IRC log of dnt on 2012-03-21

Timestamps are in UTC.

15:48:38 [RRSAgent]
RRSAgent has joined #dnt
15:48:38 [RRSAgent]
logging to http://www.w3.org/2012/03/21-dnt-irc
15:48:40 [aleecia]
Zakim, clear agenda
15:48:40 [Zakim]
agenda cleared
15:48:49 [aleecia]
Agenda?
15:49:02 [aleecia]
Thank you
15:49:22 [aleecia]
Coming in via iPad, not so great
15:49:28 [aleecia]
Agenda+ scribe
15:49:57 [aleecia]
Agenda+ (no comments on minutes)
15:50:22 [aleecia]
Agenda+ overdue action item review
15:51:17 [aleecia]
Agenda+ action-56 housekeeping
15:51:44 [tl]
tl has joined #dnt
15:51:44 [aleecia]
Agenda+ issue-28
15:51:57 [fielding]
fielding has joined #dnt
15:52:27 [aleecia]
Agenda+ Issue-14
15:52:33 [aleecia]
Agenda+ 32
15:52:55 [aleecia]
Agenda+ issue-69
15:53:12 [aleecia]
Agenda+ issue-54
15:53:27 [aleecia]
Agenda+ issue-65
15:53:38 [aleecia]
Agenda+ big issues
15:53:58 [aleecia]
Agenda+ announce next meeting & adjourn
15:54:22 [rigo]
rigo has joined #dnt
15:54:38 [efelten]
efelten has joined #dnt
15:55:00 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:55:07 [Zakim]
+efelten
15:55:18 [Zakim]
+tl
15:55:59 [aleecia]
efelten has aleecia
15:56:06 [tlr]
zakim, efelten has aleecia
15:56:06 [Zakim]
+aleecia; got it
15:56:16 [tl]
Well, that's exciting.
15:56:32 [aleecia]
Thanks! Typing is not going well on this
15:56:33 [npdoty]
npdoty has joined #dnt
15:56:47 [tl]
Are we on hold now?
15:56:48 [rigo]
zakim, code?
15:56:48 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), rigo
15:57:26 [Zakim]
+Rigo
15:57:37 [Zakim]
+npdoty
15:57:43 [johnsimpson]
johnsimpson has joined #dnt
15:57:50 [aleecia]
Nick, could you make sure to grab the urls from the agenda as we hit them?
15:58:06 [npdoty]
Zakim, agenda?
15:58:06 [Zakim]
I see 12 items remaining on the agenda:
15:58:08 [Zakim]
1. scribe [from aleecia]
15:58:11 [Zakim]
2. (no comments on minutes) [from aleecia]
15:58:12 [Zakim]
3. overdue action item review [from aleecia]
15:58:15 [Zakim]
4. action-56 housekeeping [from aleecia]
15:58:16 [Zakim]
5. issue-28 [from aleecia]
15:58:18 [Zakim]
6. Issue-14 [from aleecia]
15:58:20 [Zakim]
7. 32 [from aleecia]
15:58:22 [Zakim]
8. issue-69 [from aleecia]
15:58:24 [Zakim]
9. issue-54 [from aleecia]
15:58:26 [Zakim]
10. issue-65 [from aleecia]
15:58:28 [Zakim]
11. big issues [from aleecia]
15:58:30 [Zakim]
12. announce next meeting & adjourn [from aleecia]
15:58:34 [vincent_]
vincent_ has joined #dnt
15:59:06 [Zakim]
+ +1.202.629.aaaa
15:59:22 [Zakim]
+??P19
15:59:27 [rigo]
zakim, aaaa is John_Simpson
15:59:27 [Zakim]
+John_Simpson; got it
15:59:40 [rigo]
zakim, ??P19 is Vincent
15:59:40 [Zakim]
+Vincent; got it
15:59:47 [aleecia]
Thanks, Rigo
15:59:50 [johnsimpson]
zakim,202.629.aaaa is johnsimpson
15:59:50 [Zakim]
sorry, johnsimpson, I do not recognize a party named '202.629.aaaa'
16:00:06 [vincent_]
yes, Thanks Rigo
16:00:06 [rigo]
john, I already did that
16:00:17 [johnsimpson]
thanks
16:00:20 [Zakim]
+ +1.919.388.aabb
16:00:27 [tl]
An iPad, really?
16:00:35 [tl]
Not an android tablet?
16:00:42 [rigo]
zakim, aabb is anna_long
16:00:42 [Zakim]
+anna_long; got it
16:00:50 [Anna]
Anna has joined #dnt
16:00:59 [Zakim]
+ +1.646.654.aacc
16:01:10 [tl]
Or something running B2G =p
16:01:14 [eberkower]
eberkower has joined #dnt
16:01:21 [johnsimpson]
zakim, who is on call?
16:01:21 [Zakim]
I don't understand your question, johnsimpson.
16:01:22 [Zakim]
+WileyS
16:01:27 [Zakim]
+ +1.516.695.aadd
16:01:29 [vincent_]
tl, B2G ?
16:01:29 [eberkower]
elise berkower has called in from 646
16:01:35 [rigo]
zakim, drop aacc
16:01:35 [Zakim]
+1.646.654.aacc is being disconnected
16:01:36 [Zakim]
- +1.646.654.aacc
16:01:37 [vincent_]
i can scribe
16:01:41 [WileyS]
WileyS has joined #DNT
16:01:48 [Lia]
Lia has joined #dnt
16:01:53 [rigo]
scribenick: vincent
16:02:01 [rigo]
scribenick: vincent_
16:02:01 [aleecia]
Agenda?
16:02:04 [eberkower]
eberkower will be re-dialing in from 646-654
16:02:13 [tl]
vincent_, Boot to Gecko, Mozilla's new mobile operating system built entirely using the web! </advertisement>
16:02:29 [npdoty]
Zakim, take up agendum 3
16:02:32 [efelten]
Zakim, aacc is eberkower
16:02:36 [rigo]
eberkower: we asked 3 times who joined and got no response
16:02:36 [ac]
ac has joined #dnt
16:02:38 [Zakim]
+fielding
16:02:41 [Zakim]
+ +1.617.733.aaee
16:02:54 [johnsimpson]
zakim, on call?
16:02:56 [eberkower]
i typed it
16:02:59 [Zakim]
agendum 3. "overdue action item review" taken up [from aleecia]
16:03:03 [Zakim]
sorry, efelten, I do not recognize a party named 'aacc'
16:03:05 [npdoty]
http://www.w3.org/2011/tracking-protection/track/actions/overdue
16:03:08 [dsinger]
dsinger has joined #dnt
16:03:09 [KevinT]
KevinT has joined #dnt
16:03:09 [alex_]
alex_ has joined #dnt
16:03:15 [vincent_]
aleecia: action 56 is about reviewing current
16:03:24 [vincent_]
...: draft
16:03:38 [npdoty]
Zakim, take up agendum 4
16:03:38 [Zakim]
I don't understand your question, johnsimpson.
16:03:40 [adrianba]
adrianba has joined #dnt
16:03:40 [dsinger]
zakim, [apple] has dsinger
16:03:42 [Zakim]
+ +1.415.520.aaff
16:03:44 [Zakim]
+[Microsoft]
16:03:56 [Zakim]
+??P51
16:04:08 [dsinger]
action-56?
