W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

From: Alan Chapell <achapell@chapellassociates.com>
Date: Thu, 29 Mar 2012 11:50:03 -0400
To: Jeffrey Chester <jeff@democraticmedia.org>
CC: Shane Wiley <wileys@yahoo-inc.com>, Jonathan Mayer <jmayer@stanford.edu>, David Singer <singer@apple.com>, John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org(public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <CB99FB29.17E63%achapell@chapellassociates.com>
I think this is where the disconnect is, Jeff. I've provided my proposal
below.  If you can help me understand how my proposal doesn't get you where
you need to be, that would be helpful. Alternatively, I would encourage you
to submit your own proposal ­ but with the caveat that (at least my opinion)
it is not appropriate to use this forum to attempt to create an entirely new
set of pan-world standards for disclosures for digital media.

I think at this point I'd like to echo Shane's comments ­ and ask our
co-chairs to help us to understand the appropriate process where a large
number of the working group feels a topic is out of scope (and a small group
feels it is in scope).  Is there a way to take a straw poll to close on this
topic so we can get back to core issues at hand?

Thanks!


Cheers,

Alan Chapell
Chapell & Associates
917 318 8440


From:  Jeffrey Chester <jeff@democraticmedia.org>
Date:  Thu, 29 Mar 2012 11:29:39 -0400
To:  Alan Chapell <achapell@chapellassociates.com>
Cc:  Shane Wiley <wileys@yahoo-inc.com>, Jonathan Mayer
<jmayer@stanford.edu>, David Singer <singer@apple.com>, John Simpson
<john@consumerwatchdog.org>,
"public-tracking@w3.org(public-tracking@w3.org)" <public-tracking@w3.org>
Subject:  Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

We need to ensure meaningful consumer consent to the process, which requires
greater information conveyed to a user.  As well as ensuring usability of
the interface for meaningful consent.  I await to hear your proposal to
ensure that meaningful consent for exceptions is conveyed.

Thanks,

Jeff


Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009
www.democraticmedia.org <http://www.democraticmedia.org>
www.digitalads.org <http://www.digitalads.org>
202-986-2220

On Mar 29, 2012, at 11:14 AM, Alan Chapell wrote:

