IRC log of dnt on 2013-03-11

Timestamps are in UTC.

10:27:41 [RRSAgent]
RRSAgent has joined #dnt
10:27:41 [RRSAgent]
logging to http://www.w3.org/2013/03/11-dnt-irc
10:27:49 [rigo]
zakim, this will be track
10:27:50 [Zakim]
I do not see a conference matching that name scheduled within the next hour, rigo
10:28:37 [rigo]
zakim, this will be 87225
10:28:37 [Zakim]
I do not see a conference matching that name scheduled within the next hour, rigo
10:29:52 [rigo]
hm, looks like my telco reservation was only for 14:00
10:30:50 [Walter]
good morning rigo
10:54:18 [dwainberg]
dwainberg has joined #dnt
11:12:09 [fwagner]
fwagner has joined #dnt
11:20:47 [Joanne]
Joanne has joined #DNT
11:27:45 [haakonfb]
haakonfb has joined #dnt
11:31:32 [tlr]
I think the telco reservation was for 8am ET, which is 1300
11:31:41 [tlr]
zakim, this will be 87225
11:31:41 [Zakim]
ok, tlr; I see T&S_Track(DNT)8:00AM scheduled to start in 29 minutes
11:46:29 [Zakim]
bot restarting in 2 minutes to recover bridge state
11:53:38 [vinay]
vinay has joined #dnt
11:53:59 [Justin]
Justin has joined #dnt
11:55:20 [justin_]
justin_ has joined #dnt
11:56:14 [justin_]
justin_ has joined #dnt
11:56:41 [brookman]
brookman has joined #dnt
11:56:49 [ninjamarnau]
ninjamarnau has joined #dnt
11:57:11 [Weiss_Yahoo]
Weiss_Yahoo has joined #dnt
11:57:14 [ionel]
ionel has joined #dnt
11:59:59 [Zakim]
Zakim has joined #dnt
12:00:59 [peterswire]
peterswire has joined #dnt
12:08:51 [rigo]
hello everybody. We will start by determining scribes and then do a first presentation
12:09:53 [james]
james has joined #dnt
12:13:31 [Cordula_Zimmer]
Cordula_Zimmer has joined #dnt
12:13:51 [jamesgray_dgconnect]
jamesgray_dgconnect has joined #dnt
12:17:37 [aleecia]
aleecia has joined #dnt
12:18:15 [rvaneijk]
rvaneijk has joined #dnt
12:21:37 [tlr]
(still administrivia. Will set up bridge once we're done with that.)
12:22:15 [vinay]
tlr - let me know if we need screen sharing capabilities. If so, I can offer my Adobe Connect room.
12:22:55 [aleecia]
aleecia has joined #dnt
12:23:07 [moneill2]
moneill2 has joined #dnt
12:23:17 [rvaneijk]
test
12:24:39 [test]
test has joined #dnt
12:26:40 [Weiss_Yahoo]
test
12:26:52 [tlr]
zakim, this will be track
12:26:52 [Zakim]
ok, tlr, I see T&S_Track(DNT)8:00AM already started
12:26:56 [tlr]
zakim, who is on the phone?
12:26:56 [Zakim]
On the phone I see ??P0, +49.303.3.aabb
12:27:05 [rigo]
zakim, aabb is Berlin
12:27:05 [Zakim]
+Berlin; got it
12:27:28 [rigo]
zakim, who is here?
12:27:28 [Zakim]
On the phone I see ??P0, Berlin
12:27:28 [tlr]
zakim, ??P0 is probably schunter
12:27:29 [Zakim]
On IRC I see test, moneill2, aleecia, rvaneijk, jamesgray_dgconnect, Cordula_Zimmer, peterswire, Zakim, ionel, Weiss_Yahoo, ninjamarnau, brookman, vinay, haakonfb, Joanne, fwagner,
12:27:29 [Zakim]
... RRSAgent, rigo, schunter, Walter, hober, wseltzer, tlr, mischat
12:27:29 [Zakim]
+schunter?; got it
12:34:21 [peterswire]
I am acting as scribe for this session -- statements by "peterswire" are as scribe and not the comments of the chair
12:34:31 [brookman]
scribenick: peterswire
12:35:51 [peterswire]
http://www.w3.org/2011/tracking-protection/130311-gloco.html for agenda
12:36:02 [tlr]
agenda: http://www.w3.org/2011/tracking-protection/130311-gloco.html
12:36:30 [peterswire]
http://www.w3.org/Talks/2013/03-RW-GloCo-Berlin.pdf is Rigo's presentation; scribing here only for supplemental questions/comments
12:37:34 [schunter]
Zakim, who is on the phone
12:37:34 [Zakim]
I don't understand 'who is on the phone', schunter
12:38:38 [schunter]
who is on the call?
12:38:41 [schunter]
Zakim, who is on the call?
12:38:41 [Zakim]
On the phone I see schunter?, Berlin
12:41:13 [peterswire]
rvaneijk says that compliance spec can reference the work of global considerations group; rigo responds that he contemplates a document on global considerations rather than have the reference from the compliance spec
12:41:18 [aleecia]
q+
12:41:24 [Weiss_Yahoo]
q+
12:42:08 [tlr]
ack aleecia
12:42:08 [brookman]
ack aleecia
12:42:29 [peterswire]
rigo emphasizes distinction between things really required in spec, vs. comments about the spec
12:42:40 [aleecia]
ack ale
12:42:50 [peterswire]
aleecia suggests cross-references guide at start of the compliance spec, as a way to answer rvaneijk concern
12:43:22 [aleecia]
ack Weiss
12:43:30 [brookman]
ack weiss_yahoo
12:43:54 [brookman_]
brookman_ has joined #dnt
12:44:27 [brookman_]
brookman_ has joined #dnt
12:44:41 [peterswire]
rico -- if want must/should, then that goes into TPE or compliance spec
12:44:48 [tlr]
s/rico/rigo/
12:45:14 [rvaneijk]
q+
12:45:36 [brookman_]
brookman_ has joined #dnt
12:45:45 [Zakim]
+[IPcaller]
12:45:53 [Walter]
zakim, ipcaller is Walter
12:45:53 [Zakim]
+Walter; got it
12:46:21 [rvaneijk]
q-
12:46:46 [rvaneijk]
Art 5.3 2002/58/EC was ammended by 2009/136/EC
12:46:50 [rvaneijk]
q+
12:47:00 [brookman_]
ack rvaneijk
12:47:14 [Zakim]
+ +40.72.321.aacc
12:47:22 [Zakim]
-Walter
12:47:28 [ionel]
zakim, aacc is Ionel
12:47:28 [Zakim]
+Ionel; got it
12:48:04 [brookman_]
q+ kimon
12:48:11 [peterswire]
rvaneijk emphasizes recital 66 of the 2009 e-privacy directive amendments; mentions browsers and ability to express the consent of the user; the idea of DNT is to use that provision in recital 66
12:48:35 [brookman_]
ack kimon
12:49:22 [peterswire]
kimon -- agrees mostly with rob; but, says recital 66 applied to existing browser settings as well; wants technology neutrality in the law
12:49:22 [vincent]
vincent has joined #dnt
12:49:23 [Thomas_Schauf]
Thomas_Schauf has joined #DNT
12:49:53 [peterswire]
Kimon -- include other applications, beyond the browsers, as ways to indicate consent; e.g., flash not handled in the browser interface and insist that is also included
12:50:05 [jamesgray_dgconnect]
q+
12:50:14 [moneill2]
+q
12:50:57 [aleecia]
(I think Kimon just suggested that now LSOs are part of browser settings, we may already fulfill recital 66 even without DNT. I have not seen that suggested elsewhere. Kimon, is that what you were saying?)
