W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are

From: Jeffrey Chester <jeff@democraticmedia.org>
Date: Thu, 02 Feb 2012 09:17:29 -0500
Cc: John Simpson <john@consumerwatchdog.org>, David Wainberg <dwainberg@appnexus.com>, Tracking Protection Working Group WG <public-tracking@w3.org>
Message-id: <B2CDD4FD-0D23-4A69-9012-E8CB519FA407@democraticmedia.org>
To: Shane Wiley <wileys@yahoo-inc.com>
Thanks.  I am reading thread now and will respond.  On Market research, I agree with your suggestion that we should state it cannot be used to "alter a user's experience."  Trends are one thing, real or campaign-time optimization is another.  

> Jeff,
>  
> I too look forward to further discussion and fine tuning.
>  
> On the Market Research topic, if we further stated this could not be used to directly alter a user’s experience (targeting, real-time optimization, etc.), would that make it less dangerous to you?
>  
> Thank you,
> - Shane
>  
> From: Jeffrey Chester [mailto:jeff@democraticmedia.org] 
> Sent: Wednesday, February 01, 2012 4:12 PM
> To: John Simpson; David Wainberg; Shane Wiley; Tracking Protection Working Group WG
> Subject: Re: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are
>  
>  
> I also have concerns about these exceptions and we need to fine-tune and vet them carefully.  First, the notion that DNT will "break the Internet" is over-broad.  What we are talking about are the business practices and conditions for digital marketing.  As I expressed last week, I am in favor in principle of supporting current practices used for ad monetization/delivery practices in a DNT environment.  But we need to specify how such exemptions permit an individual who doesn't wish to be tracked.  If DNT:1 is sent, then we need to have system where frequency capping cannot occur using traditional methods.  So I look forward to granular discussion on these.  As for market research, this is used as part of the profiling process, in addition to trend analysis (esp. as we move further with real-time optimization).  I assume panelists will disable DNT, so no exemption needed for them.  When research is to be conducted other ways, they should respect DNT.  
>  
>  
>  
> 
> 
> It seems to me you're starting open a floodgate of exceptions.  I don't understand the need for the "market research" exception. In addition each exception should come with a limit on long the data can be retained.
>  
>  
> On Jan 31, 2012, at 10:42 AM, David Wainberg wrote:
> 
> 
> In addition to these use based exceptions, shouldn't there be collection based exceptions that incentivize privacy-friendly technologies that use less data or store it in privacy safe ways? For example, where would Adnostic fall?
> 
> On 1/31/12 12:57 AM, Shane Wiley wrote:
> I would also propose the addition of “Product Improvement” to cover “customer service inquiries, debugging, and non-user specific modeling for algorithmic improvements.”
>  
> From: Shane Wiley 
> Sent: Monday, January 30, 2012 10:54 PM
> To: public-tracking@w3.org
> Subject: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are
>  
> Description:
> Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are
>  
> NOTE – Initially captured in ISSUE-22
>  
> Draft:
> <Non-Normative>
> In order to not "break the Internet" and still protect consumer privacy concerns, it will be necessary to provide operational
> purpose exceptions for critically necessary business activities even when the DNT signal is on. There are several key categories of data collection and use that must remain intact such that web site operators who are (in the vast majority) offering their services free of charge in exchange for advertising on their properties.
>  
> In order to motivate immediate web-wide implementation of the DNT standard upon release it will be important to focus on use based exceptions initially.  Where technical solutions exist and are readily available, parties should transition to these options over use-based restrictions.  It’s difficult to put an exact date for when these solutions will become generally available in the marketplace but it will be critical for large site operators to collaborate with industry and academics to develop these future solutions as soon as possible.
>  
> With this in mind, the following exceptions are to be interpreted as MUST employ use-based controls and SHOULD employ technology solutions that avoid collection in the first place.
>  
> <Normative>
> Parties may continue to collect and use data in a very limited number of operational purposes outlined here:
>  
> - Frequency Capping:  A form of historical tracking to ensure the number of times a user sees the same ad is kept to a minimum.  Provides a benefit to users to not see the same ad over and over again, as well as, a benefit to advertisers who receive negative brand reaction if an ad is shown too many times to users.  Capping data collection and use SHOULD be limited to only campaign IDs and frequency counters where possible.
>  
> - Financial Logging:  Ad impressions and clicks (and sometimes conversions) events are tied to financial transactions (this is how online advertising is billed) and therefore must be collected and stored for billing and auditing purposes.  Information such as what targeting criteria existed for a particular ad campaign MAY need to be retained for audit purposes to demonstrate an ad server met its obligations to an advertiser.
>  
> - Aggregated & Anonymous Reporting:  Data may be retained if it is de-identified and aggregated in such a manner as to not allow re-identification of an individual or unique device.
>  
> - 3rd Party Auditing:  As online advertising is a billed event and there are concerns with accuracy in impression counting and quality of placement so 3rd party auditors provide an independent reporting service to advertisers and agencies so they can compare reporting for accuracy.
>  
> - Security:  >From traditional security attacks to more elaborate fraudulent activity, Ad Servers and Publishers must have the ability to log data about suspected bad actors to discern and filter their activities from legitimate transactions. This information is sometimes shared across 3rd parties in cooperatives to help reduce the daisy-chain effect of attacks across the ad ecosystem.
>  
> - Market Research:  Data collected for the express purpose of market research MAY be retained at a per user/device level for a limited time to allow for reasonable aggregation.
>  
> ----------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> 1750 Ocean Park Blvd. ,Suite 200
> Santa Monica, CA,90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org
>  
>  
Received on Thursday, 2 February 2012 14:18:23 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:24 UTC