17:59:54 <RRSAgent> RRSAgent has joined #dnt
17:59:54 <RRSAgent> logging to http://www.w3.org/2013/06/03-dnt-irc
17:59:59 <tlr> rrsagent, make record team
18:00:17 <Zakim> Team_(bar)18:00Z has now started
18:00:23 <Zakim> + +1.202.347.aaaa
18:00:25 <Zakim> - +1.202.347.aaaa
18:00:27 <Zakim> Team_(bar)18:00Z has ended
18:00:27 <Zakim> Attendees were +1.202.347.aaaa
18:00:30 <paulohm> paulohm has joined #dnt
18:00:31 <Zakim> Team_(bar)18:00Z has now started
18:00:38 <Zakim> +dan_auerbach
18:00:47 <WileyS> WileyS has joined #dnt
18:00:51 <Zakim> +johnsimpson
18:00:56 <Zakim> + +1.202.347.aaaa
18:01:16 <Zakim> +WileyS
18:01:21 <Zakim> +paulohm
18:01:25 <jackhobaugh> zakim 347.aaaa is jackhobaugh
18:01:26 <Zakim> +hefferjr
18:01:34 <dan_auerbach> dan_auerbach has joined #dnt
18:01:35 <johnsimpson> Apologies. may not be ably to stay on call for entire period….
18:01:40 <hefferjr> hefferjr has joined #dnt
18:02:00 <Zakim> +thomas
18:02:15 <Zakim> +chapell
18:02:36 <Chapell> Chapell has joined #DNT
18:03:16 <Chapell> I can scribe
18:03:20 <tlr> Scribe: Chapell
18:03:50 <Chapell> Apologies for scheduling issues...
18:04:02 <Chapell> TLR: Key points of agreement at lunch at F2F
18:04:33 <Zakim> +dwainberg
18:04:41 <Chapell> ... how can we make progress re: whether we can include specific #'s
18:04:42 <dwainberg> dwainberg has joined #dnt
18:05:02 <Chapell> .... can we find a way forward on language on retention
18:05:07 <WileyS> Key question:  What is the delta between what we would include in consumer disclosures and what information Dan and team are looking for?
18:05:08 <Zakim> +??P9
18:05:32 <tlr> zakim, ??P9 is Chris_Mejia
18:05:32 <Zakim> +Chris_Mejia; got it
18:05:52 <WileyS> Key question:  What data is being used to develop arbitrary retention timeframe defaults that fit all business models globally?
18:05:53 <Chapell> TLR: level set re: lunch discussions. Where are we now?
18:06:29 <Chris_IAB> Chris_IAB has joined #DNT
18:06:30 <Chapell> .... pieces that we agreed on were: 1) third parties must provide public transparency re: retention for permitted uses
18:07:11 <Chapell> .... 2) open question re: specificity of transparency. We did not drill down on this at f2f
18:07:34 <Chapell> ... 3) Some agreement that there could be different retention periods for different Permitted Uses
18:08:17 <Chapell> 4. Post retention period, data is destroyed or otherwise rendered anonymous
18:09:02 <Chapell> ... Disagreement re: proposals that for each permitted use, the spec SHOULD included a specific #.
18:09:23 <Chapell> .... eg retention period for XXXXX would be YYYYY.
18:09:56 <Chapell> ..... disagreement re: what information is publicly available.
18:10:25 <Chapell> ... Discussion of what is actually happening in the marketplace. What additional information could be shared among the group that could help find a path forward.
18:11:21 <Chris_IAB> Yes
18:11:23 <WileyS> Works for me
18:11:24 <dan_auerbach> yes
18:11:30 <Chapell> ... TLR believes we talked about two different things: 1) info that would be included in public statements of retention periods vs. 2) additional information that is required to give advocates comfort about industry practices
18:11:35 <Chapell> did I miss #3?
18:12:06 <WileyS> The idea that was floated by Aleecia was a "SHOULD" requirement
18:12:09 <Chapell> ..... 3. info that in some shape or form may end up in the spec  (e.g., typically the retention period for XXXXX is YYYYY --- ZZZZZZ
18:12:46 <Chapell> dan_auerbach: transparency requirements
18:12:50 <WileyS> Any information shared in this forum is public.