12:51:03 [brookman_]
ack jamesgray_dgconnect
12:51:48 [fwagner]
aleecia, kimon is not on irc….
12:51:57 [aleecia]
<facepalm>
12:52:04 [aleecia]
thanks, Frank
12:52:12 [peterswire]
James Gray - DG Connect: e-privacy revision 2009; change to require "informed consent"; agrees with Rob that recital 66 a way to authorize role for DNT
12:52:24 [brookman_]
james_dgconnect: ack moneill2
12:52:24 [fwagner]
q?
12:52:29 [brookman_]
ack moneill2
12:52:38 [fwagner]
ack moneill2
12:52:39 [peterswire]
Mike O'Neill: in 2009 no way to communicate across domains, from 1st party to 3d parties, that consent had been given
12:52:44 [brookman_]
ack moneill
12:54:42 [brookman_]
q?
12:54:42 [peterswire]
text on slide 8 of rigo's presentation is the 2009 text, with the informed consent language
12:56:03 [Weiss_Yahoo]
has Recital 66 been transposed in all member states?
12:57:54 [Weiss_Yahoo]
Compare and contrast proposed Amendment 108 with existing Article 27 procedure under the DP Act
13:02:50 [peterswire]
Rob -- for slide 14, default settings are a fourth bullet; in EU, if want to transpose DNT to EU, then very relevant what the user default settings are
13:03:13 [Weiss_Yahoo]
q+
13:03:33 [tlr]
ack weiss
13:03:57 [peterswire]
Justin: question of timing; issue when a user is presented with enough information to make a legally effective choice
13:04:11 [brookman_]
s/justin/weiss_yahoo
13:05:31 [peterswire]
Rigo: absence of D
13:05:32 [moneill2]
+q
13:05:44 [rvaneijk]
s/effective choice/active choice/
13:06:51 [brookman_]
ack moneill
13:07:23 [dwainberg]
dwainberg has joined #dnt
13:07:30 [peterswire]
moneill2: regulation allows pseudonymous data as a category; that's still in process of course; another proposal that pseudonymous should not be re-identified later
13:08:34 [Zakim]
+ +49.172.147.aadd
13:09:20 [brookman_]
Are we really going to revisit the debate about whether the standard applies to first parties? That was settled over a year ago.
13:09:50 [vinay]
q+
13:09:55 [brookman_]
ack vinay
13:10:05 [peterswire]
responding to brook man -- my understanding is that EU law simply does not recognize a distinction between 1st and 3d parties
13:10:23 [peterswire]
vinay: adobe, how we implement is that we see DNT:1 and will apply that the same globally
13:10:25 [ninjamarnau]
brookman_ - I think we need to revisit it as part of where 1st/3rd parties fit into the EU controller/processor system
13:11:53 [peterswire]
vinay -- says cheaper to do window shade rather implement DNT different in EU and elsewhere
13:12:03 [brookman]
brookman has joined #dnt
13:12:20 [Thomas_Schauf]
Wolf Osthaus is speaking
13:12:20 [brookman]
This fundamentally changes the purpose of "Do Not Track"
13:13:12 [moneill2]
+q
13:13:32 [peterswire]
Wolf emphasizes the possibility of a contract or other agreement between a first party and data subject; that agreement may override what is in the DNT standard that applies to both first and third parties; don't know how to eal with that issue
13:14:04 [peterswire]
rico -- we will discuss this topic later, when revisit first party issues
13:14:07 [Weiss_Yahoo]
q+
13:14:30 [peterswire]
Rigo -- want to use the tool as button to get 90% of the problems out of the way; that will increase its usefulness
13:14:33 [brookman]
ack moneill
13:14:33 [fwagner]
q?
13:15:01 [peterswire]
moneill2: it's a signaling mechanism to the browser; or could use cookies to signal consent
13:15:18 [brookman]
ack weiss
13:16:21 [peterswire]
justin (Weiss_Yahoo): dividing line in EU is maybe not as simple as characterized so far in the discussion; Art 29 has additional categories, where rules apply to some first and some third parties, but not others
13:16:28 [brookman]
q+
13:17:04 [peterswire]
justin: try to address both asymmetries: 1st/3d parties; also Art 29 WG asymmetries, where there are categories
13:18:04 [Zakim]
+ +1.613.947.aaee
13:18:22 [ninjamarnau]
Weiss_Yahoo also pointed out thet the permitted uses of the working group have asymmetries to the permitted uses under the ePrivacy Directive
13:18:44 [tara]
tara has joined #dnt
13:19:16 [peterswire]
brookman: 1st/3d party distinction has been at the center of DNT since 2007; why revisit that now
13:19:30 [peterswire]
Rigo: DNT is a signaling mechanism; someone sends 1st party a DNT signal
13:19:39 [peterswire]
brook man -- compliance spec says 1st parties are out of scope
13:19:41 [vinay]
+1 to Brookman
13:19:49 [aleecia]
q+
13:19:53 [aleecia]
ack brookman
13:20:18 [peterswire]
rigo: in EU, everyone subject to legal requirements; not the 1st/3d party distinction in EU
13:20:48 [peterswire]
rigo: seeks a 1st party tool for EU, which helps with consent in EU; he wants to reduce the use of window shades
13:20:58 [aleecia]
q-
13:21:06 [peterswire]
Vinay: for 1st party analytics, will need window shade for that
13:22:03 [peterswire]
vinay -- already have a consent mechanism in EU, and it would continue even if have DNT:0, for analytics on first party site
13:22:09 [fwagner]
q?
13:22:20 [peterswire]
rico -- disagrees; if DNT:0 is consent, why still need window shade?
13:22:28 [brookman]
How will Adobe get the DNT:0 signal?
13:22:34 [tlr]
s/rico/rigo/g
13:23:02 [peterswire]
moneill2: DNT:0 or a cookie -- can say OK by user for tracking
13:23:04 [Weiss_Yahoo]
q+
13:23:20 [vinay]
pop-up or window shade (because, almost all users if prompted by the web browsers, in which we have no input in, will select 'tell websites not to track me')
13:25:01 [peterswire]
brookman: something has to happen for Adobe to get the DNT signal and have it count as consent
13:25:31 [moneill2]
q+
13:25:31 [peterswire]
rigo: if unset or DNT:1, have exception mechanism, and site can look to that in the exception API
13:25:43 [vinay]
q+
13:27:01 [brookman]
ack weiss
13:27:02 [peterswire]
Rigo: if define DNT:0, the messaging can be very small; define the average tracking of DNT:0 in the spec itself; only if go beyond that for additional permissions, then window shade or pop up window for those additional actions
13:27:20 [brookman]
+q
13:27:25 [peterswire]
weiss_yahoo: don't focus too much on the tech specifics of the window shade
13:28:44 [peterswire]
weiss-yahoo: one thing servers can do is get consent for everything at once; other extreme is granular and regional
13:29:28 [peterswire]
rigo: in regulated context, law applies, DNT is a tool that allows things within the regulated framework
13:29:51 [brookman]
Yes, it allows you to globally reject certain processing by third parties!
