See also: IRC log
<trackbot> Date: 11 June 2014
<JackHobaugh> not yet - soon
<Nielsen__Raymond_> Yes
<Nielsen__Raymond_> Thanks
<Chris_M> just joined the phone call
<Chris_M> big crowed today ;)
<sidstamm> apologies all, I'm en route and having phone/irc connection difficulties
<justin> scribenick: moneill2
<sidstamm> +regrets sidstamm
<justin> http://lists.w3.org/Archives/Public/public-tracking-comments/2014Jun/0000.html
<justin> : last call ending next tuesday, WP29 has commented 6 issue
justin: will come back with process how to deal with comments
<wseltzer> issue-206?
<trackbot> issue-206 -- Service Provider name and requirements -- open
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/206
<wseltzer> issue-49?
<trackbot> issue-49 -- Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party? -- pending review
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/49
justin: a service provider could act to conwey data between contexts?
fielding: key is what party are
they when data is used
... whether they are service provider does not change the
situation.
justin: a service provider may be
acting for hundreds of contractee
... maybe best deal with the issue when we talk about 219
<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_use_in_Third_Party_Context
justin: no real movement on
context separation
... cfo next week on 219
<wseltzer> issue-219?
<trackbot> issue-219 -- Limitations on use in a 3rd party context of data collected in a 1st party context -- raised
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/219
justin: nobody has jumped on
censuss proposal
... other issue is data append
<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_First_Party_Compliance
justin: 5 proposals but only 2
main ones
... table 219 for time being, maybe we can reach a
consensus
ChrisPedigoPA, data append far too broad for DNT. Data might have been collected with consent
<WileyS> +1 to who is speaking - Data Append has nothing to do with cross-site data collection
<amm> Allowing data append = loophole large enough to destroy the standard.
johnsimpson: my proposal would stop third party would append to first party
+q
<Chris_M> agree, data append seems out of scope for DNT
<WileyS> If data append is sourced from data with user consent or public data - how could DNT logically apply?
<Chris_M> +1 to WileyS, that's right
<Chris_M> I feel like we are trying to boil the privacy ocean here...
<amm> Data append is not with user consent
<amm> I most assuredly not not consent to the price of my home and my address being appended to Amazon's data about me
<Chris_M> you don't need consent for public data
<Chris_M> how about City Hall data?
<wseltzer> Chris_M, depends on the jurisdiction...
<Chris_M> wseltzer, US :)
<WileyS> amm - that is a legal question - not one for this working group.
<amm> If we are allowing user choice around tracking, perhaps we should allow users to make choices... Rather than be surprised.
<amm> By no means
<rvaneijk> @ChrisM, depending on what you do with public data, you may still need valid consent, even explicit consent depending on the use
<wseltzer> Chris_M, we're on the *World* wide web :)
<amm> We're not talking about what happens to non-DNT users, which is a legal issue
<fielding> I suggest that Vinay's text is editorial, as is Mike's (though I prefer Vinay's text). Neither is about Data Append. John's proposal was about data append.
<Chris_M> wseltzer, I have always advocated for a JURISDICTIONAL approach to DNT compliance-- we need to respect laws in each jurisdiction; W3C should not aim to regulate over existing laws and codes IMHO
justin: the real issue is data append
<rvaneijk> @Chris_M, interoperability is an important aim IMHO.
justin: cfo should be about data append
<amm> Presumably DNT:1 means something more than "we follow the minimum as established by law," or there would be no diff between DNT:1 and DNT:0.
wendy, one issue on data append under 170, and another under 219
<Chris_M> rvaneijk, in order to get global interoperability that doesn't step on some country's laws, that forces us to abstract to a common denominator that generally works in each jurisdiction (respects their laws/codes), but then probably does not go as far as the advocates want here.
<fielding> issue-219?
<trackbot> issue-219 -- Limitations on use in a 3rd party context of data collected in a 1st party context -- raised
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/219
<fielding> issue-170?