16:04:09 [trackbot]
ACTION-56 -- Kevin Trilli to propose text on enabling auditing compliance -- due 2012-02-01 -- PENDINGREVIEW
16:04:09 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/56
16:04:22 [Zakim]
+[Apple]
16:04:22 [vincent_]
aleecia: changing the due date for action 56 for two weeks from now
16:04:26 [JC]
JC has joined #DNT
16:04:26 [Zakim]
agendum 4. "action-56 housekeeping" taken up [from aleecia]
16:04:30 [Zakim]
+dsinger; got it
16:04:34 [Joanne]
Joanne has joined #DNT
16:04:37 [enewland]
enewland has joined #dnt
16:04:40 [Zakim]
+ +1.646.654.aagg
16:04:42 [Zakim]
+justin_
16:04:43 [npdoty]
take up agendum 5
16:04:49 [johnsimpson]
zakim, mute me
16:04:50 [npdoty]
issue-28?
16:04:50 [trackbot]
ISSUE-28 -- Exception for mandatory legal process -- pending review
16:04:50 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/28
16:04:52 [Zakim]
+alex
16:04:59 [Zakim]
John_Simpson should now be muted
16:05:16 [vincent_]
aleecia: issue 28 associated to action 28, DNT means follow local laws
16:05:21 [justin]
justin has joined #dnt
16:05:32 [Zakim]
+ +1.813.366.aahh
16:05:34 [npdoty]
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#ExemptionIssues
16:05:38 [vincent_]
... : section 4.5.4 in the latest draft
16:05:42 [Zakim]
+ +1.415.520.aaii
16:05:47 [Zakim]
+justin_.a
16:05:55 [hefferjr]
hefferjr has joined #dnt
16:05:59 [Zakim]
-??P51
16:06:16 [tl]
+q
16:06:25 [npdoty]
ack tl
16:06:28 [aleecia]
Ack tl
16:06:31 [ifette]
ifette has joined #dnt
16:06:38 [Joanne]
+1.415.520. is Joanne
16:06:40 [vincent_]
tl: unhappy with the descriptions
16:06:42 [Zakim]
+ +1.206.369.aajj
16:06:43 [BrianTs]
BrianTs has joined #DNT
16:06:47 [npdoty]
Zakim, aaii is Joanne
16:06:47 [Zakim]
+Joanne; got it
16:07:06 [rigo]
q+
16:07:08 [WileyS]
What? Make a decision to not follow the law? Disagree strongly.
16:07:12 [tedleung]
tedleung has joined #dnt
16:07:18 [Zakim]
+ +2930aakk
16:07:26 [ifette]
Zakim, aakk is ifette
16:07:26 [Zakim]
+ifette; got it
16:07:26 [npdoty]
WileyS, I think that was the opposite of t
16:07:29 [aleecia]
Ack Rigo
16:07:37 [Zakim]
+[Microsoft.a]
16:07:39 [vincent_]
...: if you violate DNT you should notify the affected user
16:07:48 [ifette]
rrsagent, link?
16:07:48 [RRSAgent]
I'm logging. Sorry, nothing found for 'link'
16:07:52 [ifette]
rrsagent, minutes?
16:07:52 [RRSAgent]
I'm logging. Sorry, nothing found for 'minutes'
16:07:54 [npdoty]
... opposite of Tom's point, that people would make a decision to follow the law and not follow DNT and that's fine
16:07:58 [npdoty]
rrsagent, pointer?
16:07:58 [RRSAgent]
See http://www.w3.org/2012/03/21-dnt-irc#T16-07-58
16:08:01 [ac]
ac has joined #dnt
16:08:06 [Zakim]
+[Microsoft.aa]
16:08:12 [johnsimpson]
+q
16:08:22 [WileyS]
Nick, Tom said you "make a decision to either follow the law or follow the standard". I disagree and believe you MUST make a decision to follow both.
16:08:25 [vincent_]
rigo: you are operating in a certain legal frameword (e.e europe data retentention) and there is nothing you can do about it
16:08:34 [WileyS]
If you want to state you are DNT compliant
16:08:47 [ifette]
rrsagent, make logs member
16:08:48 [vincent_]
...: saying something create more confusion
16:08:51 [aleecia]
Ack johnsimpson
16:08:53 [Zakim]
+??P78
16:09:10 [WileyS]
+q
16:09:23 [vincent_]
johnsimpson: evident that the law overright DNT you should follow the law
16:09:48 [vincent_]
... : if you are required to turnover data because of the law you should notify the user
16:09:52 [aleecia]
Ack WileyS
16:09:54 [tl]
I said: If the law required to do something contrary to DNT, you need to choose which is more important to you. When you inevitably decide that you'll follow the law of the land instead of a technical standard, you are in violation of the technical standard. That's okay.
16:10:29 [rigo]
should notify is " data breach notification" which is a mess anyway
16:10:35 [vincent_]
WileyS: more important now after tl point
16:10:50 [dsinger]
q+
16:11:05 [Zakim]
+ +1.202.326.aall
16:11:06 [aleecia]
Ack dsinger
16:11:19 [tl]
But I completely agree that whenever you share data in violation of DNT, whether through breach or legal compulsion, you SHOULD notify users.
16:11:34 [tl]
[But law may prohibit you from doing do.]
16:11:46 [vincent_]
dsinger: imagine the service operating in a repressive regim, if you have to obey by law you have to bey by law there is nothing you can do about it
16:11:51 [ifette]
q+
16:12:00 [vincent_]
aleecia: what about if the law ask you to do more than DNT?
16:12:07 [aleecia]
Ack ifette
16:12:11 [johnsimpson]
seems to me clear you need to follow the law...
16:12:20 [vincent_]
ifette: no need for a statement "you should follow the law"
16:12:35 [tl]
+1
16:12:39 [tl]
[obviously]
16:13:04 [WileyS]
+1 for keeping the language as is
16:13:12 [tl]
+q
16:13:20 [fielding]
ditto dsinger
16:13:24 [aleecia]
Ack tl
16:13:35 [rigo]
ditto dsinger
16:13:52 [vincent_]
tl: the standard should not specify anything about local law and should not speak about the law topic at all
16:13:55 [ifette]
q+ to say companies may operate in multiple jurisdictions
16:13:59 [johnsimpson]
the law is the law
16:14:01 [fielding]
q+
16:14:07 [npdoty]
ack ifette
16:14:07 [Zakim]
ifette, you wanted to say companies may operate in multiple jurisdictions
16:14:16 [WileyS]
Disagree with that perspective - it's not a "get out of jail free" - rather you can support the standard AND follow the law.
16:14:34 [WileyS]
Law trumps standard - but that doesn't mean you're not compliant with the standard
16:14:37 [tl]
"reasonable"
16:14:38 [vincent_]
ifette: if you're in multiple country, one country expect to violate DNT and one expect you to complie, it might be nice to have something for that situation
16:14:51 [npdoty]
Zakim, who's making noise?
16:15:02 [Zakim]
npdoty, listening for 10 seconds I could not identify any sounds
16:15:13 [johnsimpson]
the only thing that is necessary to say is that if the law requires you to violate the standard, you *should* notify the user if possible...
16:15:34 [vincent_]
aleecia: it gets more complicated, in some cases the law applying is the one applying where the server is in some case it's where the user is
16:15:43 [WileyS]
I disagree with any statement that says "following law = violation of standard"
16:15:44 [aleecia]
Q.
16:15:47 [vincent_]
... : could we writ esomething that will cover this case
16:15:48 [aleecia]
Q?
16:15:51 [justin]
We're not solving international jurisdictional disputes in this document . . .
16:15:53 [WileyS]
That's why this language is so important
16:15:55 [tl]
q?
16:15:58 [aleecia]
Ack fielding
16:15:58 [npdoty]
ack fielding
16:16:08 [tl]
+q
16:16:23 [vincent_]
I did not get that
16:16:28 [ifette]
"Any laws from any jurisdiction that may apply to the request or transaction taking place are assumed to take precedence over requirements of this specification"
16:16:33 [johnsimpson]
don't mean "violate" standard. should mean compel you not to follow it?