13:30:07 [peterswire]
rigo: DNT can standardize the most common stuff; DNT:0 permits most of what is done, and only get additional consent if do the smaller use cases
13:30:40 [peterswire]
rigo: for sensitive data issues (Art. 8), then need something additional beyond DNT:0; would need to see how to do that
13:31:02 [brookman]
q?
13:31:29 [brookman]
ack moneill
13:32:05 [peterswire]
moneill: two issues; need a consent mechanism, on 1st party sites, something will appear, that should be our focus; don't confuse that with the implied consent problem
13:34:21 [brookman]
ack vinay
13:35:11 [peterswire]
vinay: another concern about changing DNT means is how consumer educated if rely on browsers to manage consent; "tell websites I don't want to be tracked" and haven't had clear messaging from the browsers about different meanings of "tracking" in different markets
13:36:25 [peterswire]
vinay: if defaults with many DNT:1 from browsers, then pop-ups from lots and lots of sites
13:37:09 [peterswire]
rigo: when have that, window shades seem attractive, but not over time; lots of people delete cookies
13:37:25 [peterswire]
aleecia: roughly 50% delete cookies in 6 months, said Comscore
13:37:56 [peterswire]
q?
13:38:32 [peterswire]
brookman: on global default settings, ok to DNT:0 for analytics that doesn't authorize "everything server wants"
13:39:14 [peterswire]
brookman: could do global setting at first run, say no window shades or whatever?
13:39:31 [peterswire]
rigo: yes, a tool exists that is domain based at set-up, do that in a fine-grained way
13:39:47 [brookman]
No user is going to set up their browser to whitelist domains for DNT.
13:39:54 [brookman]
Like five users.
13:40:03 [peterswire]
rigo: don't preclude innovation in permission management; user can start open and go closed; user can start closed and go open; that's an advantage of DNT at the moment
13:41:04 [peterswire]
q+
13:41:10 [brookman]
ack brookman
13:42:46 [brookman]
ack peterswire
13:43:16 [vincent]
brookman, that's why initially I proposed a content/context based exception mechanism. That something that can be built on top of the exception mechanism
13:43:28 [Yianni]
Yianni has joined #DNT
13:43:44 [vinay]
does anyone have the link to comScore's cookie deletion study?
13:45:31 [brookman]
Sensitive data --- another issue we decided not to address as a group over a year ago.
13:46:12 [peterswire]
kimon: in EU, advertising is allowed only for over the counter drugs, so no advertising for the prescription, serious medicines; so medical and advertising is a non-issue
13:47:21 [brookman]
For the record, I do not particularly like window shades.
13:47:39 [peterswire]
shift to session on "Identification of Issues", scheduled for 14:10 start; Peter Swire continues as scribe -- comments here are in that role and not as statements of chair of the working group
13:48:58 [peterswire]
rigo: suggest that we note the issues we just identified
13:50:28 [ninjamarnau]
q+
13:51:13 [brookman]
ack ninja
13:51:58 [peterswire]
ninjamarnau: rather than "audience measurement" discuss DNT:1 permitted uses; under e-Privacy Directive have permitted uses list; interested in aligning these two lists of permitted uses
13:52:09 [aleecia]
We may be interested in ISSUE-98PENDING REVIEWShould we consider applicable laws and regulations, such as the Article 5, paragraph 3 ePriv Dir
13:52:35 [peterswire]
rvaneijk: if you want house this consent mechanism, then must work on exceptions
13:53:01 [peterswire]
break until 10 after the hour
13:54:40 [aleecia]
ComScore, The Impact of Cookie Deletion on Site-Server and Ad-Server Metrics in Australia, January 2011 http://www.stir.nl/upload/documenten/impact-of-cookie-deletion-australiajanuary-20111.pdf
13:56:23 [Yianni]
Yianni has joined #dnt
13:56:41 [aleecia]
Vinay there are other studies but most use self-reported data, which is not so useful for this question, since many users don't know what browser settings / anti-virus software / private browsing they have
13:58:17 [Zakim]
-Ionel
14:05:54 [rigo]
rigo has joined #dnt
14:16:11 [Joanne]
summary of the issues from the first sessions
14:16:12 [Joanne]
Issues 1. Asymmetric Issue bridging gap between DNT which distinguishes first part and third party DNT:0 does not eliminate need for 1st party to provide notice obtain consent (e.g. window shades) and timing question 2. Handling of pseudonymous data (category under EU law) (Article 29 categories asymmetries) and asymmetries with permitted uses) 3. DNT default settings in the EU 4. Compare and contrast proposed Amendment 108 with existing Article 27 proced[CUT]
14:16:32 [Joanne]
please clarify as needed
14:17:54 [Joanne]
add'l issues
14:17:55 [Joanne]
Wolf emphasizes the possibility of a contract or other agreement between a first party and data subject; that agreement may override what is in the DNT standard that applies to both first and third parties; don't know how to eal with that issue (revisit as part of first party discussion) 6. Sensitive data issues (Article 8) - need something beyond DNT:0 to handle (note: main WG decided not to address year ago) 7. discuss DNT:1 permitted uses; under e-Privacy[CUT]
14:18:34 [tara]
Are you back? Phone seems muted still.
14:18:47 [Joanne]
Directive have permitted uses list; interested in aligning these two lists of permitted uses instead of audience measurement
14:18:54 [peterswire]
break hasn't ended yet
14:19:34 [nic]
nic has joined #dnt
14:20:50 [Horax]
Horax has joined #dnt
14:21:04 [Joanne]
some of the listed issues from the earlier session may fall under the scope of Issue 98: http://www.w3.org/2011/tracking-protection/track/issues/98
14:21:56 [rigo]
we'll back in a minute
14:26:01 [tlr]
aleecia, do you see this?
14:26:37 [aleecia]
aleecia has joined #dnt
14:26:45 [aleecia]
scribenick: aleecia
14:27:15 [aleecia]
rigo: list of issues in IRC, incomplete
14:27:44 [aleecia]
(note: http://www.w3.org/2011/tracking-protection/track/issues?sort=product has many already)
14:28:05 [aleecia]
rigo: first party and restrictions, can we simplfy wording?
14:29:08 [aleecia]
issue-14?
14:29:08 [trackbot]
ISSUE-14 -- How does what we talk about with 1st/3rd party relate to European law about data controller vs data processor? -- pending review
14:29:08 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/14
14:29:10 [Zakim]
+Ionel
14:29:21 [tlr]
http://www.w3.org/2011/tracking-protection/track/products/4
14:30:04 [aleecia]
tlr: go with Rigo's issues, reconcile with prior work after
14:30:12 [aleecia]
... clean slate
14:30:42 [aleecia]
... leave tracker alone for now and reconcile later
14:30:42 [aleecia]
rigo: agree.
14:31:18 [aleecia]
vinay: better way to phrase, exception and 1st parties separated out
14:31:40 [aleecia]
... how does exception mech, implication of contracts, and other relationships affect it? Related but different issues
14:32:21 [aleecia]
[note for those on the phone, Rigo is updating slides in real time to capture discussion]
14:33:02 [aleecia]
rigo: make a standard, then diff to the user. Your information need to the user is condensed. We have to discuss if this works
14:34:14 [aleecia]
... next issue, becomes a subpart of issue 1
14:35:25 [aleecia]
... do we have an issue on pseudonymous data? New regulation has implications here
14:35:43 [aleecia]
Vinay: only need if we discuss the laws
14:35:59 [aleecia]
tlr: it's an issue, we're talking about it
14:36:16 [aleecia]
kimon: what about anon issue, is that a different issue?
