IRC log of dnt on 2014-08-06

Timestamps are in UTC.

15:55:30 [RRSAgent]

RRSAgent has joined #dnt

15:55:30 [RRSAgent]

logging to http://www.w3.org/2014/08/06-dnt-irc

15:55:32 [trackbot]

RRSAgent, make logs world

15:55:32 [Zakim]

Zakim has joined #dnt

15:55:34 [trackbot]

Zakim, this will be TRACK

15:55:34 [Zakim]

ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 5 minutes

15:55:35 [trackbot]

Meeting: Tracking Protection Working Group Teleconference

15:55:35 [trackbot]

Date: 06 August 2014

15:55:50 [npdoty]

npdoty has changed the topic to: August 6 agenda: http://lists.w3.org/Archives/Public/public-tracking/2014Aug/0004.html

15:57:14 [JackHobaugh]

JackHobaugh has joined #dnt

15:58:00 [Zakim]

T&S_Track(dnt)12:00PM has now started

15:58:07 [Zakim]

+npdoty

15:58:32 [eberkower]

eberkower has joined #dnt

15:59:05 [fielding]

fielding has joined #dnt

15:59:45 [Zakim]

+Jack_Hobaugh

15:59:46 [Zakim]

+Fielding

16:00:15 [justin]

justin has joined #dnt

16:00:36 [npdoty]

regrets+ cargill, chrispedigo, kulick

16:00:46 [Zakim]

+vincent

16:00:49 [Zakim]

+RichardWeaver

16:00:50 [vincent]

vincent has joined #dnt

16:01:03 [Richard_comScore]

Richard_comScore has joined #dnt

16:01:45 [Zakim]

+eberkower

16:01:50 [moneill2]

moneill2 has joined #dnt

16:02:00 [eberkower]

Zakim, mute me, please

16:02:00 [Zakim]

eberkower should now be muted

16:02:20 [Zakim]

+justin

16:02:24 [vinay]

vinay has joined #dnt

16:02:29 [dsinger]

dsinger has joined #dnt

16:02:30 [Zakim]

+[IPcaller]

16:02:34 [AL]

AL has joined #dnt

16:02:43 [Zakim]

+ +1.646.840.aaaa

16:02:44 [justin]

zakim, who is on the phone?

16:02:44 [moneill2]

zakim, [IPcaller] is me

16:02:44 [Zakim]

On the phone I see npdoty, Fielding, Jack_Hobaugh, vincent, RichardWeaver, eberkower (muted), justin, [IPcaller], +1.646.840.aaaa

16:02:44 [Zakim]

+moneill2; got it

16:02:44 [vincent]

zakim mute me

16:02:49 [Zakim]

+vinay

16:02:49 [Zakim]

+Wendy

16:03:00 [vincent]

zakim, mute me

16:03:00 [Zakim]

vincent should now be muted

16:03:16 [Zakim]

+MECallahan

16:03:21 [Zakim]

+dsinger

16:03:30 [dsinger]

zakim, [apple] has dsinger

16:03:30 [Zakim]

sorry, dsinger, I do not recognize a party named '[apple]'

16:03:54 [dsinger]

zakim, who is on the phone?

16:03:54 [Zakim]

On the phone I see npdoty, Fielding, Jack_Hobaugh, vincent (muted), RichardWeaver, eberkower (muted), justin, moneill2, +1.646.840.aaaa, vinay, Wendy, MECallahan, dsinger

16:04:08 [Zakim]

+Jeff

16:04:12 [npdoty]

Zakim, aaaa is AliceL

16:04:12 [Zakim]

+AliceL; got it

16:04:32 [eberkower]

no

16:04:35 [jeff_]

jeff_ has joined #dnt

16:04:39 [eberkower]

I wear a brace on my wrist

16:04:43 [eberkower]

sorry

16:04:52 [Richard_comScore]

sorry - I can't

16:05:13 [jeff_]

scribenick: Jeff

16:05:29 [jeff_]

JB: 4 issues

16:05:37 [jeff_]

... deidentification

16:05:43 [adrianba]

adrianba has joined #dnt

16:05:53 [jeff_]

... personalization

16:06:09 [jeff_]

... audience measurement

16:06:44 [jeff_]

... (reminder we are off next week)

16:07:05 [jeff_]

... rework compliance doc to include definition of tracking (Roy's proposal)

16:07:09 [Zakim]

+[Microsoft]

16:07:17 [jeff_]

Topic: Deidentification

16:07:17 [npdoty]

Topic: Deidentification

16:07:19 [adrianba]

zakim, [Microsoft] is me

16:07:19 [Zakim]

+adrianba; got it

16:07:23 [adrianba]

zakim, mute me

16:07:23 [Zakim]

adrianba should now be muted

16:07:25 [jeff_]

