:40 [justin]
- If the operator of a third-party domain receives a communication to which a [DNT-ON] header is attached: that operator must not collect, retain, or use information related to that communication outside of the explicitly expressed exceptions as defined within this standard; that operator must not use information about previous communications in which the operator was a third party, outside of the explicitly expressed exceptions as defined within this stan
- 17:48:57 [fielding]
- http://www.w3.org/2011/tracking-protection/track/issues/19
- 17:49:14 [WileyS]
- +q
- 17:49:26 [efelten]
- ... Comments?
- 17:49:33 [jmayer]
- +1
- 17:49:38 [fielding]
- q-
- 17:49:39 [dwainberg]
- q+
- 17:49:39 [justin]
- [must not or should not] retain information about previous communications in which the operator was a third party, outside of the explicitly expressed exceptions as defined within this standard (second half)
- 17:49:42 [tl]
- +q
- 17:49:46 [aleecia]
- ack WileyS
- 17:50:08 [efelten]
- WileyS: In email, asked to remove "retain"
- 17:50:09 [jmayer]
- +q
- 17:50:22 [ksmith]
- +q
- 17:50:37 [efelten]
- ... want to separate handling of previously collected data from how to treat new data
- 17:50:45 [jmayer]
- this text is very clear in its treatment of historical data
- 17:50:53 [efelten]
- ... otherwise generally happy now that exceptions are mentioned explicitly in core definition
- 17:50:55 [aleecia]
- ack dwainberg
- 17:51:11 [WileyS]
- Agree David - will address in exceptions
- 17:51:15 [WileyS]
- Operational Purposes
- 17:51:16 [efelten]
- dwainberg: "use" is extremely broad, hope we will address this in exceptions
- 17:51:19 [bryan_]
- believe that "use" includes "retain"
- 17:51:46 [efelten]
- ... think that requirement to delete previously collected data would go too far
- 17:51:58 [justin]
- Is there an example outside of the exceptions that we're going to enumerate?
- 17:51:59 [WileyS]
- Agree with David
- 17:52:01 [efelten]
- ... can be legitimate to retain old data in some cases
- 17:52:04 [efelten]
- aleecia: use case?
- 17:52:07 [ninjamarnau]
- this will be addressed by issue 71, I guess
- 17:52:31 [WileyS]
- +q
- 17:52:32 [efelten]
- dwainberg: If user engages DNT for limited time, e.g. for one session, but then wants to switch back to DNT-off
- 17:52:44 [bryan_]
- DNT should work like privacy mode in browsers - turning it on does not clear all history
- 17:52:54 [efelten]
- ... user might want old data to be held and used after DNT is turned back off at the end
- 17:53:01 [bryan_]
- q+
- 17:53:07 [efelten]
- aleecia: Let's look at existing adopters of DNT.
- 17:53:34 [amyc]
- will have Issue 71 draft to Ninja tomorrow, which addresses issue
- 17:53:35 [WileyS]
- Holding out AP as a solo example isn't very helpful - too early and its directional of industry concerns
- 17:53:38 [efelten]
- ... Some worried that user might turn on DNT for five minutes, force provider to throw away five years of data
- 17:53:44 [efelten]
- ... (example is AP)
- 17:53:51 [dsinger]
- I think the definition is clear about data *connected with the communication on which DNT-ON is present*, only, isn't it?
- 17:54:01 [efelten]
- ... AP initially kept the old data
- 17:54:16 [amyc]
- agree with dsinger, DNT signal is granular
- 17:54:25 [efelten]
- ... Turned out to be a PR problem, because users were worried when they saw tracking cookies persisting even when DNT was on
- 17:54:31 [Zakim]
- -adrianba
- 17:54:32 [WileyS]
- Did they delete logs that were tied to financial activities?
- 17:54:39 [adrianba]
- adrianba has left #dnt
- 17:54:41 [WileyS]
- Should be a "May" - not should or must
- 17:54:46 [efelten]
- ... Could take this as SHOULD, MUST, best practice, or not mention at all
- 17:55:06 [aleecia]
- q?
- 17:55:13 [aleecia]
- ack tl
- 17:55:14 [hwest]
- +q
- 17:55:16 [efelten]
- ... Shane asks about data tied to financial activities, but don't think that's relevant for this
- 17:55:38 [dwainberg]
- adding to Shane's point -- auditable logs of served ad impressions may need to be retained
- 17:55:47 [efelten]
- tl: Have concern about "in which the operator was a third party" in second part. Why limit it to case where operator was third party?