14:36:40 [aleecia]
rob: if it's anon, we don't need to worry about it. Only worry about the process of de-identification.
14:36:45 [Thomas_Schauf]
q+
14:37:06 [rigo]
q?
14:37:09 [rigo]
ack Thomas_Schauf
14:37:18 [aleecia]
Thomas: we need to take into account DNT unset
14:37:40 [aleecia]
... need discussion on scope of DNT, defn of anonymous data, and personal information
14:38:00 [aleecia]
... not only as DNT default in EU, if you want a global standard at the end
14:38:33 [aleecia]
rigo: in european context we have start up screen as suggested solution to meet consent requirement
14:38:37 [rvaneijk]
q+
14:38:51 [aleecia]
Thomas_Schauf: is that EU only or global?
14:39:10 [aleecia]
rigo: ok, doing that as subpoint
14:39:34 [aleecia]
q+
14:39:48 [aleecia]
rigo: defaults are Peter's discussion
14:40:49 [aleecia]
cross-talk suggesting regional, not just EU
14:40:57 [Zakim]
- +49.172.147.aadd
14:41:14 [peterswire]
q?
14:41:18 [aleecia]
rigo: main defaults question is WG and not task force discussion
14:41:23 [aleecia]
ack rva
14:41:56 [kj]
kj has joined #dnt
14:42:05 [aleecia]
rvaneijk: defaults in EU is one scenario that might play out there's no gap between tech standard and becoming compliant. Other use cases will have DNT standard but needs additional things to be legally compliant
14:42:17 [aleecia]
... in most cases there is a gap between DNT spec and legal
14:42:33 [aleecia]
... additional requirements to become legally requirement
14:43:01 [aleecia]
... relevant because if we do not accept starting position to becoming legally requirement via DNT, we should not pursue that use case
14:43:17 [Zakim]
-schunter?
14:43:31 [aleecia]
... could be a remark, but "if you claim to be DNT compliant does not mean you are legally compliant"
14:43:43 [aleecia]
q?
14:43:55 [brookman]
ack aleecia
14:44:18 [kj_]
kj_ has joined #dnt
14:44:18 [peterswire]
q+
14:46:06 [aleecia]
aleecia: we have already figured out that DNT unset means have not consented, do we need it as an issue?
14:47:57 [rigo]
q?
14:47:57 [brookman]
ack peterswire
14:48:07 [aleecia]
summary of discussion, no one had changes they proposed
14:48:27 [aleecia]
peter: for anon and de-id, main group has done work already
14:48:54 [aleecia]
rob: that's the pain point, we have not met the EU standards under Shane's definition
14:49:29 [aleecia]
... the point where we stopped was data retention time. Shane is at 18 months if de-identified. For me, need to look at purpose, 24 hours could be long enough.
14:49:36 [brookman]
If third parties can do behavioral tracking despite DNT:unset in the EU, it will not be because of this document. That will be an interpretation of existing (or future) EU law.
14:49:47 [brookman]
s/this document/any document this group issues
14:49:55 [aleecia]
Rigo: put that under pseudonymous discussion
14:50:02 [aleecia]
swire: and anon as well?
14:51:07 [rigo]
q?
14:51:26 [aleecia]
discussion summary:
14:51:54 [aleecia]
if something is pseudonymous enough, do we have to address it? Or does retention time / use still matter?
14:52:32 [aleecia]
rigo: if not part of consent mechanism, it's out of scope or permitted use, which has a description of it
14:53:20 [aleecia]
rigo: would add article 27 procedure under data protection
14:53:21 [Zakim]
-Ionel
14:54:28 [ninjamarnau]
ninjamarnau has joined #dnt
14:54:58 [aleecia]
rob: fundamental question, if the answer is no, we're doing something completely different with DNT.
14:55:27 [aleecia]
... do we still go for that solution or not? If we find it infeasible to use DNT for consent, we need to feed that back to the big group
14:56:18 [aleecia]
rigo: sensitive data issue
14:56:26 [aleecia]
... article 8, medical data
14:56:46 [aleecia]
... in P3P we had issues with double click declaring medical data
14:56:58 [aleecia]
... Kimon says there's no pharma advertising so the issue goes away
14:57:09 [aleecia]
... is there an article 8 issue or can we skip it?
14:57:27 [aleecia]
... if we believe we have to deal with sens data, could have window shade like requirements
14:57:42 [aleecia]
... could need additional consent, and javascript API
14:57:48 [aleecia]
... should we keep or strike?
14:58:11 [aleecia]
rob: keep it. More than just pharma ads, not even in art 8
14:58:43 [aleecia]
... fine grained geo-loc, for example
14:58:58 [aleecia]
aleecia: already out by the compliance doc
14:59:22 [fwagner]
+q
14:59:41 [aleecia]
tlr: geo as browser API is orthogonal to this, but inferred other ways (e.g. IP address, or restaurants in small area in search) that could be interesting
14:59:59 [aleecia]
... if I've consented by geoloc API, that's already consented
15:00:13 [aleecia]
rigo: if geoloc, isn't it an issue for Compliance and not GC?
15:00:28 [aleecia]
tlr: we have text and closed issue
15:00:29 [rigo]
q?
15:00:34 [aleecia]
... not heard request to reopen
15:00:51 [brookman]
Are we really going to tmodulate this document to take into account every country's sector-specific law?
15:00:59 [brookman]
Do we need a section on US video record law?
15:01:07 [ninjamarnau]
q+
15:01:09 [aleecia]
peter: maybe Rob could review geoloc
15:01:17 [aleecia]
nope, we have "don't break the law"
15:01:31 [brookman]
It was a rhetorical question! :)
15:01:49 [aleecia]
frank: geoloc could be an issue, depends on purpose
15:02:01 [brookman]
I thought ISSUE-15 (closed) addressed this, but sadly it only mentions kids . . .
15:02:11 [aleecia]
... geoloc api does not mean consent for all time
15:02:44 [aleecia]
rob: pharma ads don't need to deal with, so can we remove art 8 in the whole? Perhaps other categories, but maybe not geoloc. Are there others?
15:03:00 [aleecia]
swire: sexual orientation is an example
15:03:26 [aleecia]
apple & orange?
15:03:32 [aleecia]
political affil?
15:03:48 [fwagner]
q?
15:03:51 [brookman]
law > DNT
15:03:55 [fwagner]
q-
15:04:19 [ninjamarnau]
q-
15:04:29 [brookman]
ack ninja
15:04:31 [aleecia]
aleecia: can't kill this as an issue yet, maybe we can with more thought
15:04:39 [aleecia]
ninja: (too quiet to hear)
15:05:04 [aleecia]
swire: sensitive data not part of compliance
15:05:28 [aleecia]
rigo: DNT:1 permitted uses under e-priv directive
15:05:49 [ninjamarnau]
sorry, wanted to support what peter said. profiling could lead to information about sexual orientation, religion, origin etc.
15:05:59 [aleecia]
rob: can we spell out asymmetry here?
