See also: IRC log
<aleecia_> chair: aleecia
<aleecia> Good morning, Nick
<aleecia> Thanks! I believe we are set.
<aleecia> thank you, thank you, thank you.
<aleecia> thanks!
<aleecia> (I'm already muted :-)
<rigo> muted chairs are an intrinsic contradiction
<aleecia> Call hasn't started...
<aleecia> I'll hear enough of my own voice soon enough
<damiano> no
<damiano> i'm trying to join with a google number
<damiano> still trying to get an operator
zakim aamm is tedleung
<Chris_IAB> just joined the call from 212
i'm not hearing any audio
<aleecia> good morning. anyone care to volunteer to scribe?
<aleecia> Ted, you should hear beeps as people join the group
<aleecia> That bodes not well
ok i heard aleecia
i can do it
<npdoty> scribenick: tedleung
review of overdue action items
<npdoty> issue-65?
<trackbot> ISSUE-65 -- How does logged in and logged out state work -- open
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/65
justin thought there was general consensus - proposes closing
<schunter> I am stuck in another meeting. Will be late.
er, pending review
action-196 to pending review
action-248
<Marc> Marc is 202 835-9810
action-248 is a duplicate of action-241, npdoty to fix
action-235 - awaiting review of text from people in group. extend by 1 week
<dsinger> issue-84?
<trackbot> ISSUE-84 -- Make DNT status available to JavaScript -- closed
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/84
<dsinger> is anything left to be done, though? the status is now available to JS, both the general ones, and the site-specific ones, in today's text
action-200 - ian - still looking for use cases to drive api designs
<fielding> dsinger, could you take over action-226 ?
after dsinger's comment, propose to close action-200 with a note. dsinger to close
action-226 dsinger and fielding to resolve
<dsinger> reading the long email behind the action now...
missed the action number we are discussing
<npdoty> action-229?
<trackbot> ACTION-229 -- Chris Pedigo to draft crisp definition [of data append] -- due 2012-08-01 -- OPEN
<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/229
action-229 - ChrisPedigoOPA - draft text to the list and discussion proceeding, moving to pending review to work through boundaries of data append vs service provider
schunter has 2 issues which are mostly internal; he is not on the call
= check for identified callers =
<laurengelman> i am 415
<tl> And that's the saddest part =[
<Brooks> 678 580 - Brooks
<damiano> i'm on the phone, google voice
<laurengelman> I might be the VOIP if not the 415
<damiano> ok that was me :-(
issue-148
<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0314.html
<aleecia> Upon receiving a request with DNT:0, a site may assume the user has provided them with explicit consent to continue with data collection, retention, and use practices including but not limited to the placement and reading of cookies and personalization services. Additionally, restrictions placed on the collection, retention, and use of data by this recommendation shall not apply to any data received as part of a request with a DNT:0 signal.
action-208?
<trackbot> ACTION-208 -- Ian Fette to draft a definition of DNT:0 expression -- issue-148 -- due 2012-06-06 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/208
<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0421.html
proposed addition in url above
<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0428.html
rigo's proposed addition in url above
<aleecia> Folks, as said, this shortcut only works in the US legal
<aleecia> environment. The previous definition would have worked also for the
<aleecia> EU as we need positive semantics there (allowance talk) because we
<aleecia> have to open the legislative restrictions with a positive statement
<aleecia> of the user attached to that DNT:0 token.
<fielding> I agree with Rigo
<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0313.html
counter proposal in url above
<aleecia> When a user sends the DNT:0 signal they are expressing a preference for
<aleecia> a personalised experience. This signal indicates explicit consent for
<aleecia> data collection, retention, processing, disclosure, and use by the
<aleecia> recipient of this signal. This recommendation places no restrictions on
<aleecia> data from requests received with DNT:0.