18:13:02 <tlr> any information in this call is public correct
18:13:14 <Chapell> ... talking past each other a bit... lets get enough information so that we can make an intelligent decisions re: retention periods
18:13:20 <WileyS> tlr, I mean more broadly at the W3C in its entirety
18:13:28 <tlr> Shane, I'll come to that :)
18:13:30 <WileyS> Its a statement, not a question
18:14:01 <Chapell> .... if we all agree that Permitted Use AAA should be retained for up to BBBBBB, then we can discuss transparency
18:14:17 <WileyS> Reasonable based on what data?  Do we have enough representation from all business models globally to make those decisions?
18:14:27 <Chapell> ..... more concerned with setting retention limits
18:14:41 <WileyS> +q
18:14:45 <johnsimpson> q+
18:14:50 <tlr> ack w
18:15:11 <Chapell> WileyS: said this on the email chain. Public forum - any info we share here is info we share with consumers.
18:15:40 <Chapell> .... what is the delta between what is shared in w3c vs what is shared wtih consumers?
18:15:57 <Chapell> ... why would the working group get more confidential info what is available to the public?
18:16:15 <Chris_IAB> WileyS, I would guess that you shouldn't share anything her, that should be shared under NDA
18:16:23 <Chris_IAB> here
18:16:29 <Chapell> TLR: different discussion between experts here than might be provided to consumers at large
18:16:54 <Chapell> WileyS: Are people on this string truly experts in ad operations and data collection?
18:17:13 <Chapell> TLR: More sophisticated audience here than accross consumers generally.
18:17:17 <johnsimpson> q?
18:17:17 <dwainberg> q+
18:17:20 <Chris_IAB> WileyS, I consider myslef an expert :)
18:17:25 <WileyS> I'm not sure if anyone from industry would trust an NDA in this area.
18:17:47 <tlr> ack next
18:18:08 <Zakim> -Chris_Mejia
18:18:14 <WileyS> That hard information has already been provided
18:18:18 <Chapell> JohnSimpson: Willing to have a broad overview of principles of transparency. But his impression is that he was getting hard numbers from industry.
18:18:41 <Zakim> +??P5
18:18:42 <WileyS> Detailed use cases is what I'm assuming is meant by "hard information"
18:18:58 <Chris_IAB> yes, sorry
18:18:59 <Chapell> ... wants this working group to focus specificly on details around specific permitted uses.
18:19:02 <Chris_IAB> got dropped
18:19:04 <tlr> ack next
18:20:12 <Chapell> Dwainberg: Designing a disclosure for companies to make in PP vs trying to design specific retention limits. Sees these are two seperate tracks. David favors transparency over setting specific data retention limits.
18:21:28 <Chapell> .... is there more to "granular disclosure" than "We retain XXXXX for YYYYY for this use."
18:21:28 <Chris_IAB> seems simple enought to me
18:22:04 <Chapell> DanAurebach: culture of sharing very little. Simplicity is good, but doesn't want to use this as a cookie cutter formula. But some companies should disclose more.
18:22:19 <Chapell> Dwainberg: How do we realize Dan's goal?
18:22:57 <WileyS> Dan, how is this different than the information you're requesting?
18:22:58 <Chapell> DanAurebach: Concerns about granularity of disclosures... "We're using this info for financial logging" which might not be clear enough.
18:23:00 <Chris_IAB> don't we define the permitted use already?
18:23:07 <johnsimpson> Q/
18:23:09 <Chris_IAB> Q+
18:23:10 <johnsimpson> q?
18:23:32 <Chapell> Chapell: Why aren't we letting regulators determine whether granularity of disclosures is sufficient?
18:23:59 <hefferjr> q+
18:24:19 <tlr> ack Chris
18:24:32 <dan_auerbach> Shane, it may not be
18:24:37 <dan_auerbach> different
18:24:43 <Chapell> ChrisM: We defined the Permitted Uses and then companies would say they hold XXXX data for YYYY period for ZZZZ User. Companies are saying that they are using data for this period of time for this Permitted Use that is already defined.