... 3 proposals

16:07:39 [johnsimpson]

johnsimpson has joined #dnt

16:07:47 [justin]

https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification

16:07:58 [jeff_]

... NAI (internal linkages), safe harbor which could be re-identified but not in production

16:08:10 [jeff_]

... Roy's proposal. straightforward w/o details

16:08:27 [jeff_]

... Vincent (article 29). Accomplish Roy's ideas with prescription

16:08:33 [jeff_]

... and a 4th proposal

16:08:41 [Brooks]

Brooks has joined #dnt

16:08:46 [Zakim]

+Brooks

16:08:57 [jeff_]

... David's need also to promise not to reidentify

16:09:12 [jeff_]

... David, we've discussed this on the list - do you have a specific proposal?

16:09:27 [jeff_]

David: We need to capture the idea. Don't have specific text proposal.

16:09:35 [jeff_]

... Issues (e.g.) with public release

16:09:41 [Zakim]

+ +1.310.292.aabb

16:09:46 [jeff_]

... maybe drop the word "contractually" from my text

16:10:19 [jeff_]

Justin: If you say you only release deidentified data and are wrong you are already on the hook.

16:10:26 [npdoty]

regard to "contractually", if you release the data publicly, it seems like you're not prohibiting anyone from trying to reidentify

16:10:30 [jeff_]

David: Yes, so just drop the word contractually.

16:10:30 [johnsimpson]

zakim aabb is johnsimpson

16:10:33 [Zakim]

+[FTC]

16:10:48 [npdoty]

Zakim, aabb is johnsimpson

16:10:48 [Zakim]

+johnsimpson; got it

16:10:57 [jeff_]

JB: Do you need proviso for aggregate statistics

16:11:08 [jeff_]

DS: Not needed if you are totally confident you are OK.

16:11:16 [Zakim]

+hefferjr

16:11:17 [jeff_]

JB: So how do you characterize that idea?

16:11:29 [justin]

q?

16:11:31 [jeff_]

DS: Yes, I'm working on it.

16:11:46 [jeff_]

... open to proposal from the group

16:11:58 [jeff_]

JB: Fair idea. FTC has that requirement as well.

16:12:16 [jeff_]

... Let's iterate on the list for a day or two then move to CfO.

16:12:30 [jeff_]

David: Can I change contractually prohibits to restricts?

16:12:33 [jeff_]

JB: Sure

16:12:41 [npdoty]

dsinger, fielding, would "aggregate and anonymous" work as the additional category?

16:13:14 [jeff_]

JB: [thinking out loud about Nick's input]

16:13:31 [jeff_]

... Nick, help David with the language.

16:13:37 [jeff_]

... let's iterate

16:13:40 [WileyS]

WileyS has joined #dnt

16:13:44 [npdoty]

yeah, use of "anonymous" has often been confusing in the past. I'll follow up on the email thread.

16:13:49 [justin]

q?

16:13:57 [jeff_]

... so that would then be the fourth proposal and then we move to CfO.

16:14:09 [jeff_]

Topic: Roy's document

16:14:12 [Zakim]

+WileyS

16:14:13 [justin]

http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203.html

16:14:18 [jeff_]

JB: Kudos to Roy for input

16:14:46 [jeff_]

... restate compliance obligations to take into account new definition of tracking

16:15:03 [jeff_]

RF: Overview

16:15:12 [jeff_]

... take advantage of defn of tracking

16:15:16 [dsinger]

(I did the edit to the wiki, help appreciated)

16:15:20 [jeff_]

... so compliance is series of statements by server

16:15:36 [jeff_]

... defines (e.g.) what it means when server says it is not tracking, etc.

16:15:52 [jeff_]

... used Nick's version - we require minimal level of compliance in order to reference spec

16:16:34 [jeff_]

... beyond that, the rewrite discusses document scope (sec 1); section 2 (removed definitions that were in TPE)

16:16:36 [npdoty]

for what it's worth, you could still use the TPE without a compliance indicator to indicate to the user that you're tracking but not limiting to any particular set of permitted uses

16:16:41 [jeff_]

... dropped 1st and 3rd party

16:16:57 [jeff_]

... Section 3: Goes through all the cases of a server response to a DNT request

16:17:02 [jeff_]

... reqts on what they must do

16:17:14 [jeff_]

... server should state exactly what they are doing

16:17:28 [jeff_]

... use defn of tracking; not distinctions between 1st and 3rd party

16:17:36 [jeff_]

... those distinctions are still there

16:17:44 [jeff_]

... not tracking to follow users in own sites

16:18:12 [jeff_]

... data collector, collecting within own site and not referral info from other sites would say they are not tracking

16:18:17 [jeff_]

... (defined in 3.3)

16:18:35 [jeff_]

... below that is defn of tracking in DNT 0, 1, not enabled

16:18:56 [jeff_]

... This doc much smaller than TCS

16:19:16 [justin]

q?

