Agenda: Tracking Protection WG Meeting 11-13 Februrary, 2013
Cambridge MA, Stata Center, Building 32, on the MIT campus
We are meeting in the Star Conference Room, 32-D463 (room map).
The Kendall/MIT Station of the T's Red Line is a short walk away. MIT provides directions for travel.
Regarding snow, MIT maintains an emergency status information page.
Self-hosted dinner on Tuesday is optional; details to follow.
Participant Preparations
Please read the following prior to attending:
Slides
Monday, Feb 11
NOTE: All times are Eastern Daylight Time
- 9:00
- Room at Stata Center is open, with WiFi.
- 11:30
- Lunch.
- 12:15
- Opening Session: Includes logistics discussion for online calls. After general introduction, Swire will provide work plan for each of the approximately four or five groups. Focus on uses, including possible mechanisms for limiting length of time URIs are retained (and for what purposes).
- 1:30 - 3:15
- Group calls, with a moderator, scribe, and chat room planned for each one. If you will not be attending in person, but expect to participate in the group calls, please email Yianni Lagos.
- 3:15 - 3:45
- Break
- 3:45 - 5:15
- Read-out from the group calls, with lessons learned and discussion of permitted uses, retention of URIs, and related topics. Depending on time, we may have fairly short prepared presentations (15 minutes) on German tele-media law (use of pseudonyms there) and market research. (Actual finish time may vary between 5:00 and 5:30.)
- 5:15
- Adjourn to reception, in same building, with warming drinks and light food.
Tuesday, Feb 12
- 8:30 - 9:00
- Registration and Coffee
- 9:00 - 10:30
- Welcome Back (Chairs)
- Review agenda
- Assign scribes
- Review of W3C process (Deliverables, drafts, getting to closed, consensus decision process, formal objections, status ofremaining issues)
De-identification materials presented by Ed Felten. Swire will provide work plan for each of the approximately four or five groups. Focus on de-identification, including the language in current text based on FTC test for de-identification, and cases that should be (or not be) considered sufficiently de-identified to meet the standard. Also, discuss terminology of "de-identification" vs. "unlinkable" or alternatives.
- 10:30 - 11:00
- Coffee Break
- 11:00 - 12:30
- Group calls, with a moderator, scribe, and chat room planned for each one. If you will not be attending in person, but expect to participate in the group calls, please email Yianni Lagos.
- 12:30 - 14:00
- Lunch
- 14:00 - 15:30
- Read-out from the group calls about de-identification.
Begin discussion of other issues in compliance spec. These discussions are intended in part to educate the chair and other new participants about the lay of the land on these issues. Where possible, we will also assign action items to move toward closure on these issues.
Current candidate lists of issues to discuss:
- Service provider
- Definitions of first and third parties, including intentionality
- Geolocation
- Definition of "tracking"
- Others?
- 15:30 - 16:00
- Coffee Break
- 16:00 - 17:00
- Compliance -- Deidentification IV
- 17:00 - 17:30
- Wrap-up of Day 2
Wednesday, Feb 13
- 08:30 - 9:00
- Registration and Coffee
- 9:00 - 09:15
- Welcome Back (Chairs)
- Review agenda
- Assign scribes
- 09:15 - 09:30
- Presentations: Working Drafts and open issues, presented by editors.
Tracking Preference Expression
Goals:
- Review where the document currently stands and what has been changed since our last F2F.
- Explain the new approach to exception and in particular the ability (MAY) of user agents to notify users, modify exceptions, and revoke exceptions in collaboration with their users.
- 09:30 - 10:30
- TPE Discussion of Open Issues:
- ISSUE-151 User Agent Requirement: Be able to handle an exception request (To what extent are user agents required (SHOULD) to implement the exception API.)
- ISSUE-137 Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)
- Collect remaining concerns and potential shortcomings of the "new" approach towards exceptions (input to ISSUE-187 and ISSUE-144) and discuss potential mitigations.
- ISSUE-152 User Agent Compliance: feedback (e.g.,notification) if a party claims out-of-band consent
-
- 10:30 - 11:00
- Coffee Break
- 11:00 - 12:00
- Further Discussions:
- Detecting and handling content intended for 1st party use that is used within a 3rd party context: ISSUE-164
- ISSUE-161: Do we need a tracking status value for partial compliance or rejecting DNT?
- 12:00 - 12:45
- Proposed resolution on the following issues where we believe consensus is likely:
- ISSUE-112 How are sub-domains handled for site-specific exceptions? (Proposed solution: cookie-like rules)
- ISSUE-167 Multiple site exceptions (Proposed solution: iFrames)
- ISSUE-111 Signaling state/existence of site-specific exceptions (Proposed solution: DNT;0e signals an exception while DNT;0 signals general preference).
- 12:45 - 13:00
- Wrap-up of Day 3
- 13:00 - 14:00
- Lunch