16:16:33 [npdoty]
fielding: I prefer David's shorter version
16:16:47 [vincent_]
thanks npdoty
16:16:52 [npdoty]
fielding: I think the final sentence on contract fulfillment is unnecessary
16:17:26 [npdoty]
dsinger: just wanted to clarify, in case someone said that they had a legal obligation in that they had a contract with another company
16:17:49 [vincent_]
dsinger: avoid the case where two company create a contract that would allow to avoid DNT (using the contract as a justification)
16:18:07 [rigo]
the more we say, the more we create a mess IMHO
16:18:21 [justin]
"Breaching a contract" isn't really a violation of law.
16:18:26 [vincent_]
tl: it is local law because the contract may be subject to a local law
16:18:46 [vincent_]
fielding: you would not be violating the law by breaking a contract
16:19:10 [kj]
kj has joined #dnt
16:19:26 [npdoty]
+1 for a Note
16:19:27 [justin]
+1 but don't feel strongly
16:19:27 [tl]
+ somewhat
16:19:28 [rigo]
can live with
16:19:30 [enewland]
+1
16:19:33 [ifette]
is that implying that there is still some text around law?
16:19:35 [dsinger]
+1 but don't feel that strongly
16:19:40 [johnsimpson]
+1 moderately
16:19:48 [vincent_]
strawpoll on wether we should mention contract ( the final sentence)
16:19:48 [justin]
Lot of +.5s
16:19:49 [ifette]
+1 there should be some text, dont care about sentences about contracts
16:19:53 [WileyS]
Rigo - without saying this, you could trap implementers that attempt to follow the standard (and state so in their privacy policy) AND follow the law. Without this language, following the law could be considered a "violation" of your privacy policy committment. Would make DNT a legally toxic concept to support as "violation" is almost assured.
16:19:54 [tl]
If we have text around law, then it must disclaim contracts, but there should not be any language about law.
16:20:10 [fielding]
contracts cannot override laws or regulations or judicial process.
16:20:19 [eberkower]
-1
16:20:21 [fielding]
-1
16:20:26 [alex_]
-1
16:20:34 [tl]
fielding: No, but they can prohibit you from complying with DNT.
16:20:37 [Lia]
-1
16:20:58 [fielding]
tl, that would be a different issue
16:20:58 [Zakim]
+ +1.202.496.aamm
16:21:00 [npdoty]
"overall we're getting a lot of meh"
16:21:00 [vincent_]
aleecia: no strong sense of support for this, more people supporting than against
16:21:11 [tl]
fielding: That is the issue at hand.
16:21:16 [KevinT1]
KevinT1 has joined #dnt
16:21:17 [vincent_]
...: anyone with a strong objection or can we live with it
16:21:30 [npdoty]
Zakim, who is making noise?
16:21:41 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: +1.202.496.aamm (23%), efelten (76%)
16:21:49 [tl]
+1
16:21:55 [npdoty]
Zakim, mute efelten
16:21:55 [Zakim]
efelten should now be muted
16:21:58 [johnsimpson]
sorry which issue
16:22:01 [npdoty]
Zakim, mute aamm
16:22:01 [Zakim]
+1.202.496.aamm should now be muted
16:22:02 [tl]
But add separate breach notification.
16:22:13 [rigo]
q+
16:22:16 [npdoty]
Zakim, unmute aamm
16:22:16 [Zakim]
+1.202.496.aamm should no longer be muted
16:22:17 [aleecia]
Zakim, unmute efelten
16:22:18 [Zakim]
efelten should no longer be muted
16:22:18 [tl]
ack tl
16:22:19 [vincent_]
aleecia: should we mention local law at all? (stawpoll)
16:22:21 [WileyS]
John, the "follow the law" statement draft
16:22:51 [vincent_]
aleecia: we should look at what should the text be
16:23:00 [rigo]
Indeed, a party may take action contrary to the requirements of this standard if compelled by applicable law. If compelled by applicable law to collect, retain, or transmit data despite receiving a DNT:1 signal for which there is no exemption, the party should notify affected users to the extent practical and allowed by law.
16:23:01 [ifette]
This specification is not intended to override applicable laws and regulations.
16:23:02 [ifette]
Indeed, a party may take action contrary to the requirements of this standard if compelled by applicable law. If compelled by applicable law to collect, retain, or transmit data despite receiving a DNT:1 signal for which there is no exemption, the party should notify affected users to the extent practical and allowed by law.
16:23:02 [ifette]
It should be noted that this allowance does not extend to the fulfillment of a contractual obligation.
16:23:10 [tl]
This language is a deal-breaker, especially if it allows contracts to override DNT.
16:23:26 [npdoty]
from http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#ExemptionIssues
16:23:39 [ifette]
I don't see how this can be construed to imply contracts
16:23:44 [rigo]
ack ri
16:23:47 [tl]
+q
16:23:50 [vincent_]
...: of the two sentences anything in particualr somebody wants to cut
16:23:58 [aleecia]
Q?
16:24:14 [vincent_]
rigo: we should'nt introduce data breach notifications cause they are too complex
16:24:18 [fielding]
regardless, the last sentence does not do what tl wants.
16:24:29 [ifette]
sgtm
16:24:31 [aleecia]
Ack tl
16:24:39 [ifette]
(the first two sentences of existing text sgtm)
16:24:44 [vincent_]
tl: "may" should be "must not"
16:24:52 [tl]
fielding: What do you understand my goal to be here?
16:25:01 [vincent_]
aleecia: already discussed, check with a strawpoll
16:25:04 [ifette]
-1
16:25:06 [tl]
+1
16:25:12 [johnsimpson]
_1
16:25:32 [vincent_]
aleecia: no support on that one, any other change on these two sentences?
16:25:33 [dsinger]
try: "Local laws and regulations take precedence over this standard, when applicable; however, contractual obligations do not."
16:25:34 [WileyS]
Nick - question for you, can anyone join the weekly meetings (aka public)? Similar to the email list?
16:25:44 [rigo]
If compelled by applicable law to collect, retain, or transmit data despite receiving a DNT:1 signal for which there is no exemption, the party should notify affected users to the extent practical and allowed by law.
16:25:47 [Zakim]
+[IPcaller]
16:25:56 [fielding]
q+
16:26:12 [aleecia]
Ack fielding
16:26:34 [ifette]
"the extent practical" is also somewhat unclear
16:26:42 [vincent_]
did not get it
16:26:54 [WileyS]
Nick, are you there? Question for you, can anyone join the weekly meetings (aka public)? Similar to the email list?
16:26:56 [npdoty]
fielding: should always refer to 'laws and regulations' not just laws
16:27:13 [fielding]
laws, regulations, or judicial orders?
16:27:18 [aleecia]
Q?
16:27:26 [vincent_]
thanks npdoty
16:27:27 [npdoty]
agreement to change to 'laws and regulations' in both sections of that paragraph
16:27:28 [rigo]
change if compelled by applicable law to if compelled by applicable law or regulations
16:27:35 [ifette]
roy, judicial orders are usually supported by some law, no?
16:27:44 [vincent_]
aleecia: any other changes for this text?
16:27:50 [fielding]
probably in the case of dnt, but not normally
16:27:53 [rigo]
roy, rulings are derived from laws or regulations, so no need to further detail
16:27:56 [tl]
Yes, I like dsinger's proposal, with notification addendum.
16:28:07 [WileyS]
npdoty, question for you, can anyone join the weekly meetings (aka public)? Similar to the email list?