16:19:20 [jeff_]

... could have dropped some other sections that are not needed - but I was not going to make those changes.

16:19:45 [jeff_]

JB: You said this sets "base level of compliance". How does that relate to "send disregard"?

16:20:17 [jeff_]

RF: There was a description of reqts for disregard signal

16:20:34 [jeff_]

... I put it in the bottom of compliance (needs to be consistent with reqts of TPE)

16:20:39 [jeff_]

... bottom of 3.3

16:21:02 [jeff_]

JB: 1st party and 3rd party. Is this David's notion of tunnel vision.

16:21:37 [jeff_]

... frequence capping not need to be permitted use (already within context)

16:21:55 [dsinger]

ok, tunnel vision was by party

16:21:57 [jeff_]

RF: Yes. But tunnel vision was only within a domain; here we use within a context

16:22:15 [jeff_]

DS: I'm aligned.

16:22:48 [jeff_]

RF: Our objective is to restrict knowledge outside of "here"

16:23:02 [jeff_]

DS: Dropping 1st and 3rd party is a huge advantage.

16:23:15 [npdoty]

q+

16:23:27 [justin]

ack npd

16:23:30 [vincent]

dsinger, cause of the referrer issue I guess

16:23:54 [vincent]

first party can no longer know from where the traffic comes

16:23:56 [jeff_]

ND: Concern about tunnel vision before was we said - "Maybe we don't need permitted uses".

16:24:05 [jeff_]

... but we found we could not do it.

16:24:18 [jeff_]

... billing, incoming referrals

16:24:41 [jeff_]

... so 1st and 3rd party approach helped us talk about the distinctions.

16:25:05 [jeff_]

JB: So you are saying tunnel vision is not better; but are you saying it is worse?

16:25:24 [jeff_]

ND: David's notion that it is machine testable is not actually true.

16:25:28 [moneill2]

+q

16:25:29 [fielding]

q+

16:25:31 [jeff_]

... It was just a decision we made

16:25:40 [jeff_]

... Based on user understanding

16:25:51 [dsinger]

OK, but practically we cannot stop data flowing within a party.

16:25:57 [jeff_]

JB: So with tunnel vision, embedded 3rd parties could pull out more?

16:26:02 [vincent]

dsinger, as I understand you can not keep the referrer with the "tunnel vision" right?

16:26:19 [jeff_]

... An ad network can pop up and collect ads - what data are you worried about?

16:26:34 [vincent]

q+

16:26:37 [jeff_]

ND: Either approach requires permitted uses

16:26:49 [jeff_]

JB: So 1st and 3rd party distinction matters.

16:26:49 [dsinger]

vincent, in my proposal, right, you cannot keep data that associates the user with any other party. referer headers, other party’s URLs, and so on

16:27:00 [jeff_]

... with tunnel vision still pretty limited

16:27:12 [jeff_]

... so what is the privacy delta?

16:27:35 [jeff_]

ND: First I was explaining the history

16:27:40 [vincent]

dsinger, I think that's why it was not adopted, publisher were afraid that they could no longer know which keyword drvie more traffic to their website

16:27:46 [jeff_]

... if the group wants to change the direction we will address issues

16:27:58 [jeff_]

... e.g. if the user meant for their data to be remembered.

16:28:12 [jeff_]

... previously we used first part context.

16:28:25 [dsinger]

vincent, not sure I follow, we should pursue this in email

16:28:29 [jeff_]

JB: Here, a widget on my screen could remember my interactions

16:28:33 [justin]

ack mon

16:28:39 [vincent]

q-

16:28:49 [jeff_]

Mike: I like this. A lot cleaner. Elegant.

16:29:02 [jeff_]

... how do we define 1st and 3rd parties?

16:29:04 [Zakim]

-MECallahan

16:29:09 [jeff_]

... should be machine testable

16:29:31 [jeff_]

... no less machine testable.

16:29:45 [jeff_]

... for permitted use - we were going to drop some anyways.

16:29:58 [jeff_]

... if data within one domain.

16:30:07 [Zakim]

-vinay

16:30:15 [jeff_]

... Still have: can we limit UIDs?

16:30:21 [jeff_]

... cache header approach?

16:30:42 [justin]

ack field

16:30:49 [jeff_]

RF: Testability

16:30:57 [jeff_]

... main thing is conformance testing

16:31:03 [jeff_]

... not testable by third parties

16:31:30 [jeff_]

... regulators apply that type of test

16:31:31 [justin]

q?

