W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: Issue 115, exemptions, best practices: Issue 25 and 34

From: Lee Tien <tien@eff.org>
Date: Mon, 13 Feb 2012 08:33:06 -0800
Message-Id: <7DC20E97-9B7F-4849-A6F2-C1E9A5718C86@eff.org>
To: "Amy Colando (LCA)" <acolando@microsoft.com>
Cc: Alan Chapell <achapell@chapellassociates.com>, Jeffrey Chester <jeff@democraticmedia.org>, Kathy Joe <K.Joe@esomar.org>, Jules Polonetsky <julespol@futureofprivacy.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "adam.phillips@realresearch.co.uk" <adam.phillips@realresearch.co.uk>
Alan and Amy,

What would users learn about what granting an exemption means for  
their data under your approach?

Lee

Sent from my iPod

On Feb 13, 2012, at 7:44 AM, "Amy Colando (LCA)"  
<acolando@microsoft.com> wrote:

> Alan, I agree. Some of the text I previously submitted (will have to  
> look up issue number) on user override/consent could be helpful here  
> and would allow for the continued evolution of law/business model/ 
> consumer expectations.
>
> Sent from my Windows Phone
> From: Alan Chapell
> Sent: 2/13/2012 6:55 AM
> To: Jeffrey Chester; Kathy Joe
> Cc: Jules Polonetsky; public-tracking@w3.org; 'adam.phillips@realresearch.co.uk 
> '
> Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34
>
> Jeff -
>
> I'm concerned that you're attempting to set a granular, world-wide  
> standard for disclosures – which may conflict with local law, and cr 
> eate another layer of legal and technical hurdles for small to mid-s 
> ized publishers --- most of whom are already in compliance with loca 
> l consumer protection law. And it would seem to me that a world-wide 
>  analysis of how these new rules work across jurisdictions would be  
> a pretty significant undertaking on our end.
>
> Why not simply state that sites seeking exemptions should  
> communicate those requests clearly and in line with consumer  
> protection law(s) in the jurisdiction(s) in which they operate?
>
>
> Cheers,
>
> Alan Chapell
> Chapell & Associates
> 917 318 8440
>
>
> From: Jeffrey Chester <jeff@democraticmedia.org>
> Date: Mon, 13 Feb 2012 09:12:52 -0500
> To: Kathy Joe <K.Joe@esomar.org>
> Cc: Jules Polonetsky <julespol@futureofprivacy.org>, Alan Chapell <achapell@chapellassociates.com 
> >, "public-tracking@w3.org" <public-tracking@w3.org>, "'adam.phillips@realresearch.co.uk 
> '" <adam.phillips@realresearch.co.uk>
> Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34
> Resent-From: <public-tracking@w3.org>
> Resent-Date: Mon, 13 Feb 2012 14:13:46 +0000
>
> For any site seeking an exemption, it should be required to explain  
> clearly upfront how the data is to be collected and used.  This  
> isn't the privacy policy, which few people read and generally fails  
> to explain what goes on.  When a user has DNT:1 on, the bar for the  
> exemption process should be reasonably higher in terms of candid  
> disclosure.  If the research community can live with such candor,  
> given what ever rules are applied by W3C, that's fine.
>
> Happy to discuss this issue further.  I understand the need to use  
> panels, etc., but we should establish a clear digital bright line  
> for the exemption process.
>
>
>
>
>
>> Hi Jeffrey,
>>
>> The conditions on best practice for sites to manage exemptions  
>> include: A site should not use a special landing page that has been  
>> designedprincipally to convert a user to agree to permit an  
>> exemption. …A site should not offer  rewards and incentives for a  
>> user to approve of an exemption.
>>
>> We appreciate what you are aiming to do but a blanket ban would  
>> harm research and make it impossible to ask people to take part in  
>> surveys as research panels offer respondents small incentives to  
>> participate in research.
>>
>> In our text for Issue 25 and 34 (see below), we outline how site  
>> users might be recruited to a research panel and agree to  
>> participate in research that could  gather site specific or cross  
>> site data. The research site explains what information would be  