18:24:58 <dan_auerbach> but for the public, using tech-specific words and descriptions may not make sense
18:25:04 <Chapell> DavidWainberg: suggests some granularity of data.
18:25:06 <Chapell> q+
18:25:07 <dan_auerbach> since most people don't even know what an IP address is
18:25:33 <Chapell> Dwainberg: probably a reasonable middle ground re: disclosures.
18:25:38 <dan_auerbach> I agree with David about reasonable middle ground
18:25:51 <WileyS> Dan, agree that language may change subtly for different audiences but its the core of the data you're requesting that appears to be the same to me
18:25:57 <tlr> ack hefferjr
18:26:18 <Chapell> Herrerjr: Re: granularity, it should be PII vs Non-PII
18:26:18 <tlr> ack Chap
18:26:28 <tlr> s/Herrerj/RonanH/
18:26:30 <dan_auerbach> I don't think PII is a super clear concept
18:26:34 <Chris_IAB> q+
18:27:07 <tlr> ack Chris
18:27:18 <WileyS> +1 to Alan
18:27:35 <WileyS> And consumer advocates can ask the FTC to step in if they feel we're not being detailed enough
18:27:50 <dan_auerbach> why not just build trust with consumers, instead of relying on regulation?
18:28:19 <Chapell> Dan you are making a false distinction here
18:28:30 <Chapell> happy to have a discussion with you offline - or when I'm not scribing
18:28:31 <Chapell> (:
18:29:06 <dan_auerbach> OK, well I agree with reasonable middle ground, and anyway I think this is not as crucial a topic to me
18:29:06 <Chapell> ..... ChrisM: most companies already disclose the kind of information they collect in their PP. So why are we making an additional requirement here?
18:29:26 <dan_auerbach> +q
18:29:44 <Chapell> JohnSimpson: Right now, broad overviews of what data is being collected, but many PP don't specify the retention period.
18:30:07 <Chapell> .... many companies are not addressing the retention period.
18:30:22 <tlr> ack next
18:30:57 <Chapell> DanAurebach: PP disclosures are not generally good. So status quo is not good.
18:31:09 <Chapell> ... Privacy policies are too filled with legalese.
18:31:30 <tlr> s/DanAurebach/DanAuerbach/
18:31:43 <Chapell> ChrisM: What industry is talking about doing is signing up to retention transparency, which makes privacy policies much better
18:32:03 <dan_auerbach> my response: yes, it's one step in right direction, but more could be done
18:32:04 <Chapell> .... operationally it is very difficult to draw the line.
18:32:32 <Chapell> @Dan --- always more can be done.... but this may not be the right forum
18:33:16 <Chapell> TLR: Suggestion: the agreement on the call today is that there should be some informationh for the data that may be collected. However, we don't have consensus on the level of detail.
18:33:18 <dan_auerbach> sure
18:33:37 <Zakim> + +1.215.286.aabb - is perhaps susanisrael?
18:33:57 <Chris_IAB> I feel like some are trying to back door P3P into DNT here
18:34:11 <WaltM> WaltM has joined #dnt
18:34:31 <Chapell> TLR: Next agenda item... information sharing within the group.
18:35:11 <Chapell> ... one notion in Sunnyvale was that understanding better what actual retention periods are and how some of the Permitted Uses work in practice would be helpful for people to understand
18:35:12 <johnsimpson> johnsimpson has joined #dnt
18:35:18 <Chapell> ... possible path forward?
18:35:34 <dan_auerbach> q+_
18:35:39 <dan_auerbach> q+
18:35:40 <Chapell> .... Does anyone on this call still beileve that they need this type of informaiton from industry?
18:35:59 <Chapell> .... can we characterize the ask
18:36:05 <tlr> ack next
18:36:10 <tlr> ack _
18:36:33 <Chapell> dan_auerbach: this info is important, and wants to think everyone who has spoken with Dan. Many discussions going on off list.
18:36:55 <Chapell> ... this gives a better view of what's going on so Dan and other advocates can better understand.
18:37:18 <Chapell> .... no evidence around some of the Permitted Uses. Needs for info / evidence.