16:31:40 [dsinger]

agree with Roy, if someone’s data gets leaked, and we find records that link users to other parties, we have a clear prima facie violation

16:31:57 [jeff_]

JB: How does this treat headers for what we called 1st parties?

16:32:19 [jeff_]

... web sites log where people come from, even if tracking is turned off

16:32:29 [jeff_]

... would that impact tunnel vision approach?

16:32:37 [jeff_]

RF: Yes, it is affected.

16:32:51 [jeff_]

... permitted uses for financial logging, added a phrase.

16:32:53 [fielding]

This may include counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, tracking referrals and conversion to the extent necessary to account for an agreed bounty program, and auditing compliance with this and other standards.

16:33:12 [jeff_]

... I made that explicit for actual financial transaction

16:33:20 [jeff_]

... also for general web page analytics

16:33:31 [jeff_]

... should be OK to track referral links to a page if not tied to user

16:33:47 [jeff_]

... folks that do analytics will be terribly upset for this suggestion

16:34:07 [WileyS]

Aggregation vs. user level tracking. Issue is that you need to start with the raw log file with user specific elements to ensure you double count the same user for the same referrer.

16:34:08 [jeff_]

... user that does not want to be tracked does not want to be tracked between adjacent as much as 3 different sites.

16:34:09 [npdoty]

I'm not sure why web analytics is a less common case than paid referrals for advertising

16:34:20 [jeff_]

... shouldn't have exception for web analytics.

16:34:30 [jeff_]

... should dissasociate refered data from user.

16:34:42 [WileyS]

Roy - you can't remove the user until aggregation has occurred.

16:34:50 [jeff_]

... can't track individual user (if not for financial reasons)

16:34:51 [dsinger]

agree with Roy. “I get 2,000 visitors a day from IBM” and “Roy was here yesterday”, but they are distinct records

16:34:59 [WileyS]

+q

16:35:06 [jeff_]

rrsagent, make minutes

16:35:06 [RRSAgent]

I have made the request to generate http://www.w3.org/2014/08/06-dnt-minutes.html jeff_

16:35:21 [jeff_]

JB: How quickly would I need to deidentify

16:35:22 [dsinger]

justin, that sounds like a raw data exception

16:35:27 [jeff_]

RF: That is a separate issue.

16:35:29 [dsinger]

q+

16:35:48 [jeff_]

JB: No, I am tracking a user short term. Does that violate definition?

16:36:12 [jeff_]

RF: You can use information to customize page. But not in a log file for a while.

16:36:21 [jeff_]

... we talked about it. Did we make a decision?

16:36:30 [jeff_]

JB: We walked away from it.

16:36:31 [justin]

ack wiley

16:36:37 [jeff_]

SW: Retention issue.

16:36:57 [jeff_]

... If all first parties globally need to look at all inbound refers

16:37:08 [jeff_]

... minimal level of retention to allow aggregation

16:37:15 [jeff_]

... will need user context

16:37:23 [jeff_]

... that is a wrong direction

16:37:38 [jeff_]

... if every website must implement this, DNT will fail quickly

16:37:50 [jeff_]

... go back to core tenets - 1st v 3rd party.

16:37:57 [moneill2]

first-party is all in one context

16:38:02 [jeff_]

... we are getting far afield

16:38:11 [jeff_]

... it will cause the demise of DNT

16:38:30 [jeff_]

RF: From the perspective of "adoption" it helps to have a spec they can adopt.

16:38:40 [jeff_]

... I appreciate that we want compliance from day 1.

16:38:53 [npdoty]

q+ to ask about defining requirements (1st/3rd; or additional requirements on the definition of tracking)

16:38:56 [jeff_]

... but it does no good to have people say they adopted DNT - but they are still tracking.

16:39:07 [WileyS]

Based on Roy's conception of "Tracking" - far too broad at this point based on where we started as a group in my opinion.

16:39:17 [jeff_]

... my preference is that immediate referral data is allowed.

16:39:34 [jeff_]

... based on what we want to achieve - we have a protocol that can communicate the options.

16:39:53 [jeff_]

... we won't get instant adoption

16:40:00 [justin]

ack ds

16:40:01 [jeff_]

... this won't prevent them

16:40:17 [WileyS]

If no one adopts there is no value to adoption for others. Same issue for P3P - if we don't all adopt then there is no motivation for anyone to adopt.

16:40:23 [dsinger]

I was merely going to note that we still need a short-term retention definition (the ‘roach motel’ with only 3 exits)

16:40:24 [jeff_]

DS: @@@ sounds muffled

16:40:35 [vincent]

WileyS, it would be enough for web analytics provider to adapt to DNT, website publishers would not have much to do (if anything)

16:40:49 [WileyS]

Short-term? How short? Monthly and quarterly aggregate roll-ups?