<rigo> I agree also with text from Tom
<rigo> I can live with the pure text from Tom
<Zakim> dsinger, you wanted to ask whether using a legal term (whose definition varies by jurisdiction) of "explicit consent" is a good or bad idea?
aleecia thinks the two texts are close together, authors of texts disagree
<WileyS> Legal obligations will always trump the standard so don't get too hung up here
<rigo> +1
<npdoty> +1, if laws disagree, they won't be hung up by our text
<WileyS> Speaking of "Global Considerations" document - where is that???
seems useful to clarify DNT:0 / explicit consent / local jurisdictions
<tl> +! This text would never meet legal requirements it doesn't meet. We can still say that it's as explicit consent as we can communicate this way.
<susanisrael> 215286bbff is susanisrael
<johnsimpson> +1 to laws in respective jurisdictions trumping the standard
rigo is against clarifying jurisdictions, prefers tl's text
<aleecia> so we have: 1. need to make sure we don't say "explicit consent" in a legal threshold, just say we consider it consent. 2. add non-norm text of "check with your lawyer"
<tl> Was this my text?
<rigo> tl, :)
<fielding> or just make it a requirement that sending DNT:0 is only allowed when the UA has explicit consent
<npdoty> tl, this is your text: http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0313.html
<tl> ...it's been so long
<rigo> roy, purpose is "current" as in P3P
<npdoty> is "personalized experience" enough of a purpose for EU contexts?
fielding to propose some wordsmithing changes
<npdoty> When a user sends the DNT:0 signal, they are expressing explicit consent for data collection, retention, processing, disclosure and use by recipient of this signal for the purpose of a personalized experience.
<rigo> +1
dwainberg: this DNT:0 def is broader in a way than the def of DNT:1. This seems odd
<tl> Well, that doesn't really work.
"shouldn't it just be the strict opposite of DNT:1"
<tl> What if you need consent?
<rigo> the EC function is different from "Not DNT:1"
<fielding> I am quite certain that DNT:0 does not mean "I am not sending DNT:1"
<npdoty> no header effectively doesn't say DNT:1
<dsinger> actually, currently it means precisely "you have asked for, and got, an in-band exception from this user"
<tl> DNT:0 is not just "not DNT:1"
<tl> If a user wants to send "not DNT:1" then they can just not send any signal.
<Chris_IAB> David, do you find the definition of DNT:0 too far reaching?
<WileyS> If DNT=1 meant "no personalized experience" then DNT=0 meaning "I want a personalized experience" makes sense. I agree with David that DNT=1 is ill-defined at this time, so its difficult to write text that is the exact opposite of the text for DNT=0
aleecia want's to know if dwainberg is objecting or just finding the definition odd
<fielding> proposal: When a user sends the DNT:0 signal, they are expressing a preference for a personalized experience. This signal indicates explicit consent for data collection, retention, processing, disclosure, and use by the recipient of this signal to provide a personalized experience for the user. This recommendation places no restrictions on data collected from requests received with DNT:0.
<tl> This text has been around for a long time. It sounds like DW doesn't object. Let's move on
<BrendanIAB> Scope: "The Working Group will produce Recommendation-track specifications for a simple machine-readable preference expression mechanism ("Do Not Track") and technologies for selectively allowing or blocking tracking elements."
<tl> So long that *I forgot that I had written it*.
<dsinger> to tl: 'explicitly' not DNT:1
<Chris_IAB> is DNT:0 and explicit opt-in?
<rigo> yes
<Chris_IAB> Rigo, yes to my question?
<rigo> yes
<Chris_IAB> Thanks Rigo
"if DNT:0 means "not DNT:1", then we go to a 2 state system"
<npdoty> BrendanIAB, the second part of that scope is referring to the Tracking Selection List deliverable (which we've decided not to continue with), but I agree that DNT:0 doesn't mean "not DNT:1" if we continue with our three-part state
<aleecia> +1
brooks doesn't think that DNT:0 would likely qualify as consent in the EU
<aleecia> hears we need a non-norm section
<aleecia> on "this may vary based on where you are"
<npdoty> is this a +1 to the earlier comment that we would need to note that this doesn't guarantee certain jurisdictional support?