> Hi Jeff - 
> 
> We had gone over this issue back in February and (at the time at least) seemed
> closer to consensus than we seem to be at this point. I had proposed the
> following:
> 
> When seeking exemption when DNT:1 is sent sites should communicate those
> requests clearly, accurately and in line with consumer protection law(s) in
> the jurisdiction(s) in which they operate.
> 
> And you had indicated that "The core issue is point A--providing accurate
> information.  if we can address this in exemption process, we are there."
> 
> Please let me know if I'm mis-characterizing or otherwise mis-understanding
> what you were trying to get at ­ but it would helpful for me to understand
> whether my text suggestion gets you where we need to be ­ and if not, why not?
> 
> Thanks!
> 
> Cheers,
> 
> Alan Chapell
> Chapell & Associates
> 917 318 8440
> 
> 
> From:  Jeffrey Chester <jeff@democraticmedia.org>
> Date:  Thu, 29 Mar 2012 10:29:50 -0400
> To:  Shane Wiley <wileys@yahoo-inc.com>
> Cc:  Jonathan Mayer <jmayer@stanford.edu>, David Singer <singer@apple.com>,
> John Simpson <john@consumerwatchdog.org>,
> "public-tracking@w3.org(public-tracking@w3.org)" <public-tracking@w3.org>
> Subject:  Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
> Resent-From:  <public-tracking@w3.org>
> Resent-Date:  Thu, 29 Mar 2012 14:53:17 +0000
> 
> Informed consent, inc for exceptions, core issue. I look forward to the F2F
> discussion in 2 weeks on this topic.
> 
> thanks
> 
> Jeff
> 
> 
> 
> On 29 Mar 2012, at 07:31 AM, Shane Wiley <wileys@yahoo-inc.com> wrote:
> 
>> Jeff,
>> 
>> Where we disagree is that this is a key issue thatıs central to DNT.  I
>> believe youıre suggesting that DNT will not be viable due to 1st party
>> interactions with users through widgets based on specific elements of how
>> consent is obtained during a registration process.  This feels fairly fair
>> away from the core goals of DNT and not ³central to the viability² of our
>> work as a group.
>>  
>> I believe weıve agreed that for a 1st party to ignore the DNT signal when
>> theyıre in a 3rd party context they must either have:
>> ·         prior consent (this debate is on the specifics of how this works)
>> 
>> ·         a web-wide exception
>> 
>> ·         have ³meaningful interaction² with their Widget
>> 
>>  
>> My position is that weıve done a great job to get to this point and that the
>> details from this point forward are better left to local legal structures
>> that already have strong views on these issues (acceptable consent
>> paradigms).
>>  
>> - Shane 
>>  
>> From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
>> Sent: Thursday, March 29, 2012 12:57 AM
>> To: Shane Wiley
>> Cc: Jonathan Mayer; David Singer; John Simpson; public-tracking@w3.org
>> (public-tracking@w3.org)
>> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>  
>> This is a key issue central to the viability of DNT and whether it will have
>> any support from key constituencies. This is not a one sided conversation
>> and if Shane is suggesting industry unwilling to discuss reasonably key DNT
>> elements that is very disturbing.  We should address this issue at the F2F.
>> 
>> Jeff Chester
>> Center for Digital Democracy
>> Washington DC
>> www.democraticmedia.org <http://www.democraticmedia.org/>
>> Jeff@democraticmedia.org
>> 
>> On Mar 29, 2012, at 12:11 AM, Shane Wiley <wileys@yahoo-inc.com> wrote:
>>> 
>>> Jonathan,
>>>  
>>> We can agree to disagree on the details.  I believe for us to meaningfully
>>> take a deep dive into ³consent standards² would be another working group
>>> effort that would deservedly take several months if not more to tease
>>> through all the details this significant of a topic would require.  I would
>>> recommend academics and advocates perhaps come together to publish a paper
>>> of what you believe ³appropriate consent² models should be.  I continue to
>>> believe this is not within the scope of the working group (out of band is
>>> out of scope for this group to address).  If youıre comfortable having a
>>> one-sided conversation on the topic (without much industry involvement),
>>> then please continue.
>>>  
>>> Co-Chairs,
>>>  
>>> Iıd like to understand the appropriate process where a large number of the
>>> working group feels a topic is out of scope (and a small group feels it is
>>> in scope).  Is there a way to take a straw poll to close on this topic so we
>>> can get back to core issues at hand?
>>>  
>>> Thank you,
>>> Shane
>>>  
>>> From: Jonathan Mayer [mailto:jmayer@stanford.edu]
>>> Sent: Thursday, March 29, 2012 12:03 AM
>>> To: Shane Wiley
>>> Cc: David Singer; John Simpson; public-tracking@w3.org
>>> (public-tracking@w3.org)
>>> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>>  
>>> Consent standards are plainly within the group's charter.  Shane is wrong on