16:28:10 [rigo]
+
16:28:12 [rigo]
+1
16:28:14 [npdoty]
WileyS, sorry, we're a little busy at the moment.
16:28:20 [johnsimpson]
I'd like "must" notify, but could live with "should"
16:28:20 [dsinger]
+1 to delete the paragraph (both sentences)
16:28:27 [WileyS]
Nick, easy question - yes or no
16:28:28 [vincent_]
...: stawrpoll if you beleive there should be no "should notify" +1 on IRC
16:28:40 [WileyS]
+1
16:28:40 [npdoty]
WileyS, fine for people to join the calls in general, though if our phone bridge collapses I might not encourage all of them ;)
16:28:40 [rigo]
proposal cut: the party should notify affected users to the extent practical and allowed by law.
16:28:45 [rigo]
+1
16:28:49 [justin]
-1
16:28:50 [enewland]
-1
16:28:52 [ifette]
if we want to change it?
16:28:55 [WileyS]
npdoty, thank you.
16:28:57 [vincent_]
... : to keep that sentence -1
16:28:57 [tl]
-1
16:29:02 [johnsimpson]
-1
16:29:03 [ifette]
+0 -- don' want ot get rid of but change
16:29:18 [chapell]
chapell has joined #dnt
16:29:34 [vincent_]
aleecia: looking like an even splite
16:29:40 [tl]
I propose: Local laws and regulations take precedence over this standard when applicable, but contractual obligations do not. If compelled to take action contrary to this standard parties SHOULD/MUST notify affected users to the extent practical and allowed by law.
16:30:08 [rigo]
q+
16:30:11 [vincent_]
ifette: main concern "extent practical" not really defined, it's not the same that data breach notification
16:30:26 [vincent_]
aleecia: agree that it is not data breach
16:30:34 [tl]
At Mozilla, we consider subpoenas to be data breaches. That's part of our security models.
16:30:41 [vincent_]
... : in term of no practical, two solution
16:30:43 [enewland]
+1 to tl's proposal
16:30:45 [rigo]
exactly tl :)
16:30:47 [tl]
They're the hardest breach to protect against.
16:30:52 [ifette]
"commercially reasonable as determined by the holder of the data"
16:30:53 [ifette]
:)
16:30:57 [vincent_]
... : 1) make the text non-normative
16:31:01 [Zakim]
- +1.415.520.aaff
16:31:03 [rigo]
ack ri
16:31:07 [aleecia]
Ack rigo
16:31:13 [vincent_]
...: 2) define what the "extent practical" is
16:31:19 [chapell]
+1 - commercially reasonable as determined by holder of data
16:31:43 [ifette]
i'm fine with dropping the notification
16:31:50 [ifette]
it's not that meaningful in most cases probably
16:31:51 [tl]
chapell: You realize that that was the viewpoint being caricatured?
16:31:59 [ifette]
you're some third party ad network with just an IP, what are you supposed to do
16:32:10 [vincent_]
rigo: concer about losing focus, we should talk about this in a different specification that is focused on governemental collection and notification
16:32:19 [chapell]
TL: yes
16:32:29 [npdoty]
that's the same as dropping the sentence, right?
16:32:36 [vincent_]
aleecia: proposal, we take the sentence "shoudl notify" and make it non-normative (strawpool)
16:32:42 [fielding]
no SHOULD
16:32:48 [rigo]
aleecia: if you' re opposed to changing the section to NON-normative
16:33:00 [johnsimpson]
can't have a "should" in non-normagtive, caN YOU?
16:33:12 [rigo]
... please indicate +1
16:33:23 [justin]
Should is per se normative
16:33:24 [Zakim]
-justin_.a
16:33:33 [fielding]
q+
16:33:34 [rigo]
tl: can' t have non-normative instructions ...
16:33:37 [vincent_]
tl: it is normative instruction, either you shoudl do it, or you should not do it
16:33:40 [rigo]
ack fielding
16:33:48 [aleecia]
Ack fielding
16:34:04 [rigo]
RF: tracking indicates that you' re tracking for a reason, one of them is that for reason of law
16:34:07 [vincent_]
fielding: the tracking status response may indicate that you are trackign for a reason (might be the applicable law)
16:34:13 [rigo]
... standard doesn' t apply to subpoenas
16:34:18 [Zakim]
+justin_.a
16:34:40 [tl]
fielding: How about: Local laws, legal and judicial process, regulations and so forth take precedence over this standard when applicable, but contractual obligations do not. If compelled to take action contrary to this standard parties SHOULD/MUST notify affected users to the extent practical and allowed by law
16:35:14 [npdoty]
s/fielding: How/fielding, How/
16:35:15 [rigo]
aleecia: We have already some response in Pref Spec and could indicate there.
16:35:32 [ifette]
my first counter-proposal is fine to drop
16:35:33 [vincent_]
aleecia: at that point we might just take that sentence out and cover that in the spec, but not yet since we did not decide what the response should be
16:35:37 [johnsimpson]
+1 tl text
16:35:40 [vincent_]
thanks rigo
16:36:01 [tl]
Local laws, legal and judicial process, regulations and so forth take precedence over this standard when applicable, but contractual obligations do not.
16:36:08 [rigo]
Local laws and regulations take precedence over this standard, when applicable; however, contractual obligations do not.
16:37:05 [dsinger]
try: "Local laws and regulations take precedence over this standard, when applicable; however, contractual obligations do not."
16:37:24 [Zakim]
-??P78
16:37:36 [vincent_]
tl: text I'm proposing is a compromise, slight modifycation of dsinger text
16:37:47 [Zakim]
+??P13
16:37:48 [dsinger]
I'm fine with that
16:38:01 [WileyS]
One person at a time please
16:38:10 [tl]
How about: Local laws, legal and judicial process, regulations and so forth take precedence over this standard when applicable, but contractual obligations do not. If compelled to take action contrary to this standard parties SHOULD/MUST notify affected users to the extent practical and allowed by law
16:38:21 [vincent_]
...: that would be in replacement of the all thing, not jsut the second sentence
16:38:54 [WileyS]
Remove the last sentence and I agree
16:38:56 [dsinger]
replace all text with (a) Tom's sentence and (b) an open issue on notification.
16:39:18 [fielding]
That's better, but starting with "Adherence to applicable laws or regulations take precedence over ..."
16:39:43 [rigo]
What is "local" anyway?
16:39:46 [vincent_]
aleecia: we drope the three sentences and replace it with one
16:40:07 [vincent_]
aleecia: remove local from there and just take law
16:40:14 [dsinger]
Adherence to laws, legal and judicial process, regulations and so forth take precedence over this standard when applicable, but contractual obligations do not.
16:40:18 [npdoty]
does anyone object to this as a concept?
16:40:54 [rigo]
resolution: Change three sentences to "Adherence to laws, legal and judicial process, regulations and so forth take precedence over this standard when applicable, but contractual obligations do not." in 4.5.4
16:41:00 [npdoty]
resolution: change 3 sentences to dsinger's final single sentence, with an open question on notification (pending TPE)
16:41:22 [tl]
I note that HTML5 doesn't allow you to violate it when local laws prohibit it.
16:41:28 [npdoty]
ifette: fine with dropping my suggestion and accepting this
16:41:29 [aleecia]
Agenda?
16:41:33 [vincent_]
aleecia: finished discussing issue 28, moving on
16:41:42 [npdoty]
Zakim, take up agendum 6
16:41:44 [ifette]
ISSUE-14?