<aleecia> I believe so
rigo refers brooks to presence of article 20 wp /cc robvaneijk
<aleecia> pointing people to the text is a fine idea
<tl> Does anyone actually have an objection to this text, with a counter-proposal?
<Chris_IAB> agree with Ian's perspective
<rigo> +1 to aleecia
ifette "in a case, it's more likely that the text that the user actually saw will be preferred over any text in the spec"
<fielding> When a user sends the DNT:0 signal, they are expressing a preference for a personalized experience. This signal indicates explicit consent for data collection, retention, processing, disclosure, and use by the recipient of this signal to provide a personalized experience for the user. This recommendation places no restrictions on data collected from requests received with DNT:0.
<npdoty> any objections to fielding's new text?
<tl> I have no objection to Roy's new suggestion.
<Brooks> it should be explicit consent for 3rd party
<dsinger> I am not sure that the last sentence is true? Can you pass data to agents that received DNT:1, for example?
<Brooks> +
<npdoty> +1 to Roy's
<tl> Perhaps the entire document should have a rider with the statement "Check with your lawyer.".
<aleecia> +1 to that
propose to adopt roy's text, and add non-normative text to consult with your lawyer
<rigo> +1 to Roy
<laurengelman> +1
<npdoty> we went beyond Not Do Not Track a long time ago, when we made this a three-part state
<rigo> I was arguing in favor of this since the workshop in Princeton
<WileyS> DNT:0 indicates that a user does not seek the protections that DNT:1 offers.
<dsinger> it was added to indicate an in-band exception
<dsinger> I don't think we ever agreed to a tri-part state. Indeed, we have a poll open on that.
<Brooks> ?
aleecia to step dwainberg through DNT:0 rationale
<WileyS> dsigner - the poll is on the UA treatment, not on the tri-part state.
<npdoty> dsinger, I thought we had agreement on DNT having three possible states, we have a poll open on whether UAs have to expose it
<Brooks> +
<tl> npdoty +1
<johnsimpson> David, isn't the poll over whether a browser MUST offer tri-part state?
<dsinger> We never agreed that DNT:0 was a general preference, and that is the essence of the poll question. DNT:0 was introduced to satisfy the need for in-band exception signalling.
<rigo> you also need it for first parties
<fielding> the signal is sent to any party
<npdoty> DNT:1 is not solely to third parties
brooks - should this text be qualified to 3rd parties?
<tl> No.
<fielding> no
<npdoty> here are the first party compliance requirements: http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#first-party-compliance
<Chris_IAB> how would it related to 1st parties in the US?
aleecia: no, DNT applies to 1st and 3rd parties, but has very few requirements for 1st parties, but there are requirements
<rigo> Chris_IAB: it will give them permission
<tl> These questions apply to all parties. The compliance requirements are different for different parties, and small for first parties, but everyone has requirements.
<justin_> Yeah, that first party compliance requirements language isn't good. No one has proposed good language to achieve what we have general consensus on should happen.
<Zakim> dsinger, you wanted to suggest that the last sentence not make blanket statements, change to "This recommendation places little or no restrictions on data collected from requests
<tl> Disagree.
<justin_> Why?
<rigo> :)
<rigo> Why? -> picture
<justin_> If I get DNT:0, don't see a need for prohibitions on data pass.
<npdoty> I think dsinger's point is that when we have a user-granted exception now, users intentionally send DNT:0 to some but not others, and wouldn't want one third party to pass it to others that received DNT:1
<justin_> I can't think of anything else in the spec that would put a limit on what DNT:0 recipients can do with data (outside of extra-standard requirements).
<tl> I disagree with David's concern. It is my impression that DNT:0 is precisely to disclaim all restriction.
