30 Nov 2016

See also: IRC log


wseltzer, mikeoneill, schunter, wileys, npdoty, dsinger, frank, fielding, Roy


schunter: two main items, Frank wanted to update us on the progress plans

<npdoty> schunter: charter is now available for voting, so if you want to support this group, contact your AC rep to vote

<npdoty> wseltzer: each member has one vote, exercised through their AC rep

<npdoty> ... if you want to continue, please ask your AC rep to vote there

<npdoty> ... note from the chairs to the AC with the message discussed on the list

<npdoty> ... thanks dsinger

<wileys> Anyone can send an email to the email list but ACs may not be reading those

update from Frank

<npdoty> can someone who can hear take notes?

frank: Conversation with Marit Hansen, Schleswig-Holstein
... they will support a evaluation
... meeting with Mike O'Neill last week
... during December, we will write a short proposal about the evaluation
... share with Nielsen, Reuters, to ask how they could support the evaluation process
... Also, I have been invited to speak to the European Academy of Free Information and Privacy in Berlin
... founded by Berlin DPA
... Marit is aware our interest in using DNT to create opt-in mechanism for GDPR
... she/her staff will support our efforts to build evaluation
... good to have involvement from a DPA who's technical
... good to see how an opt-in enforced by GDPR could work in real-life
... European Academy, people highly interested to realize that DNT is not a blocking mechanism but one that can handle user consent
... countered the perception that DNT is dead
... showed option to use DNT to get consent from customers

Vincent: I second that

schunter: So our plan woudl be that labs and Mike work on a prototype, evaluate with Marit for compliance mechanism

frank: I don't expect DPA "endorsement" of a solution
... but that mechanism is sufficient to comply with GDPR requirements

<npdoty> what kind of party is this an evaluation for? like a publisher showing that they have consent from their users? or a third-party embedded item?

schunter: and we might get feedback that more is needed
... what's the timeframe?

frank: it would be good to finish by summer

<wileys> Would likely be more accessible for a Publisher to setup their own OOB opt-in control versus supporting DNT as they’d have more control and wouldn’t be giving away messaging and controls to a web browser.

frank: we also need to work on UI
... some remarks to help the user understand, make sure it's a real consent

mikeoneill: most of the UI will ultimately go on the website

<wileys> So while I see EU regulators stating DNT is “an option for opt-in consent” the likely outcome is that publishers will build their own experience so they can own messaging and controls from that point forward.

schunter: sounds like good progress, we'll look forward to updates

frank: Nielsen and Thomson Reuters mentioned in Lisbon interst in pursuing evaluation

<npdoty> yeah, I'd like to read more about the details of the potential evaluation -- is this for publishers or third-parties? are they using DNT headers and browser controls, or storing consent with cookies?

Vincent: feedback from Peter Schaar was also useful
... sharing info on DNT

schunter: Call 2 weeks ago didn't happen
... or happened without chair
... [or minutes]

wileys: peter walked us through EFF's position and thinking
... fielding questions from WG on particular elements

mikeoneill: I talked with Alan Toner after meeting in Berlin, supporting TPE work
... let's get away from 2 DNTs, collaborate

<npdoty> +1 on getting away from idea of multiple DNT's

schunter: what was the opinion on the call?

wileys: Peter saw value, wanted to spend more time looking at it
... he could see value in single tech standard, allowing for differentiation on policy side

schunter: I'd like to get someone from EFF back into the call regularly
... work through issues on TPE
... I think it's good to get more implementations

npdoty: we opened some issues on EFF's implementation
... to note the gaps
... did that capture everything?

mikeoneill: consent isn't emphasized in theirs

npdoty: issues captured in EFF's repo


schunter: Issue 5

<schunter> https://github.com/w3c/dnt/issues

<npdoty> https://github.com/w3c/dnt/issues/5

<npdoty> Delivering Tk response via meta tag, and extending it to contain a reference to the TSR #5

mikeoneill: basic problem: it's hard for sites to have control over response headers and access to .well-known location

<npdoty> do we need to define http-equiv meta tags? or is it already understood that browsers will interpret http-equiv as the corresponding response headers?

mikeoneill: so I suggested using META element
... similar to CSP
... Second, site with thousands of websites
... how do they communicate control

schunter: start with first one, meta element

dsinger: 2 issues
... should we put TSR URL in TK header
... should we document http-equiv

<dsinger> I’d like to see this split into (at least) two issues: (a) mention the use of http-equiv as permitted; (b) allow the TSR URL to be in the response header

mikeoneill: origin policy manifest
... you don't want to deliver on every webpage
... why do they also need a TSR

<npdoty> can we postpone the possible later combination with other origin policy or other manifests?

schunter: I don't see a downside to saying we can also deliver http-equiv
... unless someone here objects, propose a resolution and send to the list

<dsinger> I don’t see a problem with a “Note: the Tk header can also delivered using http-equiv (and give a reference)”

<dsinger> (presuming it’s true. Roy knows better than me)

schunter: Issue 6, JS API, homework to split into multiple issues
... 7

mikeoneill: talking to Medium, issue came up how do you know whether browser supports DNT API
... you used to be able to @@
... but Edge changed the function
... I sent a bug report to Edge
... they responded, saying implementing API
... it would be good to get feedback

schunter: since Edge implemnets API incorrectly, they always report false

npdoty: sounds like an implementation bug
... impls need to make sure fn exists if implmented
... I'd oppose adding to UA string

mikeoneill: timing problem

<npdoty> so can we open a bug on Edge and close this spec issue?

schunter: don't include functions in standard to work around buggy implementation
... not an issue we should address in standard

mikeoneill: I'll close the issue
... @@ revoke consent


<npdoty> https://github.com/w3c/dnt/issues/8

mikeoneill: you'd like to be able to say you've made a decision, revoked consent
... so you don't get asked again

dsinger: this is off in the weeds

<npdoty> +1 to dsinger, don't need to add more to DNT: 1 here

dsinger: don't think it helps, e.g. how far back do you remember

<npdoty> sites can remember whether they previously asked users things using cookies, if they like

npdoty: you can use a cookie. DNT-cookieflow=1

mikeoneill: you could have a low entropy cookie, consent-revoked
... I'll think about that and get back to the list

<fwagner_> sorry, I have to drop off now.

[discussion of charter status: we're currently in a short-term extension]

<wileys> When is our next meeting?

<wileys> 12/14 is the next call?

<npdoty> I may need to join late for December 14th call

<dsinger> regrets for the 14th Dec, sorry (AB meeting)

schunter: next call Dec 14, technical issues

<wileys> This will likely be the last one for this year due to holidays - agreed?

<wileys> LOL



Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.148 (CVS log)
$Date: 2016/11/30 18:02:31 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.148  of Date: 2016/10/11 12:55:14  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/test/evaluation/
Succeeded: s/allow/document/
Succeeded: s/URL/TSR URL/
No ScribeNick specified.  Guessing ScribeNick: wseltzer
Inferring Scribes: wseltzer
Present: wseltzer mikeoneill schunter wileys npdoty dsinger frank fielding Roy

WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Got date from IRC log name: 30 Nov 2016
Guessing minutes URL: http://www.w3.org/2016/11/30-dnt-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]