16:41:44 [trackbot]
ISSUE-14 -- How does what we talk about with 1st/3rd party relate to European law about data controller vs data processor? -- pending review
16:41:44 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/14
16:41:44 [ifette]
\
16:41:45 [Zakim]
agendum 6. "Issue-14" taken up [from aleecia]
16:42:04 [fielding]
simpler version: Applicable laws or regulations take precedence over this standard, but contractual obligations do not.
16:42:20 [rigo]
For the EU, the outsourcing scenario is clearly regulated. In the current EU Directive 95/46/EC, but also in the suggested regulation reforming the data protection regime, an entity using or processing data is subject to data protection law. A First Party (EU: data controller) is an entity or multiple entities (EU: joint data controller) who determines the purposes, conditions and means of the data processing will be the data controller. A service provider (EU: data
16:42:21 [rigo]
processor) is an entity with a legal contractual relation to the Data Controller. The Service Provider does determine the purposes, conditions and means of the data processing, but processes data on behalf of the controller. The data processor acts on behalf of the data controller and is a separate legal entity. An entity acting as a first party and contracting services of another party is responsible for the overall processing. A third party is an entity with no
16:42:23 [rigo]
contractual relation to the Data Controller and no specific legitimacy or authorization in processing personal data. If the third party has own rights and privileges concerning the processing of the data collected by the first party, it isn't a data processor anymore and thus not covered by exemptions. This third party is then considered as a second data controller with all duties attached to that status. As the pretensions of users are based on law, they apply to
16:42:24 [vincent_]
aleecia: we might be moving this to another portion of the document, are we closed on issue-14?
16:42:26 [rigo]
first and third party alike unless the third party acts as a mere data processor.
16:42:47 [tl]
fileding +1
16:42:57 [WileyS]
Please remove this text in its entirety
16:43:01 [fielding]
q+
16:43:02 [WileyS]
+q
16:43:04 [vincent_]
aleecia: anyone who can not leave with this text?
16:43:05 [tl]
+q
16:43:06 [justin]
+1 to WileyS
16:43:22 [aleecia]
Ack fielding
16:43:33 [vincent_]
fielding: not usefull for us to redefine data controler and data process, just use those terms and copy current definitions
16:43:34 [aleecia]
Ack WileyS
16:43:39 [ifette]
+1 Shane
16:43:49 [enewland]
+1 to WileyS as well. This doesn't belong here or add very much.
16:43:50 [rigo]
q+ to say that this is a useful explanation for EU customers
16:44:31 [vincent_]
WileyS: suggest to divorce legal tenant completley from the standard docuement, discuss them broadly but not the specifics
16:44:32 [tl]
dsinger: fielding suggested "Applicable laws or regulations take precedence over this standard, but contractual obligations do not." which is even tighter.
16:44:33 [chapell]
+1 to WileyS
16:44:40 [aleecia]
Ack tl
16:44:44 [vincent_]
...: we should put that in a companion document
16:44:48 [Joanne]
+1 to Shane
16:44:48 [npdoty]
ack rigo
16:44:48 [Zakim]
rigo, you wanted to say that this is a useful explanation for EU customers
16:44:50 [aleecia]
Ack Rigo
16:44:50 [eberkower]
+1
16:44:50 [chapell]
Lets push this to the standards doc
16:45:14 [npdoty]
chapell, this is a standards document. do you want to move it to a separate document?
16:45:17 [WileyS]
Put that in the companion document
16:45:28 [ifette]
q+
16:45:30 [chapell]
@nick - yes, I meant companion doc
16:45:33 [WileyS]
That's nice - but the A29WP isn't the purpose of this standard
16:45:47 [vincent_]
rigo: -1, this is a added value, it is not specifying but it is a how to
16:45:48 [aleecia]
Ack ifette
16:45:58 [vincent_]
... : how to handle dnt in EU
16:46:33 [vincent_]
ifette: it could be informative but we're not witing an implementation of article 29
16:47:07 [WileyS]
Separate document altogether please
16:47:15 [ifette]
+1 separate doc
16:47:16 [tl]
+1: separate document.
16:47:18 [chapell]
+1 seperate doc
16:47:21 [eberkower]
+1 with WileyS
16:47:24 [vincent_]
aleecia: what I'm hearing is that we should move the text somewhere else, we could debate later where
16:47:25 [tl]
We are agreed!
16:47:31 [Joanne]
+1 to sep doc
16:47:59 [WileyS]
Aleecia - it appears everyone (perhaps save Rigo) is asking for this to be moved to a separate document
16:48:13 [WileyS]
Please look at all the +1s above
16:48:25 [vincent_]
rigo: this endef-up here due to the discussion on 1st vs 3rd party and look to the EU scenario
16:48:42 [rvaneijk]
rvaneijk has joined #dnt
16:48:57 [vincent_]
rigo: I'd be satisfy if you go back to rvaneijk
16:49:06 [WileyS]
Rigo - we don't disagree on the guidance - but rather we'd like to move to a separate document that discusses the entirty of the standard's tenants from individual local law perspectives
16:49:08 [ifette]
s/endef/ended
16:49:31 [vincent_]
I think rvaneijk just joined actually
16:49:37 [Zakim]
+rvaneijk
16:49:38 [aleecia]
Agenda?
16:49:43 [WileyS]
Aleecia - Rob just joined
16:49:43 [rvaneijk]
Hi got stuck in traffic
16:49:55 [johnsimpson]
would we be better to use the data controller, data processor model rather than 1st and 3rd party throughout entire document?
16:50:19 [johnsimpson]
zakim, on call?
16:50:19 [Zakim]
I don't understand your question, johnsimpson.
16:50:25 [rigo]
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#EUterms
16:51:16 [vincent_]
rvaneijk: fine with moving the text in another docuement
16:51:20 [ifette]
Can we plan on "another document" rather than leaving "elsewhere' undefined?
16:51:22 [Zakim]
- +1.516.695.aadd
16:51:27 [ifette]
everyone +1'd another doc
16:51:28 [ifette]
above
16:51:41 [WileyS]
+q
16:51:41 [npdoty]
resolution: we will move this text elsewhere
16:51:52 [fielding]
johnsimpson, unfortunately we can't avoid the third-party distinction entirely because the third-parties that we do care about are the ones that are controllers, not just processors.
16:51:53 [rigo]
resolution: rvaneijk ok with moving text of issue-14 elsewhere as the rest of first/third party still in flux
16:51:55 [vincent_]
aleecia: ifette not sure what we gonna do yet
16:51:57 [WileyS]
Hello Aleecia - in queue for the past issue
16:52:06 [npdoty]
Zakim, take up agendum 7
16:52:06 [Zakim]
agendum 7. "32" taken up [from aleecia]
16:52:07 [rvaneijk]
tnx rigo
16:52:17 [aleecia]
Ack WileyS
16:52:29 [vincent_]
WileyS: many "+1" to move the text in another docuement
16:52:47 [vincent_]
..: did not see anyone against it
16:52:49 [rigo]
I'm not against separate document
16:52:50 [tl]
To paraphrase Mr. Cameron: "I agree with Shane."
16:52:58 [rigo]
for the record. This could be a WG Note
16:53:07 [dsinger]
issue-32?
16:53:07 [trackbot]
ISSUE-32 -- Sharing of data between entities via cookie syncing / identity brokering -- pending review
16:53:07 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/32
16:53:08 [vincent_]
aleecia: discussing with matthias on that issue
16:53:26 [rvaneijk]
Rigo, can we move that to an issue?