16:41:10 [npdoty]

ack npdoty

16:41:10 [Zakim]

npdoty, you wanted to ask about defining requirements (1st/3rd; or additional requirements on the definition of tracking)

16:41:13 [dsinger]

to WileyS, not that this deals with your issue

16:41:19 [wseltzer]

WileyS, on the other hand, there's a question what the signal communicates, whether or not it's listened to

16:41:24 [jeff_]

Nick: Trying to get around the concern

16:41:48 [jeff_]

... Now we want to limit our scope on tracking - but then we state here is how you comply as a 1st or 3rd party.

16:41:55 [dsinger]

notes that we might not expect many ‘first parties’ to try to or claim compliance, and maybe users are OK with that as an initial state

16:42:00 [fielding]

right, we could exclude "immediate referral data" (which includes headers and URI tokens) from the notion of tracking, but it would be much harder to defend

16:42:02 [jeff_]

... Roy's approach goes back to definition of tracking

16:42:05 [WileyS]

Vincent, those that use 3rd parties (like Adobe), I agree. Anyone who uses their own tracking packages or internal reporting schemes from logs won't be helped.

16:42:09 [jeff_]

... but then - what about things that are out of scope

16:42:19 [dsinger]

q+

16:42:20 [jeff_]

... refers header, link where user came from

16:42:45 [jeff_]

... easier way is to look at other examples for different contexts

16:43:08 [jeff_]

... alternative - look at Roy's new text for 3.3 - elaboration for definition of tracking

16:43:20 [fielding]

yep

16:43:25 [jeff_]

... requirements on defn of tracking

16:43:43 [vincent]

WileyS, I don't think there are a lot of publishers who use internal tools, most use existing tools (Adobe, GA, ...)

16:43:47 [jeff_]

JB: So compliance obligations would be written to make exceptions for what people do?

16:43:54 [moneill2]

+q

16:44:01 [jeff_]

... Roy is saying that we are telling 1st parties not to accept refer headers.

16:44:38 [jeff_]

... You are suggesting that 1st parties can't say "no tracking" because they accept refer headers - but can rely on definition of tracking. Nick?

16:44:43 [WileyS]

Vincent, I don't believe that's true. I'll try to dig up an analytics survey from last year - showed a much higher number (relative percentage) of "self-serve" models in play than you may imagine.

16:44:46 [jeff_]

Nick: That's one approach.

16:44:58 [jeff_]

... but there are other approaches

16:45:12 [dsinger]

q?

16:45:21 [justin]

ack ds

16:45:25 [wseltzer]

q+

16:45:25 [jeff_]

JB: Noone today can respond with an N.

16:45:40 [jeff_]

DS: We can have a 3rd party permitted use "I claim to be the first party"

16:45:59 [jeff_]

... or have a note that we don't expect 3rd parties to adopt at same rate

16:46:19 [jeff_]

... Understand Shane's concerns - but we should still explore this.

16:46:32 [jeff_]

... "I'm clean. I'm not tracking you"

16:46:35 [WileyS]

Note - only 19 participants on today's call. 1 of those being a co-chair and 2 being editors. If we see this dramatic of a drop in attention to this standard, why do we think developing a standard that all web servers globally would need to implement would be adopted?

16:46:39 [jeff_]

... we can soften 1st party problem

16:46:50 [wseltzer]

q+ on use cases/audiences

16:46:54 [vincent]

WileyS, if you could share the survey result that'd be great

16:47:19 [justin]

q?

16:47:22 [jeff_]

JB: It may be OK for first parties not to change their practies short term

16:47:23 [wseltzer]

WileyS, it's also August

16:47:25 [npdoty]

q+ on first party / machine-readable

16:47:28 [WileyS]

Vincent - I'll try to find it again - over a year ago. if you could dig up metrics to back up your statement that only 3rd party tools are used that would be helpful as well.

16:48:05 [jeff_]

Mike: Not just refer headers. But I agree w David. Add special cases.

16:48:14 [fielding]

I think it is a legitimate concern that "all websites" do some amount of "tracking" if we include immediate referral data as tracking data. However, that doesn't make it easier to explain to a user that doesn't want tracking. Is referral data okay for the DNT:1 user?

16:48:22 [justin]

ack ws

16:48:22 [Zakim]

wseltzer, you wanted to comment on use cases/audiences

16:48:24 [justin]

q?

16:48:31 [WileyS]

Oops - forgot to mention 2 of those are staff - so really only 14 participants in total. If August is considered such a low participation period perhaps we shouldn't be meeting righ tnow.