15:06:09 [aleecia]
... justin raised it but
15:06:28 [aleecia]
Justin: what would be a permitted use in e-priv, and first v third party
15:06:49 [aleecia]
... US v. EU, permitted use and/or exception could differ
15:08:24 [aleecia]
?: we now refer to e-priv only, is that intended?
15:08:42 [aleecia]
... existing privacy directive, and e-priv is only cookies
15:08:51 [aleecia]
... need current and future too
15:09:18 [aleecia]
... exemptions is not just e-priv directive, more general
15:09:26 [aleecia]
... also national laws
15:09:42 [aleecia]
... example, German law with other exemptions
15:10:02 [aleecia]
justin: asymmetry in laws
15:10:16 [aleecia]
q?
15:10:19 [rvaneijk]
q+
15:10:47 [brookman]
s/justin/weiss_yahoo
15:10:54 [rigo]
q?
15:11:07 [aleecia]
(thanks, sorry)
15:11:09 [rigo]
q?
15:11:10 [rigo]
ack rvaneijk
15:11:16 [dwainber_]
dwainber_ has joined #dnt
15:11:19 [aleecia]
rob: can we bridge asymmetry?
15:11:25 [aleecia]
... or do we always have a gap?
15:12:10 [aleecia]
weiss: what do we *need* it to do to get to compliance. Let's find the delta to the main document. Maybe there is a way to address them, but I want to make sure that all of the exceptions I get the benefit of as an EU company are preserved
15:12:34 [aleecia]
... to the point about reconciling in one signal and one server call is a concern
15:13:44 [aleecia]
rigo: permitted uses that are allowed in EU are not missing from compliance list, but should check
15:13:52 [aleecia]
weiss: first party analytics
15:13:56 [aleecia]
q+
15:14:24 [aleecia]
rob: not the biggest point to worry about. "Audience measurement" more an issue
15:15:09 [aleecia]
rob: could not exempt first party analytics but it is what we would have advised
15:15:17 [aleecia]
rigo: need to discuss
15:15:44 [aleecia]
... if we put this in and get recognition from Art 29 WP, could work
15:15:52 [aleecia]
weiss: is that realistic?
15:16:04 [aleecia]
rob: highly legal env, can only go as far as the law says
15:16:07 [aleecia]
q?
15:16:31 [aleecia]
rigo: amendment 108 discussion but in the mean time, could have tolerance if this is accepted practice
15:16:32 [brookman]
"tolerance" . . .
15:16:43 [aleecia]
tlr: would like to hear from Thomas
15:16:47 [rigo]
q?
15:17:02 [tlr]
q+ thomasSchauf
15:17:55 [peterswire]
q+
15:17:58 [Horax]
Horax has joined #dnt
15:18:19 [aleecia]
ack aleecia
15:18:21 [rigo]
q?
15:18:30 [brookman]
This discussion somewhat belies that argument that Europe doesn't care about the difference between first and third parties
15:18:39 [brookman]
ack peter
15:18:45 [aleecia]
swire: defn of first party not discussed, but has corporate group. Holding company with multiple brands. Does that work in EU?
15:19:02 [aleecia]
rob: legal perspective, legal entity
15:19:16 [aleecia]
swire: controller is narrower and different in EU
15:19:46 [aleecia]
rob: sometimes wider because of data processor, which becomes part of first party
15:20:03 [aleecia]
weiss: yes, under 95 directive
15:20:34 [aleecia]
rigo: what about wholly owned subsidiary?
15:20:48 [aleecia]
... your company but diff legal entity. One party?
15:21:14 [aleecia]
ninja: different controllers in Germany
15:21:15 [ionel]
ionel has joined #dnt
15:21:19 [peterswire]
q-
15:21:46 [tlr]
ack thomas
15:21:50 [aleecia]
thomas: raising eyebrows to trying to find european standard. Ideally one standard with local taken into account
15:22:11 [aleecia]
rigo: working with EU on recognition of W3C standards
15:22:32 [Thomas_Schauf]
q+
15:22:38 [aleecia]
... make one standard, earn beneficial legal effects. Remains global standard but get recognition
15:22:50 [aleecia]
Thomas: one global standard, yes or no?
15:22:54 [ninjamarnau]
to extend aleecia's scribing: if a corporate group contains several legal entities (Ltd., Inc., Corp, AG) these are several controllers, not one single controller
15:23:24 [aleecia]
rigo: hope is we can create one DNT with two docs that work globally
15:23:29 [aleecia]
... is a hope
15:23:52 [aleecia]
,,, means checking entire document against EU laws. But we aren't there yet
15:24:13 [aleecia]
Rigo: going through mind map to see if other issues
15:25:36 [aleecia]
... do not have defn of DNT:0 marked down yet, central
15:26:13 [aleecia]
... use P3P data classes, firefly which was bought by MSFT, wanted full set of online collectable data. Could use it here.
15:26:33 [aleecia]
tlr: that's a possible solution, we're working on problem defn
15:26:41 [rvaneijk]
q+
15:26:56 [vinay]
q+
15:27:14 [tlr]
thoma_schauf, on the queue from before, or newly on the queue?
15:27:32 [aleecia]
rigo: content of the consent message when you get DNT:0
15:27:38 [aleecia]
ack tho
15:27:39 [rigo]
q?
15:27:47 [aleecia]
ack rva
15:27:51 [Thomas_Schauf]
-q
15:28:00 [aleecia]
rob: see you are connecting purposes to DNT:0
15:28:06 [aleecia]
rigo: need specific consent
15:28:12 [aleecia]
rob: limited list, though.
15:28:32 [aleecia]
... for exceptions, data minimization, no secondary use, etc. - including in this text as well?
15:28:51 [aleecia]
... limited list gets purpose limitations. Second is addtional limitations like we did with exceptions.
15:29:18 [aleecia]
Rigo: DNT:0 makes sense only if we make the assumption that all processing of personal data is prohibited unless you have a legal ground or consent
15:29:30 [aleecia]
... all those limitations apply
15:30:05 [aleecia]
... suggestion, define DNT:0 in broad way we get rid of 99% of window dialogs
15:30:18 [aleecia]
... "do you want the commercial web to work, yes / no" instead of fine grain
15:30:46 [aleecia]
... under finality principle and other principles apply here. for the US, irrelevant anyway.
15:30:59 [aleecia]
... use an "at least" definition
15:31:08 [aleecia]
rob: address asymmetry here as well
15:31:40 [aleecia]
rigo: asymmetry is there in legal framework, can explain it, but don't have to make it explicit. You would destroy the American model.
15:33:22 [aleecia]
rigo: two possible deliverables. Normative text goes into main docs, or a set of best practices
15:34:01 [brookman]
q?
15:34:12 [brookman]
ack vinay
15:34:14 [aleecia]
justin: you mean specifying absolutely not tracking? (hilarity ensued)
15:34:51 [aleecia]
vinay: if compliance defines tracking and is geared to 1st or 3rd party, would we need to change the defn of track, or have a different DNT:1 for GC?
15:35:12 [aleecia]
... if track or DNT:1 is defined, do we need a way to define it differently?
15:35:33 [aleecia]
swire: within WG, people feel we must define tracking, and must not define tracking. Conflict.