<Brooks> To be more clear on my 1st party/3rd party stance - when I say no 1st party requirement I mean when no 3rd parties are involved - am I still missing something?
<tl> We cannot just re-open decided issues a year after the fact
<fielding> I think David's concern is covered by the purpose -- that's why EU requires consent for each purpose.
<rigo> tl, I think it is just lawyerish disclaiming (no or little)
<npdoty> Matt_AppNexus: don't think the distinction between 1st/3rd party is so clear, though I'm late to this discussion
matt from app nexus - is concerned about changing balance of power between 1st and 3rd parties
<rigo> which is not worth our time
<npdoty> +1 to fielding, we could note that DNT:0 for an exception has a particular purpose
also concerned about ambiguity that dsinger is trying to address
<dsinger> my concern is minor, that that sentence makes a blanket claim about the entire rest of the spec. I guess we can remember to re-visit the statement if it ever becomes true, but someone might think "I can stop reading if I get DNT:0", that's all. I hope we remember it's here, but we'd probably catch it in a final consistency check if it becomes untrue.
<Chris_IAB> perhaps the spec should include a table, for each compliance provision, of how each provision applies to 1st parties, 3rd parties, and service providers -- to make it crystal clear
<dsinger> s/becomes true/becomes false/ !!
<justin_> This
<tl> aleecia +1
aleecia - hearing newcomers not having complete understanding of what is currently in the spec.
<Chris_IAB> Proposed Table in Spec: Compliance Provision | How it Applies to 1st Parties | How it Applies to 3rd Parties | How it Applies to Service Providers
<Chris_IAB> Rigo, it was the gentleman from AppNexus
<npdoty> rigo, that was Matt with App Nexus
<tl> ...Otherwise, it's endless September in here
<aleecia> propose: add, including sharing data with others.
<rigo> ok, ready to take a call with him and explain the concept
<fielding> isn't that what "disclose" says?
<WileyS> +q
please mute if you are not speaking
<rigo> we shouldn't let Aleecia make all those calls
<npdoty> I agree that "disclose" is already present
<Chris_IAB> +q
<tl> +1 shane
<dsinger> likes what Shane just said
<npdoty> because we have a 3-part state?
<tl> Shane + consent
<fielding> Shane, that would be useless in EU
<Brooks> that is still a 3 part state
<tl> ...except in Europe.
<dwainberg> agree w/ Shane
WileyS proposed DNT:0 = not DNT:1
<fielding> No, DNT:0 has nothing whatsoever in common with "unset"
<justin_> I think I prefer fielding's language.
<WileyS> Agree on the EU problem - that makes this harder. Hence my belief that we need more than one compliance standard.
aleecia reiterates need for 3 part state
<rigo> +1 to adoption
<npdoty> prefer fielding's language and three-part state
<tl> We're agreeing with Roy's proposal? If so, yes!
<johnsimpson> +1 to adopt
<rigo> yes
<tl> "Check with your lawyer."
<tl> There, done.
resolution: adopt fielding's text and add non-normative "check with your lawyer" text
<aleecia> AGREED: we adopt Roy's text
<dsinger> "this protocol does not define what consititutes explicit consent in any jurisdiction; check with your lawyer"
<npdoty> ACTION: rigo to draft non-normative text to "check with your lawyer" regarding consent and DNT:0 [recorded in http://www.w3.org/2012/09/05-dnt-minutes.html#action01]
<trackbot> Created ACTION-250 - Draft non-normative text to "check with your lawyer" regarding consent and DNT:0 [on Rigo Wenning - due 2012-09-12].
<tl> All hail dsinger.
rigo just supplied text for action-250
Chris_IAB proposes that new proposals explicitly call out how they apply to 1st, 3rd parties and service providers.
<rigo> WileyS, we should perhaps have a call so that I explain you where the purpose identification is. The purpose identification lies in fact in the context of the request because we assume the user knows what she does
<tl> It is meant to.