16:48:34 [jeff_]

Wendy: Voice to IRC chat

16:48:46 [jeff_]

... keep in mind various audiences and use cases

16:48:58 [jeff_]

... adoption by servers, users and communication to users

16:49:25 [jeff_]

Shane, we have 3 staff ;)

16:49:27 [justin]

q?

16:49:33 [justin]

ack mon

16:49:47 [WileyS]

I never said that

16:49:51 [dsinger]

to Wileys, on participation, yes, I would be cautious about making ‘decisions’ in a low period, on the other hand, I am appreciating the quality of interaction on this call and the amount of inteliigence and light being shed (by you and others)

16:49:56 [fielding]

WileyS, there is nothing in our specs that requires all servers to implement. They only need to implement if they say they do.

16:50:08 [WaltMichel]

WaltMichel has joined #DNT

16:50:28 [npdoty]

ack npd

16:50:28 [Zakim]

npdoty, you wanted to comment on first party / machine-readable

16:50:30 [justin]

ack npd

16:50:57 [WileyS]

Roy, but if very few servers ever adopt a standard then it fades quickly - much like P3P. Standards only work when there is high adoption - otherwise why have a standard.

16:51:01 [jeff_]

Nick: Machine-readable - your statement is that user agent might not expect DNT from 1st party

16:51:05 [jeff_]

... so less important

16:51:16 [jeff_]

... but not easy to see in practice

16:51:22 [jeff_]

... so we are getting away from it

16:51:32 [jeff_]

... We expect sites to interact with users on their sites.

16:51:38 [jeff_]

... easy to implement DNT

16:51:41 [wseltzer]

[I've never liked the 1st/3d party distinction]

16:51:52 [jeff_]

... referals, data append, setting preferences - more complicated

16:51:52 [fielding]

WileyS, in that case, you don't need to concern yourself about what that non-standard said.

16:52:16 [jeff_]

JB: Where in Roy's spec is data append prohibited?

16:52:31 [WileyS]

Roy, fair, if we want to build a standard that no one will adopt then there is no need to be concerned with that standard.

16:52:33 [jeff_]

Nick: In 3.3 where he elaborates on defn of tracking

16:52:36 [moneill2]

using data collected about another context

16:52:38 [npdoty]

An origin server that sends a TSV of N (not tracking) MUST NOT engage tracking if a similar request is made to the designated resource while that tracking status remains fresh. In other words, the party MUST NOT knowingly collect, retain, use, or share data from a network interaction with the designated resource that would allow that party to associate the same user with tracking data it has previously obtained from user activity in other contexts, MUST NOT retain,

16:52:38 [npdoty]

use, or share data derived from this user activity outside the context in which this activity occurred, and MUST NOT tailor or personalize the response from the designated resource based on data derived from this user's activity in other contexts (aside from contextual data provided by the user in the current request).

16:52:43 [jeff_]

... first paragraph

16:52:46 [jeff_]

RF: Yes.

16:53:38 [jeff_]

JB: I thought for CfO for data append you said no!

16:53:48 [jeff_]

RF: This is about using the information in responding to request.

16:53:52 [WileyS]

Can someone provide an example of data append where they user has not given consent and/or its not public data?

16:54:07 [jeff_]

... If user has DNT=1, they would not get data about their interactions at other sites mixed in at this site.

16:54:35 [jeff_]

JB: But if I send NYT my Yahoo address with DNT=1 with that prohibit searching email address for data broker?

16:54:48 [jeff_]

RF: Yes, that is a strict translation of defn of tracking.

16:54:58 [jeff_]

JB: OK. We had CfO and that issue is closed.

16:55:08 [justin]

q?

16:55:10 [jeff_]

... let's not revisit.

16:55:15 [jeff_]

rrsagent, make minutes

16:55:15 [RRSAgent]

I have made the request to generate http://www.w3.org/2014/08/06-dnt-minutes.html jeff_

16:55:19 [WileyS]

1st party / 3rd party context really does come to the root of the issues we initially were attempting to solve. Expanding the scope so broadly now is only going to cause more confusion and difficulty in implementation.

16:55:20 [jeff_]

Topic: Data minimization

16:55:33 [Zakim]

-AliceL

16:55:38 [jeff_]

JB: Language has been revised

16:55:48 [jeff_]

... rationale?

16:55:57 [jeff_]

RF: I don't remember a consensus

16:56:11 [jeff_]

... minimization already says that you can only collect if for permitted use.

16:56:11 [npdoty]

it might be helpful if we narrowed this proposal down to those things related to issue-203

16:56:21 [jeff_]

... so language is redundant.