15:36:04 [aleecia]
... for global reasons if we have DNT:1 and :0 makes it even harder to have normative defn of tracking, because regional (laws?) may be different
15:36:33 [aleecia]
... not having tracking defined, there's 23 things that say what you may do, but nothing on top of that. If they work for DNT:0 and :1, that's great
15:36:39 [brookman]
In Cambridge, we were getting close to a definition of "tracking" based on what I proposed: tracking is "the collection and retention of data across multiple parties' web domains in a form such that it can be attributed to a specific user or device
15:36:59 [aleecia]
vinay: by selecting DNT:0 you're allowing first party analytics, but in most of the world that would be ok with DNT:1
15:37:13 [aleecia]
...wouldn't the defn of DNT:0 change?
15:37:41 [aleecia]
rigo: -- loses scribe. huh?
15:38:03 [aleecia]
swire: EU has its law. Say it's the strictest. Then DNT:0 good globally
15:38:17 [aleecia]
vinay: browser says what to users?
15:38:25 [aleecia]
rigo: they don't, you tell them
15:38:38 [aleecia]
vinay: but the choice is made before they reach a website
15:39:13 [aleecia]
rigo: when they come to you, ask them to change, and you present it
15:40:00 [aleecia]
... if we don't want the battle on defaults, give a choice upfront
15:40:18 [aleecia]
vinay: if we want informed choice, we tell them pros and cons of both choices
15:40:22 [wolf]
wolf has joined #dnt
15:40:48 [brookman]
q?
15:41:06 [brookman]
I think this is an open issue :)
15:41:10 [aleecia]
ninja: what does a browser need to do to get informed consent for DNT:1 and :0?
15:41:29 [aleecia]
vinay: if it differs regionally, how do browsers explain?
15:41:39 [aleecia]
... changes the defn of what DNT means
15:41:47 [Weiss_Yahoo]
i'm surprised we've gone this long having avoided the word browser 'wizard'
15:41:51 [aleecia]
... if DNT:1 is regional, DNT:0 is too
15:42:00 [rvaneijk]
q+
15:42:30 [aleecia]
brookman: DNT:0 means you can track me anywhere, for example.
15:42:41 [aleecia]
... then refine "anywhere"
15:42:45 [rigo]
q?
15:42:46 [rvaneijk]
q-
15:43:00 [aleecia]
q?
15:43:07 [brookman]
MOVING TO MARKET RESEARCH
15:43:12 [brookman]
AKA AUDIENCE MEASURESMENT
15:43:20 [aleecia]
rigo: nine issues so far, time to move on
15:43:25 [rigo]
zakim, who is here?
15:43:25 [Zakim]
On the phone I see Berlin, +1.613.947.aaee
15:43:26 [brookman]
s/measuresment/measurement
15:43:27 [Zakim]
On IRC I see wolf, Horax, dwainber_, ninjamarnau, kj, aleecia, nic, rigo, Yianni, tara, brookman, Thomas_Schauf, vincent, moneill2, rvaneijk, jamesgray_dgconnect, Cordula_Zimmer,
15:43:27 [Zakim]
... Zakim, Weiss_Yahoo, vinay, haakonfb, Joanne, fwagner, RRSAgent
15:43:42 [aleecia]
scribenick: vinay
15:44:04 [vinay]
Asking whether we switch topics to Market Research due to time constraints/obligations/availability
15:44:15 [vinay]
Q: Does anyone on IRC care/need to talk about Market Research?
15:44:35 [vinay]
Susanisrael expressed interest, but may not be available for a call today
15:45:03 [vinay]
Tara: Market research is a topic she cares about, but not high on her priority list where she needs to discuss it now
15:45:21 [vinay]
peterswire: I don't have a list to call on, and didn't know he was chairing
15:45:59 [vinay]
... but he thought that since we have al ot of knowledgeable people in the room, that we should discuss it to give him (and the group) more info so we can present this to the group
15:46:09 [vinay]
Rigo: checking how long we have the room. We are 30 minutes late.
15:46:21 [vinay]
Peterswire: WOuld like to have the conversation at some point during the 2 days
15:46:45 [vinay]
Rigo: Perhaps we can have this another time, or discuss it over dinner. Prefer to have it now
15:47:00 [Chapell]
Chapell has joined #DNT
15:47:08 [vinay]
Fast .. lets track Kimon!
15:47:40 [vinay]
we're trying to get all the relevant people in the room
15:47:44 [vinay]
we're not on an official break
15:47:59 [vinay]
Peter is now chairing
15:48:02 [vinay]
Mission accomplished! We've found Kimon
15:48:26 [vinay]
We have a lot of knowledgeable people in the room right now. Kathy Joe provided language to the grou
15:48:39 [vinay]
...p. Rigo is presenting it on the screen.
15:48:58 [vinay]
Justin was part of the working group that came up with the language Kathy proposed
15:49:01 [vinay]
Justin wasn't part of the group
15:49:08 [vinay]
he was an outsider; and he expressed some concerns over the languag
15:49:37 [vinay]
Concerns: 1) audience measurement still allows for 3rd parties to monitor all my web traffic (albeit for understandable purposes)
15:50:13 [vinay]
found useful: 1) hard requirement that data be anonymized (or did he say pseudonymized); and 2) a hard 53 week retention period
15:50:34 [vinay]
Made the argument that the reports are meant to calculate 1-year
15:51:02 [vinay]
Justin: The other language was not as important because you can still do A LOT with it
15:51:28 [vinay]
PeterSwire: Are these practices different/in line with EU practices?
15:51:42 [vinay]
Kimon: Haven't had a chance to discuss this with his members yet
15:52:25 [vinay]
Peter question to Kimon: Is pseudonymous common in the EU? (like a cookie ID; but not PII like email/name/phone number)
15:52:43 [vinay]
Kimon: Cannot commit; but as far as he knows as limited to audience measurement, you drop a cookie/ use a tag
15:53:10 [vinay]
Justin: I imagine other demographic information is relevant, like age, location, etc.
15:53:39 [vinay]
Kimon: What market research is doing is two things: 1) What is the market share of each of the websites; and 2) (_____) I couldn't catch it
15:53:55 [vinay]
Fundamental problem of research is trying to adjust the numbers
15:54:59 [vinay]
What the large companies do is adjust the numbers against panels (consent-based model); if the panel is large enough, the audience can be used to better the measurements to accrue for inconsistencies
15:55:14 [rvaneijk]
q+
15:55:30 [vinay]
q-
15:55:34 [rigo]
ack rvaneijk
15:56:20 [vinay]
Rvaneijk: two points. Kathy sent the group a document that has notes. Looked at hte document closely. Takes into account a lot of info that he would consider PII (user account info, unique registrant, etc.) . Many categories of data that has to deal with a specific user
15:56:47 [vinay]
... 2) The presentation that David Stark presented contains reports (slides still online) that were meant to show aggregated reports. It said 'unique user'...
15:57:04 [ninjamarnau]
q+
15:57:15 [vinay]
... The report shows aggregated results; but it uses browser-level data
15:57:27 [peterswire]
peterswire has joined #dnt
15:57:27 [vinay]
... Signaling DNT needs to be meaningful
15:57:33 [peterswire]
q?
15:58:35 [vinay]
Rvaneijk: audience measurement is something he clearly sees fit within DNT. its a business model that includes data flows that a lot of people may feel uneasy about. So, DNT:1 has meaning towards this type of data
15:58:38 [Weiss_Yahoo]
q+
15:58:58 [vinay]
Ninja: If we're talking about pseudonymous data, if we're talking about pseudonymous data as yello data, there are a lot of shades of yellow
15:59:31 [vinay]
... even if you do not have directly identifiable data, if you have enough indirect data, you need to see the context/aggregation to see if it can be re-personalized. needs to be careful about darker yellow categories
15:59:43 [vinay]
rvaneijk: do we need to place limitations on the collection, or the use?