<WileyS> Rigo, agree with this wrinkle and why you'd push for DNT=0 equallying explicit consent.
<tl> We do think that. That is the point.
<tl> DNT:0 is there to provide explicit consent. That is a decided issue, and not elegible to be reopened.
<fielding> The explicit consent comes when the user makes the configuration to send DNT:0
<aleecia> Rigo speaking
<WileyS> Yes, you can - because you're agreeing to a practice not to a specific party
<WileyS> +q
<fielding> I think what Brooks is mentioning is informed consent, not explicit consent
Brooks still have an issue with explicit consent
<npdoty> in some cases it will be to a particular party, like when you've granted a user-granted exception
<npdoty> or I might configure a list to send DNT:0 to parties I know and trust
WileyS: it's not explicit consent between parties, but explicit consent to a practice
<Chris_IAB> interesting if DNT:0 = "implicit consent", then it would have to be set by the user, right? Then shouldn't DNT:1 also have the same, user-set, requirement? (vs. default on)
<fielding> I honestly don't think that will be a problem in the EU given that the EU commissioner explicitly asked for it as a solution to popups at every site.
<Chris_IAB> for example, if there were a UA that set DNT:0 by default, would everyone be ok with that?
<hwest> I can do it
<dsinger> yes, Roy's text uses the words "explicit consent" which is a term of art used in legislation, which is the concern; we just need a note that we haven't tried to make this protocol satisfy every jurisdiction's definition of explicit consent
<npdoty> action-250: "this protocol does not define what consititutes explicit consent in any jurisdiction; check with your lawyer"
<trackbot> ACTION-250 Draft non-normative text to "check with your lawyer" regarding consent and DNT:0 notes added
hwest to add text to the compliance doc
<npdoty> close action-250
<trackbot> ACTION-250 Draft non-normative text to "check with your lawyer" regarding consent and DNT:0 closed
issue-119?
<trackbot> ISSUE-119 -- Specify "absolutely not tracking" -- open
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/119
<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0362.html
<npdoty> ACTION: west to add DNT:0 definition and non-normative text to Compliance [recorded in http://www.w3.org/2012/09/05-dnt-minutes.html#action02]
<trackbot> Created ACTION-251 - Add DNT:0 definition and non-normative text to Compliance [on Heather West - due 2012-09-12].
<aleecia> A party may claim that it is not tracking, if it
<aleecia> 1) only collects identifying data which is strictly necessary to answer
<aleecia> the user's HTTP request and to fulfil it's contractual obligation
<aleecia> towards the user
<aleecia> 2) does not send, collect or check for unique identifiers
<aleecia> 3) does not correlate the data of a DNT HTTP request with any other data
<aleecia> 4) deletes the identifying data as soon as the original purpose is fulfilled
<tl> Whose text it this?
<npdoty> tl, this is from Ninja
<tl> Has it been on the list?
this is the DuckDuckGo scenario
<tl> Aah, right.
<tl> This seems weak to me.
<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0403.html
<aleecia> A party may claim that it is not tracking if
<aleecia> 1) the party does not retain data from requests in a form
<aleecia> that might identify a user except as necessary to fulfill that
<aleecia> user's intention (e.g., credit card billing data is necessary
<aleecia> if the user is making a purchase) or for the limited purposes
<aleecia> of access security, fraud prevention, or audit controls;
<aleecia> 2) when user-identifying data is retained for purposes other
<aleecia> than to fulfill the user's intention, the party maintains
<aleecia> strict confidentiality of that data and only retains
<aleecia> that data for a limited duration that is no longer than is
<aleecia> necessary to accomplish that purpose, thereafter destroying
<aleecia> or otherwise clearing the user-identifying data; and,
<WileyS> This seems narrow to me - while this may not be tracking there are many other activities (such as Permitted Uses) that would not be considered tracking either.