- 17:56:06 [ninjamarnau]
- agree with tl
- 17:56:15 [efelten]
- aleecia: Let's defer that, take it up at end of discussion of this issue today
- 17:56:26 [aleecia]
- ack jmayer
- 17:56:43 [Zakim]
- - +44.789.449.aakk
- 17:56:45 [hwest]
- +1, I like jmayer's proposal - very similar to what I would suggest
- 17:56:56 [aleecia]
- q?
- 17:56:56 [efelten]
- jmayer: Want to suggest a middle ground: can keep old data, but only in a way that can't be associated with a specific user
- 17:57:01 [aleecia]
- ack ksmith
- 17:57:02 [justin]
- The Facebook example was the reason for the language, tl --- if you're customizing content based on first-party data, that's not really tracking as we've discussed.
- 17:57:06 [tl]
- +q
- 17:57:25 [aleecia]
- session based for DNT or not: that seems the crux of this
- 17:57:28 [jmayer]
- i agree with tl on 2
- 17:57:41 [jmayer]
- justin, if we decide to do that, it should be an explicit exception
- 17:57:44 [Zakim]
- + +44.789.449.aall
- 17:57:48 [dsinger]
- agree with the speaker; 'treat me as someone about whom you remember nothing and record nothing" -- that doesn't say you *delete* old data, you just ignore it for a while
- 17:57:50 [jmayer]
- don't pack it into the high-level definition
- 17:57:52 [efelten]
- ksmith: Have always thought of DNT as session-based, should mean "don't recognize this individual now", no implications for other sessions
- 17:58:10 [Zakim]
- -[Mozilla]
- 17:58:13 [vincent]
- jmayer, even if data can not be associated to a specific user it could still be associated wieth a specific user-agent (i.e. browser) and that would be ok
- 17:58:17 [efelten]
- ... PR issue in AP case shouldn't influence us, that's up to each company
- 17:58:21 [aleecia]
- ack WileyS
- 17:58:30 [jmayer]
- vincent, i would say both, good point
- 17:58:51 [efelten]
- WileyS: Want to manage retention/deletion issue outside of this definition
- 17:59:06 [justin]
- I don't feel terribly strong either way, but it seems like DNT is about collection and use of third-party data ---- I don't see why we would not try to encompass first-party data as well.
- 17:59:11 [efelten]
- ... Have operational need to prove that ad impressions actually happened
- 17:59:22 [efelten]
- ... Will need some other operational-driven exceptions
- 17:59:24 [jmayer]
- when facebook reads your facebook.com cookies as a third party
- 17:59:32 [jmayer]
- that falls into (1)
- 17:59:44 [efelten]
- ... Except for these cases, would agree with MAY or SHOULD not retain
- 17:59:56 [efelten]
- ... Don't want to go all the way to MUST
- 18:00:01 [dsinger]
- q+ to say that we need to be clear it's about *use* of historical data, not deletion
- 18:00:12 [jmayer]
- in fact, i could do without (2)
- 18:00:20 [Zakim]
- -SueG
- 18:00:24 [efelten]
- aleecia: There is discussion in Europe about consent applying only to new data collected
- 18:00:37 [efelten]
- ... requirements may differ between Europe and US
- 18:00:49 [bryan_]
- DNT should work like privacy mode in browsers - turning it on does not clear all history - this could cause real problems for users that lose all personalization mistakenly. if we really need a clear history action, it should be explicit, and operator compliance based upon best effort (some info is not technically feasible to forget).
- 18:00:50 [aleecia]
- ack bryan_
- 18:00:52 [efelten]
- ... setting aside "eraser" proposals
- 18:01:07 [justin]
- If someone turns on DNT, they're not going to want tailored ads based on historical x-site data. I'm ambivalent on actual deletion, but usage should be within scope.
- 18:01:18 [jmayer]
- to the extent a company can use old data in personalizing to a user, that has to be explicit in an exception anyways
- 18:01:28 [efelten]
- bryan: Should work like privacy mode in browsers. Active when it's turned on. More like privacy mode than like delete-all-history.