18:37:59 <Chapell> .... specific example -- based upon discussions, Dan now understands financial logging and auditing much better and believes that those can be two seperate Permitted Uses.
18:38:13 <Chris_IAB> Dan_auerbach, is the purpose here for you to tell industry how to "better" do their business?
18:38:29 <Chapell> ... financial logging def has data retention limits but that too much information is being collected.
18:39:08 <Chapell> ... granular detail allows someone like Dan to offer solutions to interested parties to folks who don't want to over collect and want Dan's advice
18:39:29 <Chapell> TLR: dialog between industry and advocates and researchers about ways to improve things is always a good thing.
18:39:32 <Chris_IAB> Dan, respectfully, shouldn't you offer your privacy consulting services 1-1 with interested companies?
18:40:05 <Chapell> ... For the purpose of this specific discussion, if there are ways to actually drive this group to a point where we can live with the result.
18:40:22 <WileyS> +1 Chris - we're here to build a standard - not to offer individual consulting services or ask business at large to rearchitect their businesses
18:40:32 <Chapell> .... there is a part of driving a better spec and a part of driving towards agreement -- not nec the same thing
18:40:34 <dan_auerbach> Chris, I agree that there are challenges to making progress in this forum
18:40:45 <Chapell> ... what are the ways to find compromise.
18:40:51 <dan_auerbach> but why not try to engage?
18:41:27 <dan_auerbach> q+
18:41:39 <Chapell> Dan_Auerbach --- you are trying to insert things into these discussions that are not appropriate for this forum.
18:41:40 <johnsimpson> Wasn't Dan's list of questions coming out of the meeting the request for what was deemed necessary data?
18:41:45 <Chris_IAB> Dan, I'm worried that in trying to get everything shared, you are going to sacrafice a reasonable DNT standard, that would represenent a huge step forward
18:41:46 <tlr> ack dan
18:42:02 <WileyS> John, that was a list of very confidential data - we're looking for the middle-ground that can be share with Dan publically
18:42:19 <johnsimpson> Shane, what on that list can you sgare?
18:42:21 <Chapell> dan_auerbach: sees other examples: Security and Fraud as Permitted Uses could use lots of more detail. Frequency Capping is a clear permitted use.
18:42:23 <WileyS> s/share/shared
18:42:28 <WileyS> John,
18:42:39 <johnsimpson> share/s/sgare
18:42:53 <Chapell> ... Financial logging and security are the two that have been keyed in on... however there may be others.
18:43:07 <tlr> q?
18:43:21 <WileyS> John, I sent an updated list to respond to Dan's that represented significant detail and would find that middle-ground.  And I couched it as consumer discolures to help motivate companies to provide the data in this forum as they'd have to do this anyway once a standard is in place.
18:43:25 <Chapell> q+
18:44:26 <tlr> ack c
18:44:28 <Chapell> TLR: What are our blank spots as a result of this discussion being public
18:45:57 <dan_auerbach> q+
18:46:18 <Chapell> Chris_IAB: feels like a fishing expedition.
18:46:31 <dan_auerbach> q-
18:46:38 <dwainberg> q+
18:46:51 <Chapell> TLR: What are particular items that might help them or helps others to agree more easily on understanding the rationale for a particular objection.
18:47:11 <Chris_IAB> q+
18:47:16 <Chapell> dan_auerbach: strongly disagrees that the level of discussions that we've have has been too high level.
18:47:39 <Chapell> .... agrees that getting info privacy consulting services is not the point of this forum.
18:47:49 <Chapell> ... wants more information around security and financial auditing.
18:48:08 <Chapell> ..... more broadly, the level of discussion and exchange is soo small
18:48:24 <Chapell> ... getting more info on why industry needs permitted uses would be helpful
18:48:32 <tlr> ack dw
18:49:03 <Chapell> DWainberg: thought the goal was not to justify the permitted uses. Rather, we were having a discussion on setting retention limits
18:49:52 <johnsimpson> q?
18:49:53 <Chapell> ... we are always going to be too short or too long on retention limits. Transparency gives us the ability to get a median range over time and to call out laggards
18:50:35 <Chapell> .... re: Dan A's question. Very detailed. Difficult without a very clear and direct rationale, to get over the hurdles re: confidentiality and resource issues.
