W3C

- DRAFT -

Tracking Protection Working Group Teleconference

05 Oct 2016

See also: IRC log

Attendees

Present
npdoty, wseltzer, rvaneijk, dsinger, moneill2, vincent, jeff, wileys, walter, matthias_matthiesen, aleecia, schunter, craig
Regrets
Chair
SV_MEETING_CHAIR
Scribe
npdoty

Contents

<wileys> 11 people in the WebEx (2 are call-in users)

<walter> So is Shane

<scribe> scribenick: npdoty

<wseltzer> schunter: Reports out from TPAC, call with EFF, Recharter

TPAC report

schunter: breakout session in Lisbon, 20 or so organizations in the room
... Mike gave a quick tutorial on his implementation; a presentation on regulatory changes with reference to DNT and technology for managing consent
... during discussion, companies expressing new interest, DT interested in working with a regulator on a reference implementation

wileys: sense in the room: how interested were people? interest in implementations? or only passive?

schunter: one new implementer sounded committed, one implementer sounded just interested
... wanted feedback from regulator

<walter> wileys: do realise that Deutsche Telekom is the largest telco in Europe

wileys: if only a test, sounds like not exploring all the features

<rvaneijk> DT expressed a genuine full TPE implementation

moneill2: people were surprised regarding GDPR, didn't realize the situation

<walter> Vincent's presentation is very useful BTW

<wileys> Walter - Yes, Yahoo works with DT

<vincent_> I think they'll have interest in implementing the excpetions to get consent

moneill2: interest in working with a DPA in Europe

wileys: I wouldn't expect a lot of implementations in the near-term

moneill2: some implementations already; what we need is feedback from the regulators

<vincent_> so i don't know if they'd go for a full implementation, but they would likely go for the exceptions

schunter: could have sufficient number of implementations already, but more important would be confidence in use

<wileys> Fair - good to have someone test exceptions in production at scale

schunter: about us having confidence that the current TPE could fit this use case
... the Compliance spec not needed in this scenario, implementer would just use the law as Compliance

aleecia: we would get feedback during the process of implementation, not the end

wileys: activity would be in 2017, so do we need re-chartering now

aleecia: agree that not much should be expected before January

schunter: expect changes/feedback over the summer (2017?) and release in September

<Zakim> dsinger, you wanted to talk about re-chartering

<wseltzer> +1

dsinger: would want a charter approved by the end of the year, because of time needed for approval

schunter: +1, will talk charter in the minute
... do this experimentation on the technology, and if it's viable, then we push it out
... pause TCS for now, not hearing implementation traction

<Zakim> dsinger, you wanted to talk about TCS

<wileys> +1

<wileys> +q

dsinger: need the TCS to sit in CR. have a problem in the browser-side explaining what DNT is, if the compliance could be anything
... could be different from TCS exactly -- e.g. could be stronger -- but if we have nothing, it's very hard to explain what is being done

wileys: hearing momentum for the EU, which has the law rather than the TCS (Compliance spec), up to individual companies and courts to figure out
... wouldn't want to call it a floor, even

<schunter> IMHO the definition of tracking / not tracking is key and may be sufficient and must not be redefined by TCS.

<dsinger> kinda agree with Shane; I think the best is to leave the TCS in CR and wait and see. neither promote it to Rec nor withdraw it. We need to struggle with the ‘floor’ issue…

<schunter> +1

<vincent_> GDPR will start to be applied in 2018, in the meantime it would be useful to have a baseline

<schunter> (leaving the TCS in CR)

wileys: would be embarrassing if someone came out with a compliance implementation that was weaker than TCS
... up to the implementer what they reference in terms of compliance
... -1 on TCS as floor, because it would be subjective, or difficult to compare them
... TCS could be there as a reference point, but TPE already allows pointing to different compliance

schunter: agree TCS not a priority, concern about how to do it to take on later

walter: supportive of having a baseline. not having a compliance spec at all would have practical issues
... this group started with the expectation of not having a particular regulatory rule

<schunter> FCC consumer deception may play a role: If a site claims "no tracking" while doing something deceptive, it may get the FCC activated.

walter: comparisons could be done by courts and regulators, not needed to be done by tpwg
... although it may not be sufficient for EU purposes

<dsinger> the question revolves around how we make a reasonable, consistent, explanation to users, so that their consent is, ahem, informed

schunter: postpone this discussion for later
... will circulate draft charter later

Chartering

schunter: don't like us being without a charter, need to propose something by the end of the month

<walter> jeff, yes, at the same time an alternative TCS that says: whatever you say, we will track you anyway would be deceptive

schunter: W3C eager for Process compliance
... so my goal would be to circulate a draft in the next week

<jeff> Walter, I agree with you - but we already allowed that at the last round. Unless we want to reopen it.

moneill2: discuss charter on the list and in next call? -- yes.

wseltzer: Process to help the group focus on its work, concrete proposals for meeting deadlines we can make the group more likely to succeed
... want to avoid limbo
... particularly want to have a timeline

report from eff call

schunter: EFF has its own compliance policy, its own server response
... would be a shame to have this community divided
... can we use the standardized technology?

<walter> some of the issues I raised will be encountered by EFF as well

schunter: sounded positive on that point, as long as that doesn't require endorsing a particular Compliance spec
... initial exploration, EFF will now talk with their own implementers
... will get back to us

aleecia: +1

npdoty: same as previous issues I had raised before, well-known location, etc.

schunter: yes
... unbundling of technology and compliance happened, policy flexibility should allow using the technology

<walter> +1

talk again next week? or in two weeks?

<vincent_> agree, can't attend next week either

wileys: would like some heads up regarding meetings

schunter: could talk on the phone in two weeks (19 October), but start charter discussion on email

biweekly meetings and cancel if not needed

<wileys> Oops - 9am to 10am

<wileys> PT

trackbot, end meeting

<wileys> My PT and am got mixed :-(

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.144 (CVS log)
$Date: 2016/10/05 16:36:56 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.144  of Date: 2015/11/17 08:39:34  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/jeff: yes/jeff, yes/
Found ScribeNick: npdoty
Inferring Scribes: npdoty
Default Present: npdoty, wseltzer, rvaneijk, dsinger, moneill2, vincent, jeff, wileys, walter, matthias_matthiesen, aleecia, schunter, craig
Present: npdoty wseltzer rvaneijk dsinger moneill2 vincent jeff wileys walter matthias_matthiesen aleecia schunter craig

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 05 Oct 2016
Guessing minutes URL: http://www.w3.org/2016/10/05-dnt-minutes.html
People with action items:
[End of scribe.perl diagnostic output]