- 18:01:28 [jmayer]
- because we have to say the new data can be used to link up old data
- 18:01:56 [efelten]
- ... Deleting more would hurt user experience for users who want to toggle DNT on and off over time
- 18:02:10 [aleecia]
- ack hwest
- 18:02:10 [ksmith]
- q+
- 18:02:28 [tl]
- -q
- 18:02:32 [tl]
- +q
- 18:02:43 [ninjamarnau]
- q+
- 18:02:45 [rvaneijk]
- EU context: consent is for new data collection.
- 18:02:48 [efelten]
- hwest: Retrospective deletion would require extra tracking in order to comply
- 18:02:59 [jmayer]
- could add language here like "make reasonable efforts" to cover cases where deletion isn't possible
- 18:03:01 [efelten]
- ... agree with last several speakers
- 18:03:24 [efelten]
- ... should be okay to keep data if severed from that user's profile
- 18:03:47 [aleecia]
- q?
- 18:04:01 [fielding]
- +1 to what hwest said
- 18:04:01 [aleecia]
- ack dsinger
- 18:04:01 [Zakim]
- dsinger, you wanted to say that we need to be clear it's about *use* of historical data, not deletion
- 18:04:30 [efelten]
- dsinger: definition is fine, but would be clearer to say you shouldn't *use* historical data when DNT is on
- 18:04:34 [vincent]
- if a user has DNT + InPrivate mode then only his current session will not be tracked, if user has DNT only then it means that he asks to be forgotten, would that be ok?
- 18:04:40 [WileyS]
- Agree with David - use application (not a "retention" application)
- 18:04:40 [efelten]
- ... but shouldn't require retrospective deletion
- 18:04:44 [Zakim]
- - +44.789.449.aall
- 18:04:52 [aleecia]
- ack ksmith
- 18:05:14 [tl]
- -q
- 18:05:15 [tl]
- +q
- 18:05:20 [efelten]
- ksmith: Difficult in practice to purge old data based on DNT hit
- 18:05:39 [efelten]
- ... much more practical to avoid using old data while DNT is on
- 18:06:18 [efelten]
- ... also worry about race conditions if, e.g., see the same logged-in user on different browsers that send different DNT signals
- 18:06:25 [efelten]
- ... would cause bad user experience
- 18:06:32 [fielding]
- No server/collector that I know of would implement a "forget me purge" without a complete form-based specific request with anti-forgery protections.
- 18:07:07 [efelten]
- aleecia: Not clear on why this would be a problem
- 18:07:39 [Zakim]
- + +44.789.449.aamm
- 18:07:41 [efelten]
- ksmith: Could make it work, but would provide strange user experience
- 18:08:04 [aleecia]
- ack ninjamarnau
- 18:08:15 [efelten]
- ... consider same user at work and home, where work has DNT-on policy, but DNT-off at home
- 18:08:35 [WileyS]
- +q
- 18:08:44 [WileyS]
- Ninja + 1
- 18:08:56 [efelten]
- ninjamarnau: When user sees DNT on, operator should not combine new data with existing data about that user.
- 18:09:01 [efelten]
- ... Do we have agreement on this?
- 18:09:21 [Frankie]
- +1 Ninja
- 18:09:25 [efelten]
- s/user sees/user sends/
- 18:09:30 [bryan_]
- q+ to point out that DNT does not mean "do not personalize"
- 18:09:37 [WileyS]
- (+1 Ninja) Again, "use" application, not a "retention" application
- 18:09:40 [efelten]
- aleecia: Comments re Ninja's proposal?