18:51:22 <Chapell> TLR: there is a different dynamic in thinking about what goes into the spec text now. If we understand the likely outcome of transparency discussions. Getting a pre-view will help us level set.
18:51:49 <Chapell> ... right now, we're making the arguments (on both sides) in the abstract.
18:51:49 <Chapell> ... how do we ground these discussions in real detail.
18:52:10 <WileyS> Thank you David
18:52:11 <Chapell> DWAinberg: Lets draft the transparency questionnaire for public view.
18:52:19 <tlr> ack chris
18:52:49 <Chapell> Chris_IAB: defining the Permitted Use around Fruad and Security is the right forum (one-on-one)
18:53:00 <Chapell> .... better for mutual understanding.
18:53:15 <Chapell> .... There is a limit to what info ant company is able to share.
18:53:25 <Zakim> -WileyS
18:53:33 <Chapell> .... lets not make perfection the goal at the expense of a reasonable and implementable DNT standard
18:53:49 <Chapell> TLR: if we have something that folks can live with is a huge win.
18:53:52 <Chris_IAB> agree with Thomas
18:54:05 <Zakim> +WileyS
18:54:13 <Chapell> ... if we look at what information the public dislcosures might include in more detail.
18:54:20 <WileyS> David - not Shane
18:54:53 <Chapell> ... there are two other pieces to this discussion. The question: is there a way to help with additional info sharing. Two ideas
18:55:37 <Chapell> ... 1. if many companies are willing to share more info privately than they are publicly... perhaps the DNT can anonymize the data so each company doesn't get named.
18:55:42 <WileyS> I believe the specifics will be too difficult to anonymize to fully protect a company
18:56:18 <dan_auerbach> Shane, ironic, isn't it :) ?
18:56:45 <Chapell> 2. Depending on what data is needed, perhaps we can make exception to our Public disclosure requirements at the W3C. We can have a side discussion that is not disclosable in public but available to W3C membership.
18:56:49 <WileyS> Not ironic - mixing apples and oranges
18:57:02 <johnsimpson> Both offers make sense to me...
18:57:13 <WileyS> Membership level is the same as public view
18:57:14 <Chris_IAB> q+
18:57:20 <WileyS> No real NDAs in place
18:57:24 <Chapell> How many members are in the W3C?
18:57:29 <WileyS> 400+
18:57:29 <tlr> ack next
18:57:37 <Chapell> That might as well be public
18:57:45 <WileyS> Exactly
18:58:13 <paulohm> Gotta drop off.
18:58:17 <Zakim> -paulohm
18:58:25 <Chapell> Chris_IAB: We're talking about huge public  companies being asked to share large amounts of proprietary info. The attorneys from many of these companies are not going to be comfortable sharing this type of information
18:58:52 <Chapell> ... in the two years we've been here, we've all tried to share what we can. If we're having a discussion not about sharing more here.
18:59:11 <WileyS> Thomas, respectfully, those are not real options.
18:59:25 <Chapell> +1 to Shane and ChrisM
18:59:49 <Chapell> Even smaller companies that I work with are going to have trouble with this
19:00:25 <Chapell> WileyS: attempted to be transparent on the public list.
19:00:46 <Chapell> 1. discosing to 400+ companies is not different than public disclosure.
19:01:24 <Chapell> 2. Dan asked for long laundry lists of specifics. Over the past two years, we've gotten to a level of detail that was very high.
19:02:00 <Chapell> ... asking for details on back end systems is crossing the line.
19:02:04 <Zakim> -susanisrael?
19:02:19 <Chris_IAB> we are at almost 2-years of companies sharing what they can here
19:02:24 <dan_auerbach> i disagree about the posture of industry
19:02:25 <Chapell> ... it is possible that info is being asked for is never going to be provided.
19:02:27 <dan_auerbach> but in any case
19:02:40 <hefferjr> q+
19:02:40 <Chapell> Dan, can you explain what you mean?