15:59:52 [ninjamarnau]
q?
15:59:58 [ninjamarnau]
ack ninjamarnau
16:00:03 [vinay]
wiess_yahoo: one challenge he sees is on how broadly we define terms like research.
16:00:27 [vinay]
... certain kinds of research may be allowable (even if it contains PII)
16:00:31 [rvaneijk]
q+
16:00:42 [vinay]
... this topic has an ambiguity to it on the purpose for what the data will be used for
16:01:04 [rigo]
ack Weiss_Yahoo
16:01:06 [vinay]
... there may be multiple uses of this data. a one-size fits all rule may be challenging for this use case
16:01:39 [vinay]
peterswire: this got started with meetings with Kathy Joe @ esomar. The term I've found 'market resarch' is confusing enough that i'd like to move away from using the term 'audience measurement'
16:01:46 [brookman]
brookman has joined #dnt
16:01:48 [vinay]
... this new term has fewer ambiguities
16:02:05 [vinay]
... can imagine there would be a functioning economy for this on the internet
16:02:12 [brookman]
(an industry that was previously based entirely on opt-in data)
16:02:32 [vinay]
... On hte internet, there are a bunch of things that can happen without the opt-in
16:03:50 [vinay]
... this group may determine that the nielsen-type may not need to be affected. it may decide that it is a permitted use. what peter wants is to understand how this sort of issue will be thought about in the legal EU context
16:04:05 [vinay]
weiss_yahoo: the 'research' status is relevant under EU law; and it is evolving
16:04:25 [vinay]
... whether that kind of use has been addressed in the Art 29 WP on this
16:04:35 [vinay]
... some of it may fall under a subset of analytics
16:04:49 [vinay]
q?
16:04:49 [rigo]
q?
16:04:52 [peterswire]
q/
16:04:56 [peterswire]
Q?
16:05:05 [rvaneijk]
q-
16:05:26 [vinay]
Kimon: in the offline world, you would be putting people on the bridge to count the number of cars driving each way
16:05:39 [vinay]
... you would have people asking drivers specific questions on where you are driving to
16:05:42 [brookman]
I can't think of cross-site passively-collected "market research" that can't also be defined as "audience measurement"
16:05:56 [vinay]
... in the online world, you have limitations. for example, you have surveys and panels
16:06:10 [vinay]
Peterswire: there haven't been much arguments about the panels
16:06:21 [vinay]
... but there is strong concern over DNT:1 and the 'watching them on the bridge' example
16:06:25 [brookman]
q?
16:07:10 [vinay]
Rigo: I think market research is needed. I'm not saying that its not needed. The Q is does it create databases that law enforcement can access. Concern that they need to watch all of us to see whether the people they've got to sign up is honest
16:07:34 [vinay]
kimon: It always comes back to (_____) Something (I missed it)
16:07:39 [fwagner]
fwagner has joined #dnt
16:08:04 [aleecia]
q+
16:08:08 [vinay]
... don't share your mistrust.
16:08:30 [brookman]
If we can't fix government access issues, then we absolutely have to care about industry databases.
16:08:45 [Weiss_Yahoo]
+1 to Kimon's point about differentiating risks presented by the Gov't from risks presented by mere 'holding' of data for legitimate purposes by industry
16:09:05 [vinay]
... on the industry point, we need to come to the conclusion on whether 'we are evil', 'if we're big brother', or 'if we're agreeing where the risk lies'
16:09:20 [vinay]
... in Kimon's view, audience measurement isn't that scary
16:09:38 [vinay]
Justin Brookman: SHould I have any control over a 3rd party watching me for audience measurement?
16:09:45 [vinay]
kimon: it's all a balance in society
16:09:50 [peterswire]
Q?
16:09:50 [vinay]
Justin: what's your answer
16:09:55 [vinay]
Kimon: you have a control
16:10:44 [vinay]
Aleecia: I'm not looking at this from a state-actor or data-breach perspective. I'm looking at it from a population/consumer perspective that have said "I do not want to be tracked"
16:11:08 [vinay]
... so the question becomes "from a public policy perspective, where do we say 'even though you haven't consented (or you have said no), we still want to track you anyways)
16:11:27 [vinay]
... in the past, we've had a very small set of uses that said we still need to track you anyways
16:11:37 [vinay]
... then we starte dgoing down to use/retention/narrow scope
16:12:03 [vinay]
... the question that I have is: "Does this audience measurement rise to the level of 'we don't care what you want, we're doing it anyways'?"
16:12:35 [vinay]
... "does it rise that level?" I'm looking for the argument on why that's so vital
16:12:45 [vinay]
Kimon: So, if I'm a website, I have to finance myself somehow
16:13:17 [vinay]
... If I'm an advertiser, I have to know how effective my offer is. To know whether I should continue knowing whether I should market online.
16:13:23 [vinay]
... I also want to know about my market share
16:13:45 [moneill2]
q+
16:13:49 [vinay]
... Its to know 'what is my market share'? If we don't know how many people are online, the "Internet starts breaking a bit"
16:13:54 [brookman]
Panel data has worked in other industries for years
16:14:06 [brookman]
ack aleecia
16:14:10 [vinay]
Aleecia: What I hear is, we need to be able to perform analytics on the site, but we need to do analytics across sites.
16:14:15 [vinay]
Kimon: That's not what I'm saying
16:14:59 [vinay]
Aleecia: I'm hearing this as an end-run against independent data rights
16:15:08 [vinay]
Kimon: Its not. It's about aggregation
16:15:12 [rigo]
q?
16:15:14 [peterswire]
Q?
16:15:33 [vinay]
rvaneijk: I think there are ways ot move forward here; but it may be from my lack of understanding. I have a feeling that hte data collection is not proportionate
16:16:24 [vinay]
... on the bridge example, i write down the license plate and collect other information like car type/ etc.. The question becomes, that event level data, is there a way to anonymize/de-identify it so that there are no license plates there?
16:16:26 [rigo]
q+
16:17:04 [rigo]
rrsagent, set log public
16:17:07 [vinay]
kimon: its unfortunate we don't have our colleagues here to look at this more closely
16:17:12 [rigo]
RRSAgent, please draft minutes
16:17:12 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/03/11-dnt-minutes.html rigo
16:17:19 [Weiss_Yahoo]
q+
16:17:28 [rigo]
ack moneill2
16:17:29 [brookman]
I suspect it's not that easy, but I am still curious about how much the passive measurement data really fine tunes the panel data at the end of the day.
16:17:39 [brookman]
ack moneill
16:17:52 [vinay]
moneill: if you limit the identifier for a short period of time, maybe that can solve some of the issue? you don't need to keep the data that long
16:17:57 [vinay]
(did I get that right?)
16:18:51 [vinay]
Rigo: If we define a permitted use for audience measurement, then we could define it in a restrictive way
16:19:09 [vinay]
... then we could set restrictions, such as 'you cannot use this for calibration...'
16:19:23 [vinay]
... htere is an advantage to set audience measurement as a permitted use so you can set the space
16:20:04 [peterswire]
Q?
