Small group proposal presented by MeMe/Ian from イアンフェッティ on 2012-06-21 (public-tracking@w3.org from June 2012)

From: イアンフェッティ <ifette@google.com>
Date: Thu, 21 Jun 2012 12:01:48 -0700
To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <CAF4kx8fOi782pYP9Xzc5HPGSpR_iFwfVafku4K5yboj+krFxEQ@mail.gmail.com>
Here's the slide we (MeMe+Ian) presented from our group in Thursday's f2f.
Rather than re-stating everything we said in the room, I will simply point
to the part of the scribed notes discussing our presentation:
http://www.w3.org/2012/06/21-dnt-irc#T18-39-20 (starting where JC scribes
"Meme: We decided that a flowchart was an effective way to present our
work")

Our scribing from the breakout small group session itself was a bit random
(we tried to pull it together to the slide we presented), but for posterity
it's included below.

*W3C

Start with a particular permitted use; third-party use of data attached to
an identifier
What are the responsibilities for first, third and outsourced parties?


Approaches we just discussed:
[10:05am] suegl left the chat room. (Ping timeout)
[10:06am] efelten left the chat room. (Ping timeout)
[10:06am] aleecia: No data collection
[10:06am] aleecia: Aggregate at the time of collection (OPT-OUT)
[10:06am] aleecia: Unidentifiable information after collection
[10:06am] aleecia: Siloing of data to a specific party
[10:06am] aleecia: Retention limits
[10:06am] aleecia: Use limitations
[10:06am] aleecia: Security
[10:06am] aleecia: Billing / financial
[10:06am] aleecia: Frequency capping
[10:06am] aleecia: Debugging
[10:06am] egrant joined the chat room.
[10:06am] aleecia: Transparency
[10:06am] aleecia: Internal legal / business controls
[10:06am] Chapell left the chat room. (Ping timeout)
[10:06am] aleecia: Internal technical controls
[10:06am] justin_ left the chat room. (Ping timeout)
[10:06am] aleecia: Auditing
[10:06am] aleecia: Disallowing specific (hard-coded) technologies (e.g.
LSOs)
[10:06am] aleecia: Active v. passive collection
[10:06am] vincent joined the chat room.
[10:07am] aleecia: Double-keyed cookies on the browser side
[10:07am] aleecia: Double-keyed cookies on the server side

What are the resp of first, third, and outsource parties?  looking for
different approaches

cxQ's to answer
how well advance privacy - what are the actual concerns of users and how do
each of these tools address those concerns

   - Profiling across the web
   - Uses of data that will have adverse impact (employment, insurance,
   credit)
   - Leaks of data (breach, subpoena, …)

How hard to implement
- small first parties
- large first parties
- large third parties

Likely to satisfy US reg, EU reg



Discussion:
What are the actual harms to users?
Just related to use? Discrimination, insurance, offers, etc.
 ND: trying to bridge with advocates, regulators, the public on
collection/retention limits

Bryan: Is unlinkable data actually valuable to OBA/others?
 valuable for analytics
may not matter what the individual is
re-targeting or re-messaging based on some other action from the Web
but we have agreement on not doing this kind of profiling already

is product improvement still possible even with non-DNT users?

Nick: Is there anything we can do on collection/retention? I hear from
regulators that anything we could do here would be huge.

Euan: I don’t think we can do that, varies so much in the world.

MeMe: Didn’t Shane’s proposal get this?

Euan, Ian: Transparency, but no hard limits.

Joanne Furtsch: Accountability

Vincent T:

Nick: User doesn’t really have a choice in terms of third parties, you
don’t know what third parties will be on the site.
 without blocking tools, which is something we’re trying to avoid

MeMe: How can third parties help?

Vincent: DNT with restrictions on third parties could help

MeMe: Then third parties have to do something different with the data, what
exactly

Nick: maybe we can convince that if data is retained for some purposes, and
won’t be retained beyond X...

MeMe: Is this “DNT:1 for third parties means you’re collecting only the
following (limited) information

Nick: Recognize data is retained and internally siloed and only used for
purpose X?

Ian: isn’t that shane’s proposal?

Joanne: Think we’re closer on the two viewpoints, really how to get away
from being overly perscriptive on permitted uses. Defining what is
reasonable that will satisfy both sides. Lot of agreement around permitted
uses (generally) and that data does need to be retained, devil’s in the
details.

Nick: for frequency capping, some companies might retain a history of where
you saw an ad in order to stop showing you the same ad
 in Keep My Opt Outs, you’re warned that you may see the same ad more
frequently, because some companies have accepted that they’ll remove an
identifier that they would otherwise use for freq. capping
Ian: we might remove one identifier (for behavioral marketing) but keep
another identifier that we use for other purposes
 but many companies apparently removed the identifier they used for freq.
capping

Bryan: maintain identifiers within one ad network but not shared across ad
networks in order to implement freq. capping across networks

Euan: ad networks and ad exchanges might in some cases share data in order
to implement freq. capping of a campaign across these networks
 Nick: and it might be possible to limit sharing this data

what are the 5 FTC goals? (we call over Ed)
 all trackers (universal)
easy to use
 persistent choice
all forms of tracking
 not just do not target, but also do not collect with narrow exceptions

Ian: use W3C mechanism/expression/and response and attach DAA/self-reg
principles
 Ed: could get you many, but not Do Not Collect vs. Do Not Target

MeMe: but showing the ad requires the collection

Ed: there are some permitted uses, ought to be narrow/limited
 collection and retention shrink wrapped around those uses
 do you need to keep it as long just for financial logging?

Ian: if I’m required by a contract to keep data for ad impression logging
 silo it, goes a long way towards reaching those goals
Ed: fruitful discussion to have

Aleecia: could have text, non-normative
 non-normative examples to avoid people just saying they need to keep it
forever

Ian: what is strictly necessary for those accounting purposes, those
security purposes

Joanne: parameters around which you can retain that information

how to do the siloing
 auditing, internal controls

have something collaborative with business, something that works for
business
the people who would lose would be outside of this room, like users
 want business to succeed and do something around privacy

MeMe: flow-chart, show an ad that isn’t targeted (and then collection and
retention only necessary for showing that ad)

Euan: offline data also a concern for advocates?

http://my.adobe.acrobat.com/meme*
Attachments

application/pdf attachment: DNT_Grand_Compromise.pdf
Received on Thursday, 21 June 2012 19:02:20 UTC