<trackbot> issue-170 -- Definition of and what/whether limitations around data append and first parties -- open
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/170
<Chris_M> justin: not sure what you mean by "sneak around DNT" (please explain)
<WileyS> amm - DNT speaks to cross-site data collection across different contexts. It doesn't speak to Data Append. That's an entirely different topic and its going to needlessly slow down this working group to try to address it here. I could imagine a host of different technical and policy elements specific to Data Append as an isolated topic.
justin: no data append should be in 219
<amm> There is nothing even remotely illegal about protecting user privacy for those who request it.
justin: we need to make clear when DNT set no identifiers are shared
<Chris_M> hmmm, still a bit confused by "sneak around" (sorry to be obtuse)
<WileyS> moneill2 - identifiers are not "cross-site data collected across contexts"
justin: will make it more clear on list
<amm> DNT has fundamentally come to be about data sharing. Saying "no third party sharing unless we call it by a different name" is pretty goofy
<amm> Court house data is third party data
<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposals_on_data_minimization
<wileys> , identifiers make cross-site collection possibl;e
<amm> Without specifically allowing data append, it is out of what would be allowed
justin: data minimisation
<wseltzer> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposals_on_data_minimization
<WileyS> We've already been through this - unique IDs are necessary for a host of permitted uses: security, financial reporting, & frequency capping.
<WileyS> moneill2 - yes, and some cross-site data collection is permitted per the permitted uses
<fielding> , how upto date are thse proposals?
fielding: why
identifiers are what makes tracking possible, if DNT set dont use them
fielding: limitations on permitted uses fine, data minimisation wrong place
<fielding> I guess I would like to see arguments as to why the suggested changes improve Data Minimization, not random other topics in compliance.
<WileyS> Many permitted uses fail without a persistent, unique, anonymous identifier.
<amm> It's been a while. Did the idea of transparency go away?
<rvaneijk> I would not be in favour of short-term use of identifiers or allow for non-persistent identifiers. Uniques is what matters.
<WileyS> Probabilistic identifiers (digital fingerprints) are more often less persistent than deterministic identifiers
<WileyS> We will use digital fingerprints for security purposes
<rvaneijk> s/uniques/uniqueness/
<WileyS> We need every available tool to fight the bad guys
<amm> ;-) to Wendy
<Chris_M> browser "fingerprint" is ephemeral
<rvaneijk> It is not just the profile that is the object of concern, the automatic decision is IMHO as well enabled by unique identifiers.
<fielding> If you want to disallow certain identifiers, then just disallow them one at a time. Don't mix them all up under a bad definition.
<fielding> If you want to stop client-side storage, say that.
<fielding> If you want to stop browser fingerprinting, do that.
<amm> Rob, I'm not following all of what you're suggesting (and perhaps should take offline) but what do you mean by automatic decision?
wendy: are there place where we can be clear explaining the mechanism of tracking
<Chris_M> yeah, I might agree with wseltzer here, we should probably focus on the practice, not the mechanism
<wseltzer> wseltzer: trying to be technology-neutral in limiting "tracking" -- can we offer useful functional definitions, not mechanism of tracking/fingerprinting ?
justin: lets iterate on this
<Chris_M> there will always be new tracking mechanisms, yeah?
<amm> Jonathan's hopes not withstanding, I don't see a way to do away with high entropy identifiers in DNT. Reasonable time limits (note necessarily hard coded) and transparency seem like the way to go IMHO
<amm> Yes, I am basically agreeing with Shane but minus loopholes
<amm> Ooooh, didn
<amm> Didn't know there is global replace, nice
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/justin, /justin: / Succeeded: s/justin, /justin: / Succeeded: s/fielding, /fielding: /g Succeeded: s/justin, /justin: /g Succeeded: s/jsutin,/justin:/ Succeeded: i|<wileys|Topic: Data Minimization FAILED: s/uniques/uniqueness/ Succeeded: s/justin, /justin: /G Succeeded: s/johnsimpson, /johnsimpson: /G Succeeded: s/wendy, /wendy: / Succeeded: s/justn,/justin: / Succeeded: s/fielding,/fielding:/G Succeeded: s/fieldin,/fielding:/ Found ScribeNick: moneill2 Inferring Scribes: moneill2 WARNING: No "Present: ... " found! Possibly Present: Alan Alan_IAB Aleecia Amy_Colando Brooks CDT ChrisPedigoOPA Chris_IAB Chris_M Chris_Pedigo Facebook Fielding IPcaller JackHobaugh Jack_Hobaugh MattHayes Nielsen__Raymond_ P5 Peder_Magee RichardWeaver Richard_comScore WaltMichel WileyS aaaa amm hefferjr hober https inserted johnsimpson justin kj kulick loan magee matt mecallahan moneill2 rvaneijk scribenick sidstamm trackbot vinay walter wendy wseltzer You can indicate people for the Present list like this: <dbooth> Present: dbooth jonathan mary <dbooth> Present+ amy WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 11 Jun 2014 Guessing minutes URL: http://www.w3.org/2014/06/11-dnt-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]