16:56:29 [jeff_]

... can go back in if there is a consensus

16:56:53 [jeff_]

JB: OK, so it is editorial

16:56:58 [jeff_]

Topic: Personalization

16:57:01 [justin]

q?

16:57:06 [jeff_]

JB: Language was deleted.

16:57:11 [jeff_]

... Rationale?

16:57:20 [jeff_]

RF: You asked us to delete it.

16:57:21 [npdoty]

I understand it can be difficult to write a narrow proposal when you're working on elaborating a general idea

16:57:39 [jeff_]

JB: I said made sense to delete on frequency capping. Not more broadly.

16:57:44 [jeff_]

RF: OK.

16:58:07 [jeff_]

... It's just a proposal.

16:58:16 [justin]

q?

16:58:40 [jeff_]

Justin: What should we do with this proposal?

16:58:48 [jeff_]

... Chairs and staff should discuss.

16:58:52 [jeff_]

... Thanks, ROy.

16:58:58 [jeff_]

... very thoughtful

16:58:59 [dsinger]

suggest we dig up the ‘tunnel vision’ discussion from the archives, but I don’t recall it being very helpful

16:59:03 [jeff_]

... some reluctance

16:59:15 [jeff_]

... Chris P and Rob could have some significant concerns.

16:59:18 [jeff_]

... keep talking

16:59:46 [npdoty]

q+ on minimal proposal

16:59:47 [jeff_]

RF: Purpose of proposal was to address comments about 1st party v 3rd party.

17:00:21 [jeff_]

... Nick could look through proposal and see what language he wants to use for main TCS; even if just adopting some of the editorial changes.

17:00:27 [jeff_]

... see if worth discussing

17:00:32 [jeff_]

... editorial pass

17:00:47 [dsinger]

q+

17:00:53 [dsinger]

q-

17:00:59 [jeff_]

JB: I've heard the complaint that this favors first party.

17:01:00 [dsinger]

q+ to talk about parties and their size

17:01:10 [Zakim]

+vinay

17:01:22 [jeff_]

... this does not prevent FB from showing up on the NYT showing what people did on FB

17:01:26 [justin]

q?

17:01:48 [jeff_]

RF: FB can be either 1st party, 3rd party, or talk about their own data

17:02:01 [jeff_]

... FB should be able to track if they have consent to do so.

17:02:04 [moneill2]

and they can get consent easier than the others

17:02:13 [jeff_]

JB: They can't use behavioral data.

17:02:26 [jeff_]

... but the concern is whether they can use their information on the NYT.

17:02:33 [jeff_]

... Does this allow?

17:02:37 [jeff_]

RF: Yes.

17:02:53 [npdoty]

hmm... I thought this i203 proposal was written to explicitly define that activity as tracking

17:03:18 [jeff_]

RF: Concern was not about FB showing data. It was about networks of large users can customize ads better

17:03:25 [jeff_]

... does not address that at all.

17:03:32 [justin]

ack npd

17:03:32 [Zakim]

npdoty, you wanted to comment on minimal proposal

17:03:34 [moneill2]

to use the data they need to identify the user on a anotehr context (site)

17:03:45 [jeff_]

.. but gets 1st and 3rd party out of scpe

17:03:51 [jeff_]

s/scpe/spec/

17:03:59 [jeff_]

Nick: Pragmatic suggestion.

17:04:15 [jeff_]

... let's go through the proposal. Which are truly addressing 203?

17:04:36 [jeff_]

JB: Who does the work?

17:04:48 [jeff_]

Nick: Me.

17:04:58 [jeff_]

... with Roy's help

17:05:07 [jeff_]

RF: Vacation next week.

17:05:22 [justin]

ack ds

17:05:22 [Zakim]

dsinger, you wanted to talk about parties and their size

17:05:26 [jeff_]

... take it up in 2 weeks

17:05:32 [johnsimpson]

johnsimpson has left #dnt

17:05:49 [jeff_]

DS: Large companies are benefited by the amount of data that can flow within them.

17:05:57 [jeff_]

... DNT wrong rule to control that.

17:06:14 [jeff_]

... out of our scope

17:06:28 [johnsimpson]

johnsimpson has joined #dnt

17:06:39 [npdoty]

I think I can take a pass at looking through Roy's text for editorial changes or other issues and Roy can help us pull out the issue-203-specific proposal

17:06:46 [jeff_]

JB: Gets to personalization and user expectation

17:07:27 [jeff_]

... this will all go to CfO.

17:07:46 [justin]

q?

17:08:09 [jeff_]

Topic: Audience measurement

17:08:22 [npdoty]

https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Audience_Measurement

17:08:25 [jeff_]

JB: Old issue. Start it this week. Continue next meeting.