16:20:09 [brookman]
ack rigo
16:20:13 [brookman]
ack weiss
16:20:47 [vinay]
weiss_yahoo: Companies are measuring log files. Some of the purposes are permissable for permitted uses
16:21:13 [vinay]
... the log files are still there (because of other permitted uses)
16:21:20 [vinay]
... companies have logical silos
16:21:38 [peterswire]
Q?
16:21:50 [vinay]
... there is no 1:1 data collection/data storage/data use -- so there's a challenge when there are multiple purposes
16:22:21 [aleecia]
aleecia has joined #dnt
16:23:18 [aleecia]
q+
16:23:34 [aleecia]
q-
16:24:16 [vinay]
weiss_yahoo: the closer analogy I see is frequency capping
16:24:37 [vinay]
... added benefit of it had some consumer protection element ( so consumers don't see the same ad over and over again)
16:25:33 [vinay]
aleecia: double-keyed cookies would help remove some of the privacy concerns
16:26:45 [vinay]
... I think frequency capping was about money
16:27:31 [vinay]
... double-keyed cookies is in non-normative text
16:27:34 [dwainberg]
dwainberg has joined #dnt
16:28:00 [dwainberg]
dwainberg has left #dnt
16:28:33 [vinay]
... Aleecia: a lot of people said they could live with the idea of double-keyed cookies
16:28:36 [aleecia]
Nooooo!
16:28:47 [vinay]
Rigo: we have the room until 2100
16:29:37 [vinay]
rvaneijk: would be interesting to recap the discussion on frequency capping
16:29:48 [Zakim]
+ +1.917.934.aaff
16:29:49 [vinay]
... shows a need and a privacy-friendly alternative
16:30:03 [susanisrael]
susanisrael has joined #dnt
16:30:20 [vinay]
... average time I spend on a specific side of the website is web analytics (first party)
16:30:21 [rigo]
zakim, aaff is Susan_Israel
16:30:22 [Zakim]
+Susan_Israel; got it
16:30:28 [vinay]
... the analody of frequency capping is not a good one
16:30:36 [vinay]
analogy/ not analody
16:30:45 [vinay]
aleecia: I agree with what Rob said
16:30:53 [vinay]
... is there a way that's good enough?
16:31:12 [vinay]
... Is there a time component that you're doing audience measurement (with, for example, data for one day)?
16:31:21 [brookman]
Is panel data plus non-DNT:1 census users enough?
16:31:34 [brookman]
Which is more than you get for other industries.
16:31:36 [vinay]
Kimon: Not sure if the timing data is enough; but I'll take this back
16:32:41 [vinay]
rvaneijk: Not sure what we're really dealing with. sounds like a large exception for advertising
16:32:54 [vinay]
... if we're talking about behavioral advertising, do we need aggregate reports?
16:33:24 [vinay]
... How does that work?
16:37:25 [fwagner]
fwagner has joined #dnt
16:37:39 [vinay]
rvaneijk: what would be the added value for DNT (since they already have an opt out)
16:38:48 [vinay]
rvaneijk: David Stark talked about a way to provide visibility. how can the consumer figure out who the audience science companies are?
16:39:12 [vinay]
kimon: if we integrate everything in to DNT, we need to evaluate whether it makes sense to put everything in the same basket
16:40:18 [vinay]
rvaneijk: DNT needs to be meaningful; and right now its not meaningful to him
16:40:27 [vinay]
rigo: can there be an opt out for measurement?
16:40:41 [susanisrael]
i think of audience measurement as being primarily about measuring the audience for content. Of course, this will be a first-party use in most cases.
16:41:46 [susanisrael]
most magazines were sold on a subscription basis and there was a lot of demographic analysis of those subscriber lists
16:42:42 [vinay]
Aleecia: is this enough of a problem to tell people they don't have choices anymore?
16:42:52 [vinay]
peterswire: once a user clicks DNT, it hsould mean something
16:43:03 [rigo]
q+
16:43:12 [vinay]
... core point from privacy: it needs to mean stop collecting data across sites; and can't keep it for 13 months
16:43:33 [vinay]
... for industry it needs to bring value and insight so they can best determine how to manage advertising spend
16:43:40 [vinay]
Kimon: can't forget the diversity of the internet
16:43:44 [vinay]
... lots of different players
16:44:03 [ninjamarnau]
q+
16:44:06 [susanisrael]
+1 to content diversity point
16:44:21 [vinay]
Aleecia: not taking away own-site analytics
16:44:29 [rigo]
susan, can you hear it well?
16:44:48 [vinay]
... wouldn't also removing those small guys not have that large of an impact to your counts?
16:45:29 [susanisrael]
rigo, I can hear some people better than others. thanks. Not perfect, but I get the idea.
16:46:13 [vinay]
Kimon: an advertiser may say "I don't trust you, NYTimes.com, I want to hear from someone independent"
16:46:22 [vinay]
brookman: Why can't you use analytics instead?
16:46:27 [susanisrael]
agree that third party measurement is often required to establish trust
16:46:35 [susanisrael]
*thanks, Rigo
16:47:01 [fwagner]
Rigo - try to use the different microphones on the table, re arrange them
16:47:02 [vinay]
rvaneijk: This is not just limited to the web. AppNexus does thisi via cookies and fed back to the advertisers. This is also mobile; and all across the internet
16:48:15 [vinay]
rigo: have had very nice research done here. what do you think the willingness of the industry is to 'stuff the DNT:1 users' into the same bucket so you don't get as much info about them as you do from others?
16:48:24 [rvaneijk]
http://www.appnexus.com/ebay-case-study
16:48:26 [vinay]
... is there a way to reduce the data but continue to measure
16:48:36 [vinay]
... do you need all this data for the complete picture?
16:49:51 [vinay]
peterswire: was talking to a company in the us about this. what are the characteristics of users between DNT:0 and DNT:1?
16:49:57 [vinay]
... this company hasn't done the research yet
16:50:11 [vinay]
... but was wondering if users who set it have different charecteristics from it
16:52:20 [vinay]
Rigo: the largest and fiercest resistance he's seen in implementation is when people have software they are unwilling to change
16:54:15 [vinay]
rvaneijk: maybe the industry needs to innovate?...
16:54:45 [vinay]
Back to Rigo
16:54:50 [vinay]
Rigo: last part on the agenda today
16:54:59 [vinay]
<Details unimportant to the record>
16:55:25 [Zakim]
-Susan_Israel
16:55:52 [tara]
Thanks, everyone! Bye!
16:56:03 [Zakim]
-Berlin
16:56:08 [Zakim]
- +1.613.947.aaee
16:56:10 [Zakim]
T&S_Track(DNT)8:00AM has ended
16:56:10 [Zakim]
Attendees were +40.72.321.aaaa, +49.303.3.aabb, Berlin, schunter?, Walter, +40.72.321.aacc, Ionel, +49.172.147.aadd, +1.613.947.aaee, +1.917.934.aaff, Susan_Israel
16:56:14 [rigo]
thanks, hear you tomorrow
16:56:20 [rigo]
rrsagent, please draft minutes
16:56:20 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/03/11-dnt-minutes.html rigo
17:11:44 [rigo]
zakim, bye
17:11:44 [Zakim]
Zakim has left #dnt
17:11:52 [rigo]
rrsagent, bye
17:11:52 [RRSAgent]
I see no action items