W3C

- DRAFT -

Tracking Protection Working Group Teleconference

09 Jul 2014

See also: IRC log

Attendees

Present
Npdoty, +1.303.949.aaaa, Carl_Cargill, ChrisPedigoOPA, JackH, +1.206.770.aabb, Wendy, Amy_Colando, moneill2, Chris_M, Nielsen__Raymond_?, Justin, WaltMichel, +1.646.654.aacc, hefferjr, +1.206.770.aadd, Jeff, vincent, Fielding, [FTC], WileyS, MECallahan, kulick, Brooks, Chapell
Regrets
rvaneijk, dsinger, schunter, johnsimpson, walter, ninja
Chair
cargill, justin
Scribe
ChrisPedigoOPA

Contents


<trackbot> Date: 09 July 2014

<Chris_M> just joined the call

<Chris_M> no

<Chris_M> I called in from a private number

<npdoty> volunteers to scribe?

<npdoty> scribenick: ChrisPedigoOPA

Reminders

Justin: 2 open calls for objections

1 - data append

<npdoty> https://www.w3.org/2002/09/wbs/49311/tpwg-first-parties-170/

2 - use of data in a different context

<npdoty> https://www.w3.org/2002/09/wbs/49311/tpwg-third-party-context-219/

justin: will send a remindernote to the group
... TPE update
... comments received, put into 20-30 categories
... nick to assign issues, roy to take first stab at implementing
... chairs will decide whether issues have already been addressed
... unclear about timing for when issues will be brought to the group

<npdoty> nick is behind, but will start creating issues in the next couple days

<fielding> sometime in the next week or two

<npdoty> so, all, be aware that lots of email announcements about issues will come to the mailing list soon

justin: ninja has accepted a new job!

will still be involved, but not as w3c staff

Data Minimization

justin: mike o'neill is ok with existing text

<scribe> dropped his change proposal

will allow one more week before closing out issue

justin: some may still want changes
... but no one has submitted language yet

<npdoty> I implemented Jack's change, and added a note regarding when minimization/permitted uses requirements applied

Tracking in compliance

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Tracking_Third_Party_Compliance

justin: how to use the definition of tracking in 3rd party compliance
... roy has suggested a change
... david tried to merge roy's proposal with his
... will send correspondence to the group detailing differences between roy and david's proposal

roy fielding: trying to incorporate tracking definition and use it for determining what a server must do

roy: trying to avoid the issue of whether the server is 1st or 3rd party
... if server can change behavior dynamically, it would say so
... trying to define each response that a server could use
... might need to include language re "if you say t, but don't include qualifier, then you are not compliant"

justin: also need a link to the TSR?

roy - yes

nick - sounds like Roy's goals are same as David's

nick: using tracking definition is more narrow than "data" in general, but may also need some language about what 1st and 3rd parties can/cannot do

roy - my lang applies to both

justin - doesn't matter re 1st or 3rd, b/c tracking definition is across multiple, unrelated iste

sites

<npdoty> there is a section now for "server compliance" which applies to all servers who are parties, fwiw

justin: don't see why we need radical change here

nick - my understanding of Roy's proposal, we would add lang re TSVs and delete 1st and 3rd party compliance sections but keep permitted uses sectoin

justin: what would be allowed under reformulation that is prohibited today?

nick: might just need more guidance so there is clarity

justin: I don't think Roy's proposal changes anything
... may need more email discussion to flesh out roy's proposal

Data Minimization

Link shortener

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposals_on_link_shorteners_and_ID_providers

justin: spirited email discussion
... example - on twitter, link to NYT article via bitly. Is bitly a 1st party?

<WileyS> Bitly only becomes a first party if the user clicks on the link - direct interaction

justin: identity providers issue

2 old proposals that noone is arguing for

example - if I use Facebook to authenticate me on NYT, is Facebook a 1st party?

justin: I will put out some thoughts to see if anyone wants to engage
... could just leave the standard vague here
... probably will go to CFO on link shorteners

<WileyS> Isn't this ultimately up to the party providing the authentication service and their terms with the user - which the user must explicitly consent to in order to use the service? I'd recommend we remain silent on this issue.

nick - is the wiki current?

<npdoty> I think it'll be easier to discuss the link shortener issue once we get concrete text proposals

justin: long standing issue of deidentification

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification

Deidentification

justin: 11 proposals in wiki

<WileyS> How is bit.ly/afb different than www.times.com/afb? In both cases the link destination can redirect the user - and in both cases the user can almost always see/discover the domain of the link prior to clicking on it.

justin: current text taken from Peter Swire June draft
... tracks closely with text in FTC 2011 privacy report
... Dan Auerbach has more prescriptive proposal
... david singer proposed minor changes
... roy proopsed deleting last 2 clauses
... red/yellow/green approach
... red = raw data, yelllow = delinked, green = fully deidentified
... part of daa proposal from last summer, rejected by w3c staff

correction - rejected by TPWG chairs

justin: new proposal from Jack Hobaugh, NAI

<npdoty> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification#Expert_review_or_safe_harbor

Jack - based on HIPPA deidentification process

Jack - proposal submitted on behalf of IAB, DMA and NAI

justin: will take a first stab at merging or delineating differences

<fielding> I want my proposal to be active because it is silly to require a contract exist for the release of anonymous statistics.

justin: good point that contract should not always be required
... group participants should review the proposals

<npdoty> it seems like the proposals are FTC-style (or more or less on it) or HIPAA-style

justin: 2 or 3 hard issues remaining, this is one of them
... that's all folks

<WileyS> +q

<npdoty> https://www.w3.org/2002/09/wbs/49311/tpwg-first-parties-170/

<npdoty> https://www.w3.org/2002/09/wbs/49311/tpwg-third-party-context-219/

Shane: can someone post a link to the 2 active CFOs and remind that tonight is deadline?

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2014/07/09 16:39:31 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/w3c chairs/TPWG chairs/
Found ScribeNick: ChrisPedigoOPA
Inferring Scribes: ChrisPedigoOPA

WARNING: Replacing list of attendees.
Old list: npdoty
New list: Npdoty +1.303.949.aaaa Carl_Cargill ChrisPedigoOPA JackH +1.206.770.aabb Wendy Amy_Colando moneill2 Chris_M Nielsen__Raymond_? Justin WaltMichel +1.646.654.aacc hefferjr +1.206.770.aadd Jeff vincent Fielding [FTC] WileyS MECallahan kulick Brooks Chapell

Default Present: Npdoty, +1.303.949.aaaa, Carl_Cargill, ChrisPedigoOPA, JackH, +1.206.770.aabb, Wendy, Amy_Colando, moneill2, Chris_M, Nielsen__Raymond_?, Justin, WaltMichel, +1.646.654.aacc, hefferjr, +1.206.770.aadd, Jeff, vincent, Fielding, [FTC], WileyS, MECallahan, kulick, Brooks, Chapell
Present: Npdoty +1.303.949.aaaa Carl_Cargill ChrisPedigoOPA JackH +1.206.770.aabb Wendy Amy_Colando moneill2 Chris_M Nielsen__Raymond_? Justin WaltMichel +1.646.654.aacc hefferjr +1.206.770.aadd Jeff vincent Fielding [FTC] WileyS MECallahan kulick Brooks Chapell
Regrets: rvaneijk dsinger schunter johnsimpson walter ninja
Found Date: 09 Jul 2014
Guessing minutes URL: http://www.w3.org/2014/07/09-dnt-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


[End of scribe.perl diagnostic output]