>>> this point.
>>>  
>>> As for whether we should specify consent standards: yes, we should.  Some of
>>> the issues that could arise if we don't:
>>>  
>>> -A U.S. website may circumvent U.S. user preferences wholesale by stuffing
>>> an exception clause in its privacy policy.
>>> -A U.S. website may circumvent U.S. user preferences near-wholesale by
>>> stuffing a default exception in signup or login flow.
>>> -Regional DNT implementations could fragment.  U.S. websites and users might
>>> live in a world of privacy policy gotchas; EU/Canada websites and users
>>> would have to use browser APIs and other more explicit choice mechanisms.
>>>  
>>> I don't follow how conversations on consent standards are "wasteful."
>>> There's been good discussion on the list and even better discussion
>>> off-list.
>>>  
>>> In sum, specifying consent standards is in scope, essential, and proceeding
>>> apace.
>>>  
>>> Jonathan
>>>  
>>> On Mar 28, 2012, at 8:12 PM, Shane Wiley wrote:
>>> 
>>> 
>>> 
>>> I respectfully but strongly disagree with you both.  It is FAR outside the
>>> scope of this working group to attempt to define what is and is not
>>> permissible in a registration process or an out-of-band consent event.  In
>>> my opinion, this is wasteful for the working group to continue to explore.
>>> Please leave these details to regional laws and letıs get back to the core
>>> business of DNT.
>>>  
>>> Thank you,
>>> - Shane
>>>  
>>> From: David Singer [mailto:singer@apple.com]
>>> Sent: Wednesday, March 28, 2012 7:54 PM
>>> To: John Simpson
>>> Cc: public-tracking@w3.org (public-tracking@w3.org)
>>> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>>  
>>>  
>>> On Mar 28, 2012, at 16:43 , John Simpson wrote:
>>> 
>>> 
>>> 
>>> 
>>> I would think that the default would be that if I have enabled DNT:1, I
>>> could not be tracked by a widget even if logged into the site, unless I
>>> interacted with the widget when it was a third party, right?
>>>  
>>> Yes, I think the default would be to respect the sent DNT signal - don't
>>> track me unless I interact.  Being logged in PLUS expressing a permission
>>> would be needed to do more than that.
>>> 
>>> 
>>> 
>>> 
>>>  
>>>  
>>> On Mar 28, 2012, at 4:35 PM, David Singer wrote:
>>> 
>>> 
>>> 
>>> 
>>>  
>>> On Mar 28, 2012, at 16:22 , John Simpson wrote:
>>> 
>>> 
>>> 
>>> 
>>> David,
>>>  
>>> I'm trying to understand what your suggesting.  Is this essentially  the
>>> scenario you have in mind:  When I register for a service and login I would
>>> be presented with a series of choices of how the site's widgets would
>>> interact with me when I'm off the site.  If one explicit preference was
>>> track me, then that would be OK if I had checked it.  Another option might
>>> be JC's goal of show me my friends' likes, but don't show them mine.  I
>>> suppose another could be Do Not Track me unless I explicitly interact with
>>> the widget...  Is the sort of scenario you have in mind?
>>>  
>>> Yes, that's it. I think we need to consider whether this choice needs to be
>>> separately offered to the user, not set for everyone by the service and
>>> bundled into the overall policy.
>>> 
>>> 
>>> 
>>> 
>>>  
>>> Thanks,
>>> John
>>>  
>>>  
>>> On Mar 28, 2012, at 3:51 PM, David Singer wrote:
>>> 
>>> 
>>> 
>>> 
>>> There are several levels to disconnecting yourself from a service:
>>> 
>>> 1 logout;
>>> 2 uncheck the 'remember me' so that your identity is no longer remembered;
>>> 3 delete cookies etc. just in case there is a lingering cookie that still
>>> remembers you;
>>> [4 start using TOR :-(]
>>> [5 go off-the-net :-(]
>>> 
>>> I actually have experimented with myself, trying to do up to (1), (2) or
>>> (3), and I found it a pain in the neck. So, as Shane says, let's focus on
>>> 'consent'.
>>> 
>>> The model I am exploring is saying that the consent to being tracked when
>>> logged-in or remembered needs to be a distinct, separate, choice for the
>>> user - which, as you say, gives the user more flexibility.  In this model,
>>> that consent cannot be simply "well, you agreed to our policy and here it is
>>> on page 8", because that's (a) hard to find for most users and (b) IMHO,
>>> insufficiently granular; it basically says you have to stop using the
>>> service if you don't want 'social buttons' to track you, which is harsh (and
>>> for many users, not a meaningful choice).
>>> 
>>> As I say, I am not terribly keen on the rather subtle option "yes, you can
>>> know who I am and tell me about my friends, but no, you cannot track what I
>>> am doing (and hence, not tell my friends about it)" -- I fear it's rather
>>> subtle, but it seems to be what JC prefers. I don't see a problem with
>>> offering it as an option such as "Identify me and tell me relevant info, but
>>> don't record anything about me".