- 18:09:42 [amyc]
- +1
- 18:09:46 [dwainberg]
- +1
- 18:09:52 [aleecia]
- ack bryan_
- 18:09:52 [Zakim]
- bryan_, you wanted to point out that DNT does not mean "do not personalize"
- 18:09:54 [tl]
- -q
- 18:09:54 [tl]
- +q
- 18:10:03 [efelten]
- bryan: Need to be careful not to rule out all personalization when DNT is on
- 18:11:10 [dwainberg]
- q+
- 18:11:18 [jmayer]
- +q on this
- 18:11:44 [efelten]
- ... suppose user has told site to provide high-contrast viewing
- 18:11:52 [ksmith]
- lets not claim to know exactly what the user expects
- 18:12:06 [efelten]
- ... I see tracking as "don't remember what I'm doing" but not "don't personalize"
- 18:12:33 [efelten]
- aleecia: Let's set this aside until Ninja suggests specific text
- 18:12:34 [bryan_]
- q=
- 18:12:38 [bryan_]
- q-
- 18:12:39 [jmayer]
- jmayer
- 18:13:43 [efelten]
- jmayer: Reasoning about this starts with the general definition which says don't use unless exception
- 18:13:51 [efelten]
- ... so question is whether there should be an exception for this
- 18:14:11 [aleecia]
- ack WileyS
- 18:14:13 [efelten]
- aleecia: Pop the stack, return to third point in proposed language
- 18:14:49 [ninjamarnau]
- I think if we say MUST not use, then associating with old data is also "use"
- 18:14:57 [efelten]
- WileyS: If drop concept of retention, just talk about "collect or use", would block use of old information too
- 18:15:17 [jmayer]
- agree with shane that, unless an exception explicitly allows it, the current text already prevents use of historical data
- 18:15:22 [jmayer]
- don't agree on retain
- 18:15:26 [efelten]
- ... dropping "retain" could get us to consensus, or close to it, can come back to retention questions later
- 18:15:39 [efelten]
- ... propose to drop retain and leave that as new open issue
- 18:16:02 [aleecia]
- ack tl
- 18:16:06 [jmayer]
- -q
- 18:16:43 [efelten]
- tl: Setting aside whether "retain" requires deletion of old data, current definition says server shouldn't remember current access, nor use old info about same user
- 18:16:56 [bryan_]
- Talk about "breaking the web"!
- 18:16:57 [efelten]
- ... principle is you should act like you don't recognize the user
- 18:17:24 [dwainberg]
- q-
- 18:17:27 [bryan_]
- we need a much narrower definition of DNT intent
- 18:17:27 [efelten]
- aleecia: Have some good standards language here, but not much about the intent of the language
- 18:17:41 [dsinger]
- I assume if the user chooses to also send a cookie that expresses a preference, the service is welcome to act on it *in that transaction*, but (as usual) not remember anything
- 18:17:43 [efelten]
- ... Tom, can you suggest specific language about the intent?
- 18:17:57 [bryan_]
- q+ to point out that "we need a much narrower definition of DNT intent"
- 18:18:08 [aleecia]
- q?
- 18:18:14 [aleecia]
- ack bryan_
- 18:18:14 [Zakim]
- bryan_, you wanted to point out that "we need a much narrower definition of DNT intent"
- 18:18:16 [justin]
- Exceptions for volume controls and comparable settings can be carved out as an exception, but I'm not entirely sure of how many people set these settings on a third-party basis!
- 18:18:22 [dsinger]
- q+
- 18:18:45 [efelten]
- bryan: Need a much narrower definition of the intent. If turn off recognition of the user, would break the web
- 18:18:49 [WileyS]
- Capture these in exceptions
- 18:18:57 [jmayer]
- completely agree, shane
- 18:19:01 [efelten]
- ... Should allow personalization
- 18:19:05 [tl]
- when a user turns on DNT, they expect that the service will treat them like someone about whom they know nothing, and not remember anything about the current interaction going forward
- 18:19:25 [efelten]
- aleecia: Think we can all agree that DNT means user is expressing a preference for privacy
- 18:19:37 [efelten]
- ... Want to hear more about how to reconcile that with personalization
- 18:19:52 [efelten]
- ... in a third-party setting
- 18:20:08 [efelten]
- bryan: Am talking about personalization primarily by first parties
- 18:20:30 [fielding]
- I think most of the comments so far have confused parties
- 18:20:33 [dwainberg]
- q+
- 18:20:33 [tl]
- [in the third party context, of course]
- 18:20:49 [efelten]
- aleecia: Expectation is that first parties will have relatively few obligations under DNT
- 18:20:53 [bryan_]
- q-
- 18:21:17 [jmayer]
- +q
- 18:21:19 [aleecia]
- ack dsinger
- 18:21:32 [efelten]
- dsinger: DNT is a wall between the current transaction and the server's database
- 18:21:51 [efelten]
- ... logically orthogonal to any other cookies that might be present
- 18:22:11 [tl]
- +q
- 18:22:19 [efelten]
- ... if user has cookie requiring, e.g., captioning in ads, that can be sent and server can caption ads accordingly, when DNT is on
- 18:22:31 [efelten]
- ... Does that make sense?