16:53:35 [npdoty]
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#cookieSync
16:53:39 [vincent_]
aleecia: issue-32a couple of note on that issue
16:54:02 [Zakim]
- +1.202.496.aamm
16:54:19 [npdoty]
... propose postponing this issue until we figure out the question of service providers
16:54:35 [npdoty]
... and close action 106
16:54:38 [tl]
+1
16:54:40 [vincent_]
aleecia: suggestion on the table we close action 106 and move issue 32 to postpone
16:54:52 [ifette]
No, other than a meta comment to say it's hard to figure out "what is the text under review"
16:54:54 [ifette]
with giant email chains
16:55:10 [ifette]
(would be great to get a link to the relevant email / text directly)
16:55:11 [tl]
ifette: So true.
16:55:16 [ifette]
q+
16:55:31 [tl]
Or if we had some way to propose text. Like a pull request. Just saying.
16:55:43 [vincent_]
my fault, I sent an update this morning
16:55:52 [ifette]
q-
16:56:01 [ifette]
ISSUE-55?
16:56:01 [trackbot]
ISSUE-55 -- What is relationship between behavioral advertising and tracking, subset, different items? -- closed
16:56:01 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/55
16:56:08 [vincent_]
ISSUE-65 ?
16:56:08 [trackbot]
ISSUE-65 -- How does logged in and logged out state work -- pending review
16:56:08 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/65
16:56:31 [npdoty]
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#loggedIn
16:56:32 [rigo]
If a user is logged into a first-party website and it receives a DNT:1 signal, the website must respect DNT:1 signal as a first party and should handle the user login as it normally would. If a user is logged into a third-party website, and the third party receives a DNT:1 signal, then it must respect the DNT:1 signal unless it falls under an exemption described in this document.
16:56:39 [ifette]
If a user is logged into a first-party website and it receives a DNT:1 signal, the website must respect DNT:1 signal as a first party and should handle the user login as it normally would. If a user is logged into a third-party website, and the third party receives a DNT:1 signal, then it must respect the DNT:1 signal unless it falls under an exemption described in this document.
16:56:39 [ifette]
Example use cases:
16:56:40 [ifette]
A user with DNT:1 logs into a search service called "Searchy". Searchy also operates advertisements on other websites. When the user is on a news website, Searchy receives DNT:1, and it must respect it, as Searchy is operating in a third-party context.
16:56:41 [ifette]
A user with DNT:1 enabled visits a shopping website and logs in. The shopping website continues to provide recommendations, order history, etc. The shopping site includes third-party advertisements. Those third-parties continue to respect DNT:1. When the user purchases the items in their basket, a third-party financial transaction service is used. The user interacts with the third-party service, at which point it becomes first-party and may use previously collect
16:56:46 [Zakim]
-Joanne
16:56:46 [ifette]
data.
16:56:48 [ifette]
A user with DNT:1 visits a website (Website A) that uses a third-party authentication service called "LogMeIn". The user logs into the site with his LogMeIn credentials. The user has interacted with LogMeIn, and now it can act as a first-party. Now the user vists Website B, which also uses the LogMeIn service, but is branded differently than Website A. LogMeIn must respect the DNT:1 signal until the user chooses to interact with LogMeIn in order to log into Websi
16:57:02 [vincent_]
aleecia: two different text proposals for this issue, one with some use cases and the other with no comment at all
16:57:11 [rigo]
With DNT enabled the site should not track the user when the user navigates to another site. However, the user should still be able to benefit from some level of personalization.
16:57:22 [tl]
Straw poll time?
16:57:24 [Zakim]
-fielding
16:57:26 [Zakim]
+ +1.949.573.aann
16:57:27 [aleecia]
Q?
16:57:30 [ifette]
Is there an option that logging in == dnt0?
16:57:32 [rigo]
q+
16:57:44 [fielding]
Zakim, aann is fielding
16:57:44 [Zakim]
+fielding; got it
16:57:49 [tl]
+q
16:58:04 [vincent_]
dsinger: it's confuse to say a cookie to a third party and say "don't track me!"
16:58:07 [JC]
That happens with DNT anyway
16:58:32 [vincent_]
aleecia: not sure that it is scope to this problem
16:58:34 [npdoty]
I thought the point of DNT is that you could send a preference even though the browser might send identifying cookies
16:58:34 [aleecia]
Ack Rigo
16:58:36 [rigo]
ack ri
16:59:15 [vincent_]
rigo: there are some caveats that I try to discuss with use cases
16:59:46 [vincent_]
... : user not knowing that he's logged-in and look for sensitive information and get tracked
17:00:00 [ifette]
Isn't that what we have private browsing modes for?
17:00:05 [vincent_]
...: he's not aware of it's logging cookie, DNT might be an opportunity to solve this issue
17:00:24 [aleecia]
Ack tl
17:00:35 [ifette]
q+ to say we seem to be trying to solve use cases solved by incognito/private modes which i think is a bit different than what I anticipated DNT used for
17:00:50 [vincent_]
tl: agree with rigo, the rule we have already cover the use cases
17:00:50 [npdoty]
ack ifette
17:00:50 [Zakim]
ifette, you wanted to say we seem to be trying to solve use cases solved by incognito/private modes which i think is a bit different than what I anticipated DNT used for
17:00:53 [aleecia]
Ack ifette
17:01:01 [dsinger]
strongly disagree with a 'logged in exception' also
17:01:11 [JC]
+q
17:01:29 [aleecia]
Ack jc
17:01:29 [npdoty]
ack JC
17:01:30 [vincent_]
ifette: it's seems to be something we tried to address with private browsing
17:01:44 [vincent_]
JC: not looking for an excepetion for logging state,
17:02:03 [Zakim]
- +1.202.326.aall
17:02:12 [ifette]
if you're in private mode and you log in, you have given a very strong signal. why would you log in to facebook in a 'private browsing' session?
17:02:12 [vincent_]
...: if you 're in private mode and you login the website know who you are
17:02:23 [WileyS]
+q
17:02:36 [vincent_]
...: DNT does not mean do not personalize but it means do not keep track
17:02:47 [ifette]
q+
17:02:55 [ifette]
"I want the bread but I don't want to bake it"
17:03:28 [Zakim]
- +1.617.733.aaee
17:03:30 [aleecia]
Ack WileyS
17:03:31 [vincent_]
JC: I want to know what my friend like in an article (active feedback)
17:03:35 [dsinger]
q+
17:03:44 [tl]
<battle music starts>
17:04:04 [johnsimpson]
JC, Does option one allow what you want?
