See also: IRC log
schunter: two main items, Frank wanted to update us on the progress plans
<npdoty> schunter: charter is now available for voting, so if you want to support this group, contact your AC rep to vote
<npdoty> wseltzer: each member has one vote, exercised through their AC rep
<npdoty> ... if you want to continue, please ask your AC rep to vote there
<npdoty> ... note from the chairs to the AC with the message discussed on the list
<npdoty> ... thanks dsinger
<wileys> Anyone can send an email to the email list but ACs may not be reading those
<npdoty> can someone who can hear take notes?
frank: Conversation with Marit
Hansen, Schleswig-Holstein
... they will support a evaluation
... meeting with Mike O'Neill last week
... during December, we will write a short proposal about the
evaluation
... share with Nielsen, Reuters, to ask how they could support
the evaluation process
... Also, I have been invited to speak to the European Academy
of Free Information and Privacy in Berlin
... founded by Berlin DPA
... Marit is aware our interest in using DNT to create opt-in
mechanism for GDPR
... she/her staff will support our efforts to build
evaluation
... good to have involvement from a DPA who's technical
... good to see how an opt-in enforced by GDPR could work in
real-life
... European Academy, people highly interested to realize that
DNT is not a blocking mechanism but one that can handle user
consent
... countered the perception that DNT is dead
... showed option to use DNT to get consent from customers
Vincent: I second that
schunter: So our plan woudl be that labs and Mike work on a prototype, evaluate with Marit for compliance mechanism
frank: I don't expect DPA
"endorsement" of a solution
... but that mechanism is sufficient to comply with GDPR
requirements
<npdoty> what kind of party is this an evaluation for? like a publisher showing that they have consent from their users? or a third-party embedded item?
schunter: and we might get
feedback that more is needed
... what's the timeframe?
frank: it would be good to finish by summer
<wileys> Would likely be more accessible for a Publisher to setup their own OOB opt-in control versus supporting DNT as they’d have more control and wouldn’t be giving away messaging and controls to a web browser.
frank: we also need to work on
UI
... some remarks to help the user understand, make sure it's a
real consent
mikeoneill: most of the UI will ultimately go on the website
<wileys> So while I see EU regulators stating DNT is “an option for opt-in consent” the likely outcome is that publishers will build their own experience so they can own messaging and controls from that point forward.
schunter: sounds like good progress, we'll look forward to updates
frank: Nielsen and Thomson Reuters mentioned in Lisbon interst in pursuing evaluation
<npdoty> yeah, I'd like to read more about the details of the potential evaluation -- is this for publishers or third-parties? are they using DNT headers and browser controls, or storing consent with cookies?
Vincent: feedback from Peter
Schaar was also useful
... sharing info on DNT
schunter: Call 2 weeks ago didn't
happen
... or happened without chair
... [or minutes]
wileys: peter walked us through
EFF's position and thinking
... fielding questions from WG on particular elements
mikeoneill: I talked with Alan
Toner after meeting in Berlin, supporting TPE work
... let's get away from 2 DNTs, collaborate
<npdoty> +1 on getting away from idea of multiple DNT's
schunter: what was the opinion on the call?
wileys: Peter saw value, wanted
to spend more time looking at it
... he could see value in single tech standard, allowing for
differentiation on policy side
schunter: I'd like to get someone
from EFF back into the call regularly
... work through issues on TPE
... I think it's good to get more implementations
npdoty: we opened some issues on
EFF's implementation
... to note the gaps
... did that capture everything?
mikeoneill: consent isn't emphasized in theirs
npdoty: issues captured in EFF's repo
schunter: Issue 5
<schunter> https://github.com/w3c/dnt/issues
<npdoty> https://github.com/w3c/dnt/issues/5
<npdoty> Delivering Tk response via meta tag, and extending it to contain a reference to the TSR #5
mikeoneill: basic problem: it's hard for sites to have control over response headers and access to .well-known location
<npdoty> do we need to define http-equiv meta tags? or is it already understood that browsers will interpret http-equiv as the corresponding response headers?
mikeoneill: so I suggested using
META element
... similar to CSP
... Second, site with thousands of websites
... how do they communicate control
schunter: start with first one, meta element
dsinger: 2 issues
... should we put TSR URL in TK header
... should we document http-equiv
<dsinger> I’d like to see this split into (at least) two issues: (a) mention the use of http-equiv as permitted; (b) allow the TSR URL to be in the response header
mikeoneill: origin policy
manifest
... you don't want to deliver on every webpage
... why do they also need a TSR
<npdoty> can we postpone the possible later combination with other origin policy or other manifests?
schunter: I don't see a downside
to saying we can also deliver http-equiv
... unless someone here objects, propose a resolution and send
to the list
<dsinger> I don’t see a problem with a “Note: the Tk header can also delivered using http-equiv (and give a reference)”
<dsinger> (presuming it’s true. Roy knows better than me)
schunter: Issue 6, JS API,
homework to split into multiple issues
... 7
mikeoneill: talking to Medium,
issue came up how do you know whether browser supports DNT
API
... you used to be able to @@
... but Edge changed the function
... I sent a bug report to Edge
... they responded, saying implementing API
... it would be good to get feedback
schunter: since Edge implemnets API incorrectly, they always report false
npdoty: sounds like an
implementation bug
... impls need to make sure fn exists if implmented
... I'd oppose adding to UA string
mikeoneill: timing problem
<npdoty> so can we open a bug on Edge and close this spec issue?
schunter: don't include functions
in standard to work around buggy implementation
... not an issue we should address in standard
mikeoneill: I'll close the
issue
... @@ revoke consent
8?
<npdoty> https://github.com/w3c/dnt/issues/8
mikeoneill: you'd like to be able
to say you've made a decision, revoked consent
... so you don't get asked again
dsinger: this is off in the weeds
<npdoty> +1 to dsinger, don't need to add more to DNT: 1 here
dsinger: don't think it helps, e.g. how far back do you remember
<npdoty> sites can remember whether they previously asked users things using cookies, if they like
npdoty: you can use a cookie. DNT-cookieflow=1
mikeoneill: you could have a low
entropy cookie, consent-revoked
... I'll think about that and get back to the list
<fwagner_> sorry, I have to drop off now.
[discussion of charter status: we're currently in a short-term extension]
<wileys> When is our next meeting?
<wileys> 12/14 is the next call?
<npdoty> I may need to join late for December 14th call
<dsinger> regrets for the 14th Dec, sorry (AB meeting)
schunter: next call Dec 14, technical issues
<wileys> This will likely be the last one for this year due to holidays - agreed?
<wileys> LOL
https://github.com/w3c/dnt/issues
[adjourned]
This is scribe.perl Revision: 1.148 of Date: 2016/10/11 12:55:14 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/test/evaluation/ Succeeded: s/allow/document/ Succeeded: s/URL/TSR URL/ No ScribeNick specified. Guessing ScribeNick: wseltzer Inferring Scribes: wseltzer Present: wseltzer mikeoneill schunter wileys npdoty dsinger frank fielding Roy WARNING: No meeting title found! You should specify the meeting title like this: <dbooth> Meeting: Weekly Baking Club Meeting WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Got date from IRC log name: 30 Nov 2016 Guessing minutes URL: http://www.w3.org/2016/11/30-dnt-minutes.html People with action items:[End of scribe.perl diagnostic output]