- 18:22:51 [efelten]
- aleecia: Not sure I followed it entirely
- 18:23:11 [justin]
- Do people agree with jmayer that we should kill (2) because it's already subsumed by (1)? Or is there sufficient ambiguity about the use of old data that (2) is still useful (with or without the revision that tl has suggested)
- 18:23:20 [efelten]
- dsinger: Data that user chooses to put into transaction is actionable within that transaction
- 18:23:42 [efelten]
- ... but server shouldn't remember the transaction, shouldn't use past transaction data
- 18:23:55 [jmayer]
- justin, i think there should be an explicit line about whether historical data may be retained
- 18:24:03 [jmayer]
- since i think the first line says nothing about it
- 18:24:06 [bryan_]
- The concern I was expressing still stands depending upon what the intent of the 3rd party site access is. If the site provides data presented in the 1st party site through a mashup, it is acting for the same purpose as a 1st party site.
- 18:24:19 [jmayer]
- i hope that solves shane's concern
- 18:24:32 [bryan_]
- However if the site is purely about advertising, the intent of the access is different.
- 18:24:40 [fielding]
- IOW, cookies can store user preferences on the browser that are actionable by the server even if DNT is turned on (I assume dsinger is excluding cookies that are just user IDs)
- 18:24:51 [aleecia]
- ack dwainberg
- 18:24:56 [WileyS]
- It solves my concern if you drop "retain" from the proposed definition. :-)
- 18:25:12 [efelten]
- dwainberg: Confused by introduction of "personalization" which isn't the same as tracking
- 18:25:37 [jmayer]
- shane, even if the next sentence explicitly says whether you can or can't retain historical data?
- 18:25:42 [efelten]
- ... "information" and "use", especially together, are very broad, so will need strong enough exceptions
- 18:25:44 [justin]
- jmayer, but if we end up not requiring deletion, I think people could read (1) to allow for old use. Retention doesn't matter for immediate personalization based on old data.
- 18:25:51 [efelten]
- ... need to think through implications for personalization
- 18:25:58 [efelten]
- aleecia: agree that should be addressed
- 18:26:02 [jmayer]
- justin, how do you read (1) that way?
- 18:26:14 [jmayer]
- to use old data, you need new data
- 18:26:22 [efelten]
- ... suggest that we remove "retain" and treat retention as an open issue
- 18:26:32 [enewland]
- sure
- 18:26:42 [efelten]
- ... that gets us fairly close to consensus on what remains
- 18:26:50 [jmayer]
- -q
- 18:27:01 [efelten]
- ... return to issue 2, as promised earlier; Tom?
- 18:27:14 [Zakim]
- -Joanne
- 18:27:34 [efelten]
- tl: Not comfortable "in which operator was a third party". Should also limit operator when operator is third party now.
- 18:27:38 [jmayer]
- (2) is both ambiguous and undermines the meaning of (1)
- 18:27:42 [jmayer]
- recommend striking it
- 18:27:44 [efelten]
- aleecia: proposal to strike "in which the operator was a third party"
- 18:27:45 [justin]
- +q
- 18:27:46 [WileyS]
- +q
- 18:27:49 [efelten]
- ... any objections?
- 18:27:51 [aleecia]
- ack tl
- 18:28:17 [jmayer]
- if we want to allow linking a first-party database in a third-party context, that's an exception
- 18:28:20 [efelten]
- justin: Don't feel strongly, but not sure this would be tracking.
- 18:28:29 [bryan_]
- no, data provided to the 1st party should still be usable when acting as a 3rd party
- 18:28:31 [bryan_]
- q+
- 18:28:48 [jmayer]
- justin, then let's talk about making an exception for that
- 18:28:56 [efelten]
- ... want to allow more use of data provided voluntarily by user
- 18:29:31 [efelten]
- WileyS: Definition applies to entity acting as third party. Don't want to allow loophole. Seems like a drafting issue.
- 18:29:33 [tl]
- +q
- 18:29:43 [justin]
- q-
- 18:29:54 [Zakim]
- -dwainberg
- 18:30:09 [Zakim]
- -WileyS
- 18:30:09 [efelten]
- bryan: Need to think more about implications of how we treat data provided in first-party setting, when same entity is a third party later
- 18:30:21 [aleecia]
- rrsagent, make logs public
- 18:30:30 [tl]
- i propose the following alternative language:
- 18:30:44 [efelten]
- ... users will often want that data used for personalization, even if server cannot log that interaction
- 18:30:56 [efelten]
- aleecia: Time's up. Next week, same time.