>> collected, the purpose of the research and provides a mechanism for  
>> the user to give their consent. If panel members elect to be  
>> tracked, it is with their consent as part of their agreement with  
>> the research organisation. They can opt-out at any time.
>>
>> If a user agrees to the terms of participation having received  
>> transparent information in the site’s privacy policy they would be 
>>  compensated for their time and effort with small incentives such  
>> as a chance to participate in a prize draw.
>>
>> Best regards
>>
>> Kathy Joe
>>
>> Issue 25: Possible exemption forresearch purposes covered by  
>> conditions for outsourcing and issue 34: Exemption for aggregated  
>> data
>> An exemption for research purposes is not required as this is  
>> covered under conditions for outsourcing 3.6.1.2.1 where user’s co 
>> nsent is required for cross-site tracking or issue 34, exemption f 
>> or aggregated data.
>>
>> Description: The first party site has an agreement with a research  
>> company to serve an invitation to a user as a result of something  
>> they have done on the site, eg visited a travel section. The user  
>> has a first party relationship with the site.
>>
>> Suggestion: Site users’ individualised data can be collected with  
>> permission, the use of the data cannot be applied in an interactiv 
>> e way and no products or services are offered to respondents on th 
>> e basis of their individual responses. The researcher and sponsor  
>> use theinformation gathered strictly for research purposes. Resear 
>> chers aggregate research data and when reported, the data is de-id 
>> entified and cannot be linked to a specific user, computer or devi 
>> ce. Any disclosures of identifiable research data must be used str 
>> ictly for research purposes and with respondent consent.
>>
>> If the respondent consents to be tracked, the data that is shared  
>> with the client is anonymised and aggregated in such a way that no  
>> discernable patterns can be attributed to a single individual.
>>
>> Online surveys are usually interactive with the site user  
>> indicating their consent (YES) and not filling them (or pressing  
>> the "no" button) is equivalent to NO (meaningful interaction). Ie  
>> explicit yes or no.
>>
>> Example and use cases: A site user is browsing a site. If they  
>> fulfil certain criteria, they may be served a pop up invitation  
>> which they may choose to click through to accept in which case the  
>> research company would then become the first party. The research  
>> company may ask to be granted an exception, site-specific or cross- 
>> site. The data collected would be aggregated in the results as the  
>> research company is not interested in identifying that particular  
>> person.
>>
>> Opt back in for panel members who have DNT - see 4.3.1: how should  
>> a tracking reference interact with user over-rides of the tracking  
>> compliance, Issue 27: How should the “opt-back in” mechanism be  
>> designed?
>> Description: Research panel member eg Suppress DNT because there is  
>> a contractual agreement with the user (ie users have a pre-existing  
>> agreement to be tracked)
>> Panel Members are individual users that have expressed the desire  
>> to be part of a research study and/or group as part of a behavioral  
>> tracking research program which would need to over-ride the DNT  
>> standard. We introduce this to distinguish it from a site-specific  
>> exemption which may represent a desire/preference whereas a panel  
>> member relationship represents a contractual obligation with the  
>> research organization that may cover different domains.
>>
>>
>>
>> Kathy Joe
>> Professional Standards & Public Affairs Director
>>
>> <image002.jpg>
>>
>>
>> Eurocenter 2, 11th floor
>> Barbara Strozzilaan 384
>> 1083 HN Amsterdam
>> The Netherlands
>> Tel: +31 20 664 2141
>> Fax: +31 20 664 2922
>> www.esomar.org
>>
>>
>>
>>
>> From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