17:08:49 [jeff_]

... Kathy Joe set of requirements limit what they can collect

17:09:07 [jeff_]

... others suggested a more global exception

17:09:23 [jeff_]

... Google's DNT for Android has a broad exception

17:09:39 [jeff_]

... Apple's IOS has not audience measurement exception

17:09:42 [WileyS]

+q

17:09:47 [jeff_]

... interested in proposals

17:09:59 [justin]

ack wil

17:10:29 [jeff_]

Shane: My understanding for mobile OS's is that analytics is supported by both IOS and Android.

17:10:45 [jeff_]

... opt outs allow analytics

17:10:57 [jeff_]

... why do you think there is a disconnect?

17:11:04 [jeff_]

JB: I could be wrong...

17:11:06 [fielding]

npdoty, quick editorial improvements would be to adopt section 1 and section 2 (but add links for defn of first party and third party), and then adopt the organization of section 3 (3.1, 3.2, 3.5, and 3.6 can be used verbatim)

17:11:29 [jeff_]

... but my understanding is that limited tracking was very limited to attribution

17:11:29 [npdoty]

dsinger, do you have iOS folks at Apple that would be interested in talking about this?

17:11:36 [jeff_]

... not general analytics.

17:11:48 [jeff_]

Shane: Use Apple developer terms

17:11:58 [jeff_]

... 3.1.11 and 3.1.13

17:12:04 [jeff_]

... developer guidelines

17:12:31 [jeff_]

... 3 questions when submitted to iStore

17:12:40 [jeff_]

... allows analytical perspective

17:13:15 [jeff_]

JB: That was my basis

17:13:23 [jeff_]

... Android says measurement is fine

17:13:30 [jeff_]

... IOS more limited

17:13:34 [jeff_]

... but I could be wrong

17:14:10 [justin]

q?

17:14:15 [jeff_]

DS: I'll look for some help.

17:14:32 [jeff_]

SW: Thanks, David.

17:14:38 [jeff_]

... Also, Android is inconsistent

17:14:39 [Zakim]

+kulick

17:14:42 [moneill2]

is there a call next week?

17:14:47 [kulick]

kulick has joined #dnt

17:14:57 [Zakim]

-johnsimpson

17:15:00 [johnsimpson]

johnsimpson has left #dnt

17:15:01 [npdoty]

moneill2, no call next week (August 13). next call August 20.

17:15:04 [jeff_]

... just advertising or advertising plus analytics

17:15:15 [moneill2]

npdoty, thanks

17:15:37 [npdoty]

maybe we should check in with Heather or other Google folks as well

17:15:38 [jeff_]

... press has been asking

17:15:44 [jeff_]

... Apple has not been that clear

17:16:10 [justin]

q?

17:16:13 [fielding]

poke Thomas ;-)

17:16:44 [jeff_]

[adjourned until 20 August]

17:16:46 [Zakim]

-[FTC]

17:16:47 [Zakim]

-vinay

17:16:47 [Zakim]

-RichardWeaver

17:16:48 [Zakim]

-adrianba

17:16:50 [Zakim]

-justin

17:16:51 [Zakim]

-WileyS

17:16:51 [Zakim]

-moneill2

17:16:52 [jeff_]

rrsagent, make minutes

17:16:52 [RRSAgent]

I have made the request to generate http://www.w3.org/2014/08/06-dnt-minutes.html jeff_

17:16:52 [Zakim]

-dsinger

17:16:52 [Zakim]

-npdoty

17:16:54 [Zakim]

-vincent

17:16:55 [Zakim]

-Jack_Hobaugh

17:16:56 [Zakim]

-Brooks

17:16:58 [Zakim]

-Wendy

17:16:58 [Zakim]

-kulick

17:17:03 [Zakim]

-hefferjr

17:17:04 [Zakim]

-Jeff

17:17:07 [Zakim]

-Fielding

17:17:21 [npdoty]

trackbot, end meeting

17:17:21 [trackbot]

Zakim, list attendees

17:17:21 [Zakim]

As of this point the attendees have been npdoty, Jack_Hobaugh, Fielding, vincent, RichardWeaver, eberkower, justin, +1.646.840.aaaa, moneill2, vinay, Wendy, MECallahan, dsinger,

17:17:24 [Zakim]

... Jeff, AliceL, adrianba, Brooks, +1.310.292.aabb, [FTC], johnsimpson, hefferjr, WileyS, kulick

17:17:29 [trackbot]

RRSAgent, please draft minutes

17:17:29 [RRSAgent]

I have made the request to generate http://www.w3.org/2014/08/06-dnt-minutes.html trackbot

17:17:30 [trackbot]

RRSAgent, bye

17:17:30 [RRSAgent]

I see no action items