- 18:30:58 [tl]
- If ta third-party domain receives a communication to which a [DNT-ON] header is attached:
- 18:30:58 [tl]
- that operator must not collect, retain, or use information related to that communication outside of the explicitly expressed exceptions as defined within this standard;
- 18:30:58 [tl]
- that operator must not use information about previous communications ioutside of the explicitly expressed exceptions as defined within this standard;
- 18:31:07 [Zakim]
- - +1.650.924.aajj
- 18:31:09 [efelten]
- efelten: Scribing is easy--be sure to volunteer next week!
- 18:31:17 [aleecia]
- RRSAgent, set logs world-visible
- 18:31:19 [Zakim]
- - +385221aaii
- 18:31:20 [Zakim]
- -jsimpson
- 18:31:21 [Zakim]
- -fielding
- 18:31:21 [Zakim]
- -jmayer
- 18:31:22 [Zakim]
- -rvaneijk
- 18:31:22 [Zakim]
- - +44.789.449.aamm
- 18:31:22 [Zakim]
- -[Apple]
- 18:31:24 [Zakim]
- -bryan
- 18:31:26 [Zakim]
- -aleecia
- 18:31:28 [Zakim]
- - +1.347.689.aagg
- 18:31:30 [Zakim]
- -AlexDeliyannis
- 18:31:32 [Zakim]
- -dsriedel
- 18:31:33 [aleecia]
- RRSAgent, make minutes
- 18:31:33 [RRSAgent]
- I have made the request to generate http://www.w3.org/2011/12/14-dnt-minutes.html aleecia
- 18:31:34 [Zakim]
- -NinjaMarnau
- 18:31:36 [Zakim]
- -tl
- 18:31:38 [Zakim]
- -tedleung
- 18:31:39 [Zakim]
- -vincent
- 18:31:42 [Zakim]
- -Justin
- 18:31:44 [Zakim]
- - +1.646.654.aaff
- 18:31:46 [Zakim]
- -frankie
- 18:31:47 [Zakim]
- -efelten
- 18:32:16 [ksmith]
- ksmith has left #DNT
- 18:34:25 [punderwood]
- punderwood has joined #dnt
- 18:36:38 [Zakim]
- disconnecting the lone participant, hwest, in T&S_Track(dnt)12:00PM
- 18:36:40 [Zakim]
- T&S_Track(dnt)12:00PM has ended
- 18:36:44 [Zakim]
- Attendees were aleecia, tl, jmayer, tedleung, +91.37.4.aaaa, efelten, NinjaMarnau, SueG, Joanne, rvaneijk, sidstamm, dsriedel, fielding, hwest, +1.425.214.aacc, +1.347.689.aadd,
- 18:36:49 [Zakim]
- ... +1.310.292.aaee, WileyS, frankie, +1.646.654.aaff, enewland, dsinger, AlexDeliyannis, jsimpson, vincent, dwainberg, +1.347.689.aagg, adrianba, sharvey, +44.789.449.aahh,
- 18:36:50 [tedleung]
- tedleung has left #Dnt
- 18:36:52 [Zakim]
- ... +385221aaii, +1.650.924.aajj, +44.789.449.aakk, +44.789.449.aall, +44.789.449.aamm
- 18:41:14 [enewland]
- enewland has joined #dnt
- 19:19:05 [tl]
- tl has joined #dnt
- 21:12:02 [aleecia]
- aleecia has joined #dnt
- 21:43:54 [karl]
- karl has joined #dnt
- 21:56:24 [mischat]
- mischat has joined #dnt
- 21:56:58 [schunter]
- schunter has joined #dnt
- 22:00:21 [schunter]
- schunter has joined #dnt
- 22:20:12 [tl]
- tl has joined #dnt
- 22:25:55 [schunter]
- schunter has joined #dnt
- 22:39:33 [schunter]
- schunter has joined #dnt
- 22:47:35 [schunter]
- schunter has joined #dnt
- 22:56:32 [trackbot]
- trackbot has joined #dnt
- 23:01:33 [trackbot]
- trackbot has joined #dnt