>> Sent: 09 February 2012 01:41
>> To: Jules Polonetsky
>> Cc: 'Alan Chapell'; public-tracking@w3.org
>> Subject: Re: Issue 115, exemptions, best practices
>>
>> It's a panel, which is distinct from user impact/expectations.   
>> That is covered by research issue.
>>
>>
>> On Feb 8, 2012, at 6:24 PM, Jules Polonetsky wrote:
>>
>>
>> Here is a current example of users being paid for tracking
>>
>> http://www.huffingtonpost.com/2012/02/08/google-screenwise-project_n_1263128.html?ref=tw
>>
>> From: AlanChapell [mailto:achapell@chapellassociates.com]
>> Sent: Wednesday, February 08, 2012 3:59 PM
>> To: Jeffrey Chester
>> Cc: public-tracking@w3.org (public-tracking@w3.org)
>> Subject: Re: Issue 115, exemptions, best practices
>>
>> Jeff -
>>
>> If we're starting with the premise that any attempt to get a User  
>> to agree to an exemption is undermining User intent, we're going to  
>> have trouble finding common ground. Are there ANY mechanisms for  
>> providing a reward for the User's agreement to an exemption that  
>> are acceptable to you? What about providing additional free content  
>> inexchange for an exemption? Is that ok?
>>
>>
>> Cheers,
>>
>> Alan Chapell
>> Chapell & Associates
>> 917 318 8440
>>
>>
>> From: Jeffrey Chester <jeff@democraticmedia.org>
>> Date: Wed, 08 Feb 2012 15:50:09 -0500
>> To: Alan Chapell <achapell@chapellassociates.com>
>> Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org 
>> >
>> Subject: Re: Issue 115, exemptions, best practices
>>
>> Alan:  As you know, online marketing practices are designed to  
>> process users to agree to opt-in and data practices.  What I wrote  
>> below are just a few of the practices used by the leading co's and  
>> many others.  If a users decision on DNT is not to be undermined,  
>> we must ensure that practices are incorporated the permit fair user  
>> choice.
>>
>>
>>
>>
>> Jeffrey Chester
>> Center for Digital Democracy
>> 1621 Connecticut Ave, NW, Suite 550
>> Washington, DC 20009
>> www.democraticmedia.org
>> www.digitalads.org
>> 202-986-2220
>>
>> On Feb 8, 2012, at 3:23 PM, Alan Chapell wrote:
>>
>>
>>
>> Jeff – In looking at what you've provided here, I'm a bit concerne 
>> d that you are dictating the terms that a website has with its vis 
>> itors. Can you share the rationale for each of these – and specifi 
>> cally, what you are trying to guard against?
>>
>> Alternatively, I'm happy to have a one-off discussion on this topic  
>> on Friday early AM with Ninja and Jim.
>>
>>
>> Cheers,
>>
>> Alan Chapell
>> Chapell & Associates
>> 917 318 8440
>>
>>
>> From: Jeffrey Chester <jeff@democraticmedia.org>
>> Date: Wed, 08 Feb 2012 14:05:40 -0500
>> To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org 
>> >
>> Subject: Issue 115, exemptions, best practices
>> Resent-From: <public-tracking@w3.org>
>> Resent-Date: Wed, 08 Feb 2012 20:08:56 +0000
>>
>>  https://www.w3.org/2011/tracking-protection/track/issues/115
>>
>> [I await input from Ninja, Alan and Jim]
>>
>>
>>
>> Best Practices for sites to manage exemptions should include:
>>
>> A site must provide accurate information to users on the actual  
>> data collection and use practices of the site.  This should include  
>> all information used for tracking, targeting, sales of profiles.
>> A site should not suggest that the ability to access information is  
>> dependent on blanket acceptance of a site's data practices.
>> A site should not use "immersive" multimedia applications designed  
>> to foster opt-in as a way to encourage a user agreeing to an  
>> exemption.
>> A site should not use a special landing page that has been designed  
>> principally to convert a user to agree to permit an exemption.
>> A site should not use social media marketing to urge a user to ask  
>> their "friends" to approve exemptions.
>> A site should not offer rewards and incentives for a user to  
>> approve of an exemption.
>>
>>
>
Received on Monday, 13 February 2012 16:35:39 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:25 UTC