19:02:44 <dan_auerbach> there is a third option, which is to just have one on one conversations
19:02:53 <dan_auerbach> instead of any public or quasi-public forum
19:03:02 <Chapell> q+
19:03:02 <Chris_IAB> Dan, that's different
19:03:14 <WileyS> Dan, one-on-one conversations would still require NDAs and company's trust that the NDA would be honored
19:03:19 <Chris_IAB> IF a company want to share with you 1-1, they will
19:03:36 <dan_auerbach> yes, and many have
19:03:50 <dwainberg> q+
19:03:54 <Chapell> TLR: can see how a public disclosure may be impractical in some  circumstances -- particularly as DNT is initially rolled out.
19:04:00 <Chris_IAB> Dan, agree that 1-1 conversations can be very useful, but respectfully, this is not the forum for 1-1 private conversations
19:04:15 <tlr> ack hef
19:04:18 <johnsimpson> q?
19:04:31 <Chapell> hefferjr: won't disclose info that is not already publicly unless under NDA.
19:04:39 <dan_auerbach> i agree that this call is not the forum
19:04:56 <Chapell> WileyS: companies have an issue wtih the likelihood of an NDA being honored.
19:05:18 <Chapell> ... will the source of the request later use the information in other ways.
19:05:26 <dwainberg> q-
19:05:31 <tlr> ack next
19:06:46 <Chris_IAB> +1 to Chapell
19:07:12 <Chapell> Companies may decide to have discussions under NDA with advocates
19:07:54 <Chapell> However, if the goal is to take information provided on one-on-one basis via NDA and use it in a public forum... then you obviate the NDA.
19:07:58 <johnsimpson> Very disappointed that industry won't rely on W3C staff...
19:08:18 <Chapell> JohnSimpson: What is the nature of your disappointment?
19:08:56 <Chapell> JohnSimpson: We can't as a group provide assurances that the information won't be used in this forum in ways that may harm companies
19:09:08 <johnsimpson> I thought the annonymization offer was a good way forward...
19:09:53 <Chapell> John. there is a high likelihood that the information may identify the company -- particularly given the level of the detail that is being requested.
19:09:54 <Chris_IAB> johnsimpson, respectfully, industry has annonymized much information (fhrough me, and other industry reps), but that never seems to be good enough, eh?
19:10:01 <johnsimpson> When will you circulate the summary
19:10:40 <Chapell> So nai staff can remove the Name of the company, but can't guarantee that individual companies won't be identified by nature of their particular models
19:10:51 <Chapell> ha! not NAI / W3C
19:10:53 <johnsimpson> q+
19:11:03 <dan_auerbach> I've got to drop off, cheers
19:11:07 <Chris_IAB> dwainberg, ref P3P
19:11:08 <Zakim> -dan_auerbach
19:11:11 <Chris_IAB> ;)
19:11:27 <tlr> ack ne
19:11:29 <tlr> ack nex
19:11:30 <tlr> ack next
19:12:48 <Chris_IAB> can we get a little more notice for the next call please?
19:12:49 <Zakim> -dwainberg
19:12:54 <Zakim> -chapell
19:12:55 <Zakim> -johnsimpson
19:12:56 <Zakim> -hefferjr
19:12:56 <Zakim> -??P5
19:12:57 <Zakim> -WileyS
19:13:04 <tlr> chris, yes.
19:13:15 <johnsimpson> johnsimpson has left #dnt
19:13:54 <tlr> rrsagent, make record public
19:13:57 <tlr> rrsagent, draft minutes
19:13:57 <RRSAgent> I have made the request to generate http://www.w3.org/2013/06/03-dnt-minutes.html tlr
19:24:53 <Zakim> - +1.202.347.aaaa
19:29:54 <Zakim> disconnecting the lone participant, thomas, in Team_(bar)18:00Z
19:29:55 <Zakim> Team_(bar)18:00Z has ended
19:29:55 <Zakim> Attendees were dan_auerbach, johnsimpson, +1.202.347.aaaa, WileyS, paulohm, hefferjr, thomas, chapell, dwainberg, Chris_Mejia, +1.215.286.aabb
20:06:08 <schunter> schunter has joined #dnt
21:16:11 <Zakim> Zakim has left #dnt