<aleecia> 3) the party does not combine or correlate collected
<aleecia> user-identifying data with any other data obtained from prior
<aleecia> requests, user-identifying profiles, or data obtained from
<aleecia> third parties unless specifically directed to do so by the user
<aleecia> (e.g., when a user initiates a login request) or for the limited
<aleecia> purposes of inspection for access security, fraud prevention,
<aleecia> or audit controls.
<rigo> tl, fun is that ixquick who has a privacy seal from ULD is not fulfilling those requirements...
<WileyS> That comment was for Ninja's proposal
<tl> I do not think that Roy's text meets the goal for this text.
<npdoty> I think we could have a definition that uses existing language around permitted uses
<npdoty> like, "absolutely not tracking" is "only the security and short-term logging permitted uses"
npdoty: can we reformulate this in terms of permitted uses?
<WileyS> Nick, doesn't feel appropriate to create a gradiant outcome (not tracking vs. absolutely not tracking)
<fielding> tl, I don't think it was intended to match the goal of Ninja's text
<npdoty> npdoty: propose using existing terminology around permitted uses rather than inventing new phrasing
dwainberg: why is this phrased as not "Tracking" since we are avoiding the word tracking
<npdoty> ... like a definition "does not use any permitted uses except for security and short-term"
<WileyS> If you define something as 'not tracking', then anything else 'is tracking'?
<fielding> TSV = "N"
dwainberg: this seems problematic, we should drop it
<rigo> we could call those "Privacy Champions" :)
<rigo> short of PC
<npdoty> +1 to fielding, refer to the specific signal rather than a term for us to fight over
<dwainberg> apart from the name it's still a problem
<fielding> I mean, that is the name ;-)
<Chris_IAB> in trying to find consensus, it's proven very difficult (likely impossible) to fulfill regional requirements (legal, regulatory and other requirements) for a DNT header mechanism. So how about we concentrate on the technical spec in this group, then bifurcate the compliance spec into multiple documents, that are regionally focused to solve regional issues?
<Chris_IAB> otherwise, aren't we trying to boil the ocean here?
<fielding> or, "no personal data retained"
ChrisPedigoOPA: concerned about both texts, would prefer npdoty's approach, going to create legal liability for small entities
<tl> +q to explain what this is for.
<rigo> I think Chris is hung up by transforming a positive statement into a negative one
<Zakim> tl, you wanted to explain what this is for.
<aleecia> +1 Rigo
<npdoty> it would be requirements for those who choose to explicitly state an additional level, which would of course be optional
<aleecia> Optional and likely rare
tl: this is for websites that want to go way over and above on privacy - likely to be few of these; not aimed at "normal" websites
<dwainberg> Let's just have a
<aleecia> "really totally not tracking" doesn't work for me :-)
<dwainberg> ... "+" response that says "we go beyond DNT."
<fielding> A for anonymous?
<rigo> total privacy
<aleecia> That's what this is, David
<dwainberg> and then let companies explain what they mean elsewhere.
<rigo> +1 to fielding
<Chris_IAB> Tom, aren't you saying then, in essence, that a 3-state system doesn't serve all?
<dwainberg> But we shouldn't try to define it.
<WileyS> Disagree with this approach - go start up a separate company/privacy seal and sell this there. Not needed in this standard.
<npdoty> we currently have TSV = "N"?
<Zakim> dsinger, you wanted to wonder if we can roll this into the next question "when its practices fall strictly outside the definition of tracking given in the scope of this
dsinger: by listing out the things that a super privacy site won't do, we're indirectly defining tracking
<WileyS> We're now considering yet another state? You're either DNT compliant or DNT SUPER compliant?
<dwainberg> and then we'll need super-duper extra compliant.
<ChrisPedigoOPA> Shane, agreed. In an effort to create a super-privacy level, it seems that we create liability for sites that don't track
<aleecia> Why do you think there's liability here?
