Sunnyvale DNT Meeting: Overcast With Skies Clearing

Since I became co-chair of the Tracking Protection Working Group in late 2012, we have faced a metaphorically-apt series of weather challenges for our Face-to-Face meetings: a record snowstorm in Boston in February, heavy snow for our Global Considerations meeting in Berlin in March, and even rain on the first day of our Face-to-Face meeting in Sunnyvale CA this week.

I am pleased to report, however, that the sun came out for the third and final day of the Sunnyvale meeting. We spent two and a half days (and some evenings) fleshing-out the roadmap laid-out in our February meeting in Boston: to build a Tracking Protection standard that will fulfill our W3C charter and bring us to Last Call. In this we were partially successful: the TPE specification (expertly managed by my Co-Chair, Mattias Schunter) is all but completed; but consensus on full text for the compliance document remains elusive. With less than 10 weeks left before the final compliance spec is scheduled to enter Last Call, the stakeholders must find ways to come together for success to be possible. No one who participated in this week’s meetings –whether in-person or remotely– wants all of our hard work to end in stalemate or failure.

To that end, the group reached consensus that there was sufficient progress to merit moving forward, as set forth below. The weeks ahead will not be easy, but the parties involved made it clear they wished to forge ahead. Teleconferences will continue. Importantly, members of the Working Group will need to continue the hard work of drafting text and making progress with each other.

We all know what needs to be done. As we heard at our Boston meeting: “Concessions are welcome, but expected.”

Consensus Action Summary

At the close of the Face-to-Face Meeting on May 6-8, 2013 in Sunnyvale, the Tracking Protection Working Group has consensus that there was sufficient progress during the meeting to merit moving ahead with the Do Not Track standard, toward the July 2013 Last Call deadline. As part of the continued work on the current TPE and TCS specifications, the following specific tasks have emerged from this Face-to-Face:

  1. The group agrees to make the description of the audience measurement permitted use narrower and more precise. This includes normative and non-normative text. It also requires further investigation of the activities included in audience measurement and the concerns of privacy advocates. We agree to try to find audience measurement language that can substitute for the DAA’s market research exception, in order to better align the DAA multisite principles with the DNT specification. We agree to assess both the merits and scope of this possible permitted use.
  2. The initial version of the Tracking Protection specification will be defined with reference to user agents that 1) can access the general browsable Web; 2) have an interface that satisfies the requirements for the user to choose; and 3) can implement the TPE, including the Javascript APIs. Other user agents warrant further study. The scope is vendor-neutral, at the level of principles rather than specific technology details.

    DNT should reflect explicit choice made by a user; there was commitment to explore anti-tampering measures to assure that the DNT state reflects the user’s choice.

    There will be continued exploration of the explanatory language, to provide meaningful information to users, such as in the settings and help screens, and further information published jointly where it can be linked-to from user agents and Web sites.

  3. There was agreement to examine a three-state de-identification process: red, yellow, and green states. A new action item was created to come up with text on these three states with proportionality requirements and transparency into retention limits for both the red and yellow states. New homework assigned to examine DAA code definition of de-identification as normative language with supplemental non-normative language.

    Retention periods for data collected for permitted uses remain an important issue to parties in the group. There is agreement among a broad set of participants that data retention for permitted uses should be proportionate and that there should always be transparency about the data retention periods. Significant work remains to be done on whether to include any specific time limits and on specific transparency requirements.

  4. There will be ongoing discussions of unique identifiers as a critical issue for advocates. We are inviting proposals on ways to solve this issue going forward.