>>> 
>>> so, here is a strawman:
>>> 
>>> ³User registration and login often are bundled with a set of preferences for
>>> the user.  If a preference directly address interactions with users off of
>>> the 1st parties direct web site, such as through Widgets or other
>>> interactions with a user in a logged-in or 'remembered' state, in an open
>>> and transparent manner, then this is considered an out-of-band user consent
>>> and DNT requests may be met with a response that consent has been given, and
>>> tracking to the extent expressed by the preference performed.²
>>> 
>>> On Mar 28, 2012, at 8:30 , JC Cannon wrote:
>>> 
>>> 
>>> 
>>> 
>>> Iım more inclined to agree with Shane here. I always want to vote on the
>>> side of greater flexibility for the consumer.
>>>>  
>>>> David, by following your model I would have to click on the Like button to
>>>> determine if my friends Liked an article, at the same time permitting FB to
>>>> track me, which is what I donıt want. Show me how in your model I can have
>>>> the level of flexibility and privacy I describe.
>>>>  
>>>> JC
>>>>  
>>>> From: Shane Wiley [mailto:wileys@yahoo-inc.com]
>>>> Sent: Tuesday, March 27, 2012 7:52 PM
>>>> To: David Singer; public-tracking@w3.org (public-tracking@w3.org)
>>>> Subject: RE: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>>>  
>>>> David,
>>>>  
>>>> I disagree that asking users to manage their logged-in state is a
>>>> non-starter.  What leads you to that conclusion?  Facebook charges
>>>> $700K/day to post an ad on their logout page.  J  (I hope Iıve quoted that
>>>> from recent press articles correctly.)
>>>>  
>>>> But I believe thatıs a red herring for this discussion and would instead
>>>> focus on the ³consent² element.
>>>>  
>>>> First, I didnıt intend to state that UAs wonıt continue to send DNT:1 for a
>>>> logged-in user, Iım stating that if its sent and the party has out-of-band
>>>> consent from the user for tracking in that circumstance that the DNT signal
>>>> will be ignored.  Also, why are we discussing cookies here?
>>>>  
>>>> Second, on the concepts of bundling and product features, while I agree
>>>> that ³open and transparent² notices are best practice, I donıt believe itıs
>>>> appropriate for this group to attempt to set standards of acceptable
>>>> consent paradigms that will vary significantly based on situation.  As
>>>> weıve discussed on similar topics, itıs more appropriate to allow local
>>>> legal structures to continue to manage the required level of disclosure.
>>>> For example, in the US we have the Sears Consent Order to draw upon.
>>>>  
>>>> Iıd ask that we focus on the core issues with DNT and resist the temptation
>>>> to solve the broader set of online privacy debates in one pass.
>>>>  
>>>> Thank you,
>>>> - Shane
>>>>  
>>>> From: David Singer [mailto:singer@apple.com]
>>>> Sent: Tuesday, March 27, 2012 7:50 PM
>>>> To: public-tracking@w3.org (public-tracking@w3.org)
>>>> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>>>  
>>>>  
>>>> On Mar 27, 2012, at 5:54 , Shane Wiley wrote:
>>>>  
>>>>  
>>>> Per my action item from last week, here is a position statement with
>>>> respect to setting new business rules for ³logged-in users² with respect to
>>>> personalization off of the 1st party site and DNT.
>>>>  
>>>> ³User registration and login often are bundled with a set of sign-up flow
>>>> notices, Terms of Service, and Privacy Policy by which a 1st party will
>>>> operate.  If these notices directly address interactions with users off of
>>>> the 1st parties direct web site, such as through Widgets or other
>>>> interactions with a user in a logged-in state, in an open and transparent
>>>> manner, then this is considered an out-of-band user consent and DNT signals
>>>> will be ignored.²
>>>>  
>>>> Shane
>>>>  
>>>> I don't think we can tell users "if you want privacy, remember to log out
>>>> all the time".  That's a non-starter. So I agree, a general "logged-in
>>>> exception" doesn't fly, for me.
>>>>  
>>>> Nor do I think we can tell UAs "don't send cookies with DNT:1" because then
>>>> trivial things will stop working (e.g. a cookie that selected the language
>>>> or size of the 'like' button itself).  Sites will have to expect to get DNT
>>>> and cookies, and we need to say what that means if the cookies are actually
>>>> identifying the user.
>>>>  
>>>>  
>>>> I think the text needs to be more explicit, and say that permitting the
>>>> site to track the user has to be a distinct choice, not 'bundled' with any
>>>> other (e.g. a check-box in the preferences).  Otherwise I fear that sites
>>>> will say that merely by signing up you made that choice.  I would prefer it
>>>> not even be a choice, I think, but I am open to debate.
>>>>  
>>>> Otherwise, what Jonathan has said holds - that if you set DNT, and not the
>