17:04:07 [rigo]
JC, this also applies filtering in streams, IMHO a more important use case
17:04:09 [vincent_]
WileyS: I disagree, I believe logged-in imply consent
17:04:32 [JC]
Yes
17:04:41 [ifette]
Shane is saying basically what I want to say
17:04:42 [ifette]
so i will drop off
17:04:43 [ifette]
q-
17:04:43 [JC]
+1
17:04:44 [vincent_]
...: user are consenting to an experience, I don't beleive DNT has a place there
17:04:47 [aleecia]
Ack ifette
17:04:48 [tl]
+q
17:04:54 [vincent_]
...: if you don't want that experience then logout
17:05:02 [aleecia]
Ack dsinger
17:05:20 [JC]
DNT doesn't block cookies
17:05:23 [WileyS]
Logged-in = Out of Band Consent
17:05:42 [efelten]
q+
17:05:48 [fielding]
ditto shane … it should be an account preference that gives consent
17:05:58 [tedleung]
I agree with shane
17:05:58 [vincent_]
dsinger: if you send DNT:1 with a cookie, you can know who i am and tells me waht my friends like
17:06:07 [WileyS]
Logged-in = Out of Band Consent (if constructed appropriately) = trumps DNT (web-wide exception)
17:06:22 [aleecia]
Ack tl
17:06:38 [justin]
Logged in = Out of Band consent IF this standard's consent requirement is met
17:06:51 [rvaneijk]
TL +1
17:06:57 [johnsimpson]
+1 to TL
17:06:58 [dsinger]
dnt:0 and a logged-in-cookie trumps DNT, not DNT:1
17:06:58 [WileyS]
Don't participate in SocialNet (or Log out of SocialNet)
17:07:01 [JC]
+1
17:07:01 [vincent_]
tl: it I logging in Socialnet and then go and browse the web, I don't want social net to know which site I view
17:07:07 [WileyS]
This is how you vote on SocialNet's features
17:07:14 [WileyS]
Can't eat your cake and have it too
17:07:20 [WileyS]
Strongly disagree
17:07:25 [efelten]
q-
17:07:26 [dsinger]
strongly agree with tl
17:07:30 [vincent_]
...: we should prohibit that behavior, just because I'm logged in does not mean that SocialNet should be tracking me
17:07:36 [aleecia]
Ack efelten
17:07:38 [JC]
Not the same
17:07:52 [npdoty]
jc, are you in agreement with shane or not? we seem to go back and forth
17:07:54 [dsinger]
if you WANT socialnet's behavior, then send dnt:0 to them
17:07:58 [vincent_]
aleecia: 3 possiblities:
17:08:05 [justin]
How about middle ground --- SocialNet can serve you content based on the url and your profile, but they cannot store info for profile
17:08:07 [JC]
It's gray
17:08:26 [vincent_]
...: 1) being loged in is irrelevant because DNT is still operative
17:08:33 [justin]
Unless they clearly opted in as part of enrollment process.
17:08:35 [JC]
I don't agree with tracking with DNT:1
17:08:39 [johnsimpson]
Justin has it right, I thnk
17:08:45 [vincent_]
...: 2) it's relevant because I oped int
17:08:52 [JC]
I agree with personalization with logged in state
17:08:57 [vincent_]
...: 3) is the option proposed by JC
17:09:01 [ifette]
q+
17:09:11 [JC]
+q
17:09:19 [aleecia]
Ack ifette
17:09:59 [tl]
+1
17:10:00 [JC]
+1
17:10:05 [dsinger]
dnt:1, no logged-in cookies sent: plain DNT applies; dnt:1, logged-in cookies sent: recognize me, but don't add to your database about me;
17:10:06 [rigo]
+
17:10:11 [rigo]
+1
17:10:18 [aleecia]
Ack JC
17:10:31 [Zakim]
-[Microsoft.aa]
17:10:39 [Zakim]
-??P13
17:10:43 [justin]
This discussion conflates a lot of issues, but on this specific issue I would prefer to say nothing on loggedinness
17:10:45 [adrianba]
adrianba has left #dnt
17:10:46 [npdoty]
ifette: as I understand JC's proposal, when I log in to Facebook they could ask me at that time for a *,facebook.com exception so that they can track me around the Web, and that they otherwise can't
17:11:00 [dsinger]
otherwise send dnt:0 to SocialNet and give them an exception
17:11:02 [vincent_]
JC: I login to FB, they know I'm logging, if I have DNT one, everytim I'm reading an article, people know that I'm reading that article
17:11:08 [Zakim]
+??P11
17:11:14 [WileyS]
Agree with Justin (and like the new word "loggedinness" :-) )
17:11:29 [rigo]
think about personalization in filtering information streams like stock selections you' re looking at
17:11:38 [vincent_]
...: if I send DNT:1 people won't know I'm reading that article but I can still see which of my friend liked that article
17:11:40 [chapell]
@JC - not sure I disagree, but it seems complicated and difficult to impliment
17:11:47 [justin]
My middle ground I think would take care of JC's issue.
17:11:58 [johnsimpson]
and if you actively interact, on the 3rd party site that could be logged
17:12:20 [tl]
+q
17:12:24 [vincent_]
aleecia: two action items:
17:12:43 [ifette]
that would be up to the site to offer
17:12:43 [vincent_]
...: 1) write this middle ground
17:12:44 [WileyS]
They can if the service provider extends it
17:13:07 [vincent_]
...: 2)write WileyS's proposal
17:13:08 [WileyS]
@JC - :-)
17:13:31 [WileyS]
Yes
17:13:33 [WileyS]
:-)
17:13:34 [justin]
Sure, but I think my vision is reflected in the current spec.
17:13:36 [WileyS]
Yes
17:13:37 [npdoty]
action: cannon to write up personalization-without-tracking on loggedinness (with David and Shane)
17:13:38 [trackbot]
Created ACTION-151 - Write up personalization-without-tracking on loggedinness (with David and Shane) [on JC Cannon - due 2012-03-28].
17:13:40 [ifette]
rrsagent, bookmark?
17:13:40 [RRSAgent]
See http://www.w3.org/2012/03/21-dnt-irc#T17-13-40
17:13:43 [Zakim]
-[Microsoft]
17:13:49 [ifette]
Question - aleecia, i had two actions due today, can you mark them pending review?
17:13:53 [ifette]
146+147
17:13:57 [npdoty]
action: shane to write up logged-in-means-out-of-band-consent
17:13:58 [trackbot]
Created ACTION-152 - Write up logged-in-means-out-of-band-consent [on Shane Wiley - due 2012-03-28].
17:14:02 [vincent_]
aleecia: move forward on 65 when we have some text
17:14:36 [rigo]
1/ Do not track is not affected by login
17:14:37 [ifette]
1: dnt unaffected by DNT
17:14:39 [ifette]
2: middle ground
17:14:52 [ifette]
3: logged in seen as consenting to tracking, DNT is off after login
17:14:54 [tl]
1
17:14:59 [rvaneijk]
1
17:15:00 [justin]
1.5
17:15:01 [ifette]
ifette votes 2
17:15:03 [ifette]
rather 3
17:15:04 [johnsimpson]
Option 1
17:15:05 [dsinger]
1 or 2
17:15:06 [npdoty]
1 or 2
17:15:09 [rigo]
rigo votes 2
17:15:10 [vincent_]
thanks ifette , rigo
17:15:11 [ifette]
typo :)
17:15:20 [tedleung]
2
17:15:32 [justin]
I think login and DNT are orthogonal, but personalization may be ok regardless of loggedinness
17:15:40 [npdoty]
Zakim, take up agendum 11
17:15:40 [Zakim]
agendum 11. "big issues" taken up [from aleecia]
17:16:02 [rvaneijk]
I think the question 'how big is a first party' needs to be solved first
17:16:04 [vincent_]
aleecia: moving forward on operational uses of data
17:16:18 [WileyS]
Propose we do this at DC F2F
17:16:38 [npdoty]
aleecia: hearing that what we can live with on parties will depend on operational uses of data and vice versa
17:16:43 [vincent_]
...: we will be talk about in DC but we should make progress before we get there
17:16:46 [npdoty]
... take these issues together
17:17:02 [vincent_]
...: think to common use cases would be usefull
17:17:06 [rigo]
my use case is filtering the information stream by a special disease
17:17:18 [rigo]
on a medical site
17:17:44 [WileyS]
operational purposes
17:17:59 [vincent_]
aleecia: use "operational uses" for "exemption/exceptions"
17:18:03 [johnsimpson]
what's wrong with exemption?
