Re: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are from Bryan Sullivan on 2012-02-02 (public-tracking@w3.org from February 2012)

From: Bryan Sullivan <blsaws@gmail.com>
Date: Wed, 01 Feb 2012 20:42:07 -0800
To: Shane Wiley <wileys@yahoo-inc.com>, John Simpson <john@consumerwatchdog.org>, David Wainberg <dwainberg@appnexus.com>
CC: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-ID: <CB4F50C8.1081D%blsaws@gmail.com>
The list is about as long as it needs to be, covering (with the addition of
Product Improvement which I brought up at the F2F) most essential BAU
purposes. Note that "Aggregated & Anonymous Reporting" IMO inherently
depends upon the short-term retention of data as the data cannot be
instantly aggregated, and some reporting (e.g. for Market Research and
Product Improvement) depends upon analyzing the clickstream (uniquely, but
anonymously)   thus the intent of "Market Research" is contained within
"Aggregated & Anonymous Reporting".

Thanks,
Bryan

From:  Shane Wiley <wileys@yahoo-inc.com>
Date:  Wed, 1 Feb 2012 16:36:55 -0800
To:  John Simpson <john@consumerwatchdog.org>, David Wainberg
<dwainberg@appnexus.com>
Cc:  Tracking Protection Working Group WG <public-tracking@w3.org>
Subject:  RE: ACTION-49: Propose what the operational carve-outs for
3.6.1.2.1  (e.g. debugging by 3rd party) are
Resent-From:  <public-tracking@w3.org>
Resent-Date:  Thu, 02 Feb 2012 00:37:40 +0000

John,

The intention is not to ³open a floodgate² of exceptions but rather to
narrowly define those areas necessary to keep the lights on and money
flowing into web site publishers¹ hands so they can keep the free content
flowing for users.
 
Market Research is a tricky one (why I didn¹t originally include it) but
offers real benefits to the marketplace and is not used to alter a user¹s
online experience so the concept of profiling for targeting is removed.  I
look forward to discussing it more so we can find the middle point between
your concerns and still providing society the valuable findings market
research provides.
 
Thank you,
Shane
 

From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Wednesday, February 01, 2012 3:32 PM
To: David Wainberg
Cc: Shane Wiley; Tracking Protection Working Group WG
Subject: Re: ACTION-49: Propose what the operational carve-outs for
3.6.1.2.1 (e.g. debugging by 3rd party) are
 
It seems to me you're starting open a floodgate of exceptions.  I don't
understand the need for the "market research" exception. In addition each
exception should come with a limit on long the data can be retained.

 

 

On Jan 31, 2012, at 10:42 AM, David Wainberg wrote:


In addition to these use based exceptions, shouldn't there be collection
based exceptions that incentivize privacy-friendly technologies that use
less data or store it in privacy safe ways? For example, where would
Adnostic fall?

On 1/31/12 12:57 AM, Shane Wiley wrote:
I would also propose the addition of ³Product Improvement² to cover
³customer service inquiries, debugging, and non-user specific modeling for
algorithmic improvements.²
 

From: Shane Wiley 
Sent: Monday, January 30, 2012 10:54 PM
To: public-tracking@w3.org
Subject: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1
(e.g. debugging by 3rd party) are
 
Description:
Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd
party) are
 
NOTE  Initially captured in ISSUE-22
 
Draft:
<Non-Normative>
In order to not "break the Internet" and still protect consumer privacy
concerns, it will be necessary to provide operational
purpose exceptions for critically necessary business activities even when
the DNT signal is on. There are several key categories of data collection
and use that must remain intact such that web site operators who are (in the
vast majority) offering their services free of charge in exchange for
advertising on their properties.
 
In order to motivate immediate web-wide implementation of the DNT standard
upon release it will be important to focus on use based exceptions
initially.  Where technical solutions exist and are readily available,
parties should transition to these options over use-based restrictions.
It¹s difficult to put an exact date for when these solutions will become
generally available in the marketplace but it will be critical for large
site operators to collaborate with industry and academics to develop these
future solutions as soon as possible.
 
With this in mind, the following exceptions are to be interpreted as MUST
employ use-based controls and SHOULD employ technology solutions that avoid
collection in the first place.
 
<Normative>
Parties may continue to collect and use data in a very limited number of
operational purposes outlined here:
 
- Frequency Capping:  A form of historical tracking to ensure the number of
times a user sees the same ad is kept to a minimum.  Provides a benefit to
users to not see the same ad over and over again, as well as, a benefit to
advertisers who receive negative brand reaction if an ad is shown too many
times to users.  Capping data collection and use SHOULD be limited to only
campaign IDs and frequency counters where possible.
 
- Financial Logging:  Ad impressions and clicks (and sometimes conversions)
events are tied to financial transactions (this is how online advertising is
billed) and therefore must be collected and stored for billing and auditing
purposes.  Information such as what targeting criteria existed for a
particular ad campaign MAY need to be retained for audit purposes to
demonstrate an ad server met its obligations to an advertiser.
 
- Aggregated & Anonymous Reporting:  Data may be retained if it is
de-identified and aggregated in such a manner as to not allow
re-identification of an individual or unique device.
 
- 3rd Party Auditing:  As online advertising is a billed event and there are
concerns with accuracy in impression counting and quality of placement so
3rd party auditors provide an independent reporting service to advertisers
and agencies so they can compare reporting for accuracy.
 
- Security:  From traditional security attacks to more elaborate fraudulent
activity, Ad Servers and Publishers must have the ability to log data about
suspected bad actors to discern and filter their activities from legitimate
transactions. This information is sometimes shared across 3rd parties in
cooperatives to help reduce the daisy-chain effect of attacks across the ad
ecosystem.
 
- Market Research:  Data collected for the express purpose of market
research MAY be retained at a per user/device level for a limited time to
allow for reasonable aggregation.
 

----------

John M. Simpson

Consumer Advocate

Consumer Watchdog

1750 Ocean Park Blvd. ,Suite 200

Santa Monica, CA,90405

Tel: 310-392-7041

Cell: 310-292-1902

www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>

john@consumerwatchdog.org
Received on Thursday, 2 February 2012 04:42:53 UTC