<tl> ChrisPedigoOPA: What liability?
<npdoty> WileyS, the TSV currently has 6 listed values, we are discussing one of them here
<WileyS> If a company is not SUPER compliant and only compliant, I definitely see liability.
<aleecia> The few companies on the planet that do this will be happy. The rest of companies will ignore this.
<Chris_IAB> does "tracking" mean "serving customized and personalized content"?
<WileyS> We're taking an already overly complex structure and making it more complex - argh.
<tl> WileyS: Why? They aren't doing something they haven't promised to do?
<ChrisPedigoOPA> my site wants to say that I don't need the exceptions in the standard and my site doesn't share data with anyone, so I don't track. But, now this new language adds another layer of complexity and liability
<WileyS> Aleecia - I disagree and feel that's short sighted. Scope creep will create the temptation for advocates to try to push all companies to "Super Compliance".
<fielding> WileyS, the TSV is a claim by the server of what the server does -- it does not say anything more than what the server wants to say.
dwainberg: there are 2 issues. 1) is there a way for servers to say that DNT doesn't apply 2) should we define what that means
<WileyS> Aleecia - also, if its only a few companies, let them go and do their own thing and not burden this standard.
<Chapell> For entities that want the gold star, they are certainly free to indicate that "they go beyond the requirements of DNT because of X, Y, Z..
<dwainberg> That would not address my concerns.
<Chapell> So why do we need to add this to the spac
<Chapell> spec?
aleecia: dont' want to create the impression that companies that implement DNT are bad at privacy
<ChrisPedigoOPA> Example - only collects identifying data which is strictly necessary to answer the user's HTTP request and to fulfill it's contractual obligation towards the user. How do you define "strictly necessary"???
<npdoty> ChrisPedigoOPA, I think what we're talking about is a way to say that you're not using the permitted uses
<Chris_IAB> "DNT" should not be synonymous with "privacy" (that's conflating)
<ChrisPedigoOPA> how do you define "contractual obligations"??
suggest adding non-normative text that says this will only apply to a small number companies
<WileyS> If its in the standard then it applies to the world
<rigo> ChrisPedigoOPA, strike "contractual obligations" and the definition is fine
<ChrisPedigoOPA> what is strictly necessary?
aleecia: likes npdoty's proposal to reframe in terms of permitted uses
<rigo> +1 to Roy's suggestion
<tl> +1 fielding
<aleecia> -1
fielding: can we change TSV=N to TSV=A in the TPE?
<tl> I'm totally okay with "anonymous"
<aleecia> I'm concerned that anon means more than this is
<tl> Neither is accurate, but one causes fewer complaints...
<Brooks> couldn't you have a credentialed access - non anonymous, but not log anything - not tracking?
<WileyS> +1 to Anonymous over "Not Tracking" but agree with Aleecia this will have different definitions to many
<npdoty> ACTION: doty to propose defining formerly-known-as absolutely-not-tracking via permitted uses [recorded in http://www.w3.org/2012/09/05-dnt-minutes.html#action03]
<trackbot> Created ACTION-252 - Propose defining formerly-known-as absolutely-not-tracking via permitted uses [on Nick Doty - due 2012-09-12].
<npdoty> ACTION: wainberg to propose dropping any tracking status value for None/Anonymous [recorded in http://www.w3.org/2012/09/05-dnt-minutes.html#action04]
<trackbot> Created ACTION-253 - Propose dropping any tracking status value for None/Anonymous [on David Wainberg - due 2012-09-12].
<WileyS> Could you name one of those companies in our Membership?
<Chris_IAB> do we need something included in the spec for only a few companies?
<Brooks> I don't think anonymous works
<npdoty> aleecia: for the small number of companies, not for general use, could clarify that in non-normative text
<WileyS> By small number - are we suggesting 2 or 3 companies in the world?
<johnsimpson> agree with david