17:18:11 [justin]
exemptions not exceptions
17:18:27 [vincent_]
... anyone object to "operational purposes"
17:18:32 [WileyS]
In text, I've been saying "User Granted Exceptions" and "Operational Purpose Exceptions"
17:18:36 [fielding]
I fixed that ;-)
17:18:39 [vincent_]
... exemptions and exceptions are confusing
17:19:09 [rigo]
I would call them exclusions
17:19:12 [npdoty]
q+
17:19:12 [rvaneijk]
as long as operational puposes will not be defined
17:19:30 [tl]
ack tl
17:19:31 [rigo]
rvaneijk: the goal is to define operational purposes
17:19:44 [rigo]
rvaneijk, so speak up or be lost
17:19:44 [aleecia]
Ack tl
17:19:44 [aleecia]
Ack npdoty
17:20:02 [vincent_]
npdoty: will we be judging the exemptions wether or not they're used for operational
17:20:03 [johnsimpson]
q+
17:20:05 [rvaneijk]
q+
17:20:13 [WileyS]
Nomenclature solution - but seems like they would be judged in that light "necesary operational purposes"
17:20:23 [rigo]
q?
17:20:30 [rigo]
ack johnsimpson
17:20:48 [vincent_]
johnsimpson: there are some exemption that would be granted and that are not for operational purpose
17:20:54 [rvaneijk]
+1 john
17:21:06 [ifette]
Perhaps we could call it an "operational exemption"?
17:21:14 [vincent_]
... exemption comes in the spec, exceptions are granted by the suer
17:21:25 [npdoty]
we would still be using "exception" for user-granted site-specific exceptions, right?
17:21:47 [vincent_]
... ok to move on, just note that some exemtpions are not operation purposes
17:21:51 [rigo]
q?
17:21:55 [rigo]
ack rvaneijk
17:22:16 [vincent_]
rvaneijk: operational uses has been used in the EU directive as well
17:22:16 [WileyS]
"strictly necessary purpose" in EU language - not the same
17:22:22 [rigo]
RV: operational purpose would lead to confusion in EU
17:22:30 [rvaneijk]
not the same but will lead to confusion
17:22:39 [npdoty]
tl: "permitted uses"
17:22:39 [rigo]
permitted uses
17:22:41 [rvaneijk]
permitted is better.
17:22:42 [rigo]
+1
17:22:45 [vincent_]
tl: permitted uses (suggestions)
17:23:05 [justin]
Wait, is this permitted by spec or permitted by user?
17:23:17 [vincent_]
aleecia: anybody obtect to permitted uses?
17:23:29 [npdoty]
aleecia: does anyone object to "permitted uses" as a placeholder for the moment? if anyone has a better idea, please share with the mailing list
17:23:58 [ifette]
A Björk
17:24:03 [vincent_]
:)
17:24:11 [WileyS]
So, "User Granted Exceptions" and "Permitted Uses" ?
17:24:48 [WileyS]
The Yahoo! office is too small - sorry (could handle about 20 people - no more)
17:24:49 [npdoty]
aleecia: not yet have a location in DC, three different organizations that would like to but can't
17:24:51 [fielding]
uses? retention, collection, sharing?
17:25:04 [ifette]
we have a dc office but it's not that large...
17:25:23 [npdoty]
... looking at up to 60 people, volunteer hosts are welcome
17:25:25 [ifette]
aleecia, operational question?
17:25:26 [johnsimpson]
Thank you
17:25:28 [Zakim]
-rvaneijk
17:25:31 [Zakim]
-justin_.a
17:25:32 [dsinger]
thx
17:25:32 [Zakim]
-justin_
17:25:32 [Zakim]
- +1.206.369.aajj
17:25:35 [Zakim]
- +1.813.366.aahh
17:25:36 [WileyS]
Thank you
17:25:38 [npdoty]
'same time next week'
17:25:42 [Zakim]
-[Apple]
17:25:45 [Zakim]
-anna_long
17:25:49 [Zakim]
-WileyS
17:25:53 [Zakim]
-alex
17:25:54 [Zakim]
-fielding
17:26:11 [ifette]
ACTION-146?
17:26:11 [trackbot]
ACTION-146 -- Ian Fette to review the proposed text for ISSUE-111 in the context of a redirect chain where some parties get 0, some parties get 1, and there is potentially some data sharing between the parties in the redirect chain -- due 2012-03-21 -- OPEN
17:26:11 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/146
17:26:24 [npdoty]
ifette wants to move 146 and 147 to pending review
17:26:31 [Zakim]
-Rigo
17:26:38 [Zakim]
-[IPcaller]
17:26:39 [Zakim]
-[Microsoft.a]
17:26:42 [Zakim]
-ifette
17:26:44 [Zakim]
-John_Simpson
17:26:44 [Zakim]
-efelten
17:26:45 [Zakim]
- +1.646.654.aagg
17:26:46 [npdoty]
... and will do so now
17:26:47 [johnsimpson]
johnsimpson has left #dnt
17:26:51 [npdoty]
Zakim, list attendees
17:26:51 [Zakim]
As of this point the attendees have been tl, aleecia, Rigo, npdoty, +1.202.629.aaaa, John_Simpson, Vincent, +1.919.388.aabb, anna_long, +1.646.654.aacc, WileyS, +1.516.695.aadd,
17:26:54 [tedleung]
tedleung has left #dnt
17:26:55 [Zakim]
... fielding, +1.617.733.aaee, +1.415.520.aaff, [Microsoft], dsinger, +1.646.654.aagg, justin_, alex, +1.813.366.aahh, +1.415.520.aaii, +1.206.369.aajj, Joanne, +2930aakk, ifette,
17:26:55 [Zakim]
... +1.202.326.aall, +1.202.496.aamm, [IPcaller], rvaneijk, +1.949.573.aann
17:27:01 [Zakim]
-npdoty
17:27:10 [npdoty]
rrsagent, draft minutes
17:27:10 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/03/21-dnt-minutes.html npdoty
17:27:12 [Zakim]
-Vincent
17:27:15 [vincent_]
thanks npdoty , rigo and ifette for helping me scirbing :)
17:27:17 [Zakim]
-??P11
17:27:33 [npdoty]
thanks to vincent for keeping up on a very fast-moving call!
17:27:57 [npdoty]
chair: aleecia
17:28:06 [npdoty]
meeting: Tracking Protection Working Group teleconference
17:28:07 [vincent_]
that did seem very fast to me :)
17:28:13 [npdoty]
rrsagent, make logs public
17:28:54 [npdoty]
rrsagent, draft minutes
17:28:54 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/03/21-dnt-minutes.html npdoty
17:29:15 [Zakim]
-tl
17:29:16 [Zakim]
T&S_Track(dnt)12:00PM has ended
17:29:16 [Zakim]
Attendees were tl, aleecia, Rigo, npdoty, +1.202.629.aaaa, John_Simpson, Vincent, +1.919.388.aabb, anna_long, +1.646.654.aacc, WileyS, +1.516.695.aadd, fielding, +1.617.733.aaee,
17:29:16 [Zakim]
... +1.415.520.aaff, [Microsoft], dsinger, +1.646.654.aagg, justin_, alex, +1.813.366.aahh, +1.415.520.aaii, +1.206.369.aajj, Joanne, +2930aakk, ifette, +1.202.326.aall,
17:29:16 [Zakim]
... +1.202.496.aamm, [IPcaller], rvaneijk, +1.949.573.aann
17:29:24 [rigo]
rigo has left #dnt
17:45:45 [mischat]
mischat has joined #dnt
17:58:38 [mischat_]
mischat_ has joined #dnt
18:41:33 [mischat_]
mischat_ has joined #dnt
19:12:26 [KevinT]
KevinT has joined #dnt
19:15:15 [tl]
tl has joined #dnt
20:21:06 [tl]
tl has joined #dnt
20:52:24 [tl]
tl has joined #dnt
20:59:40 [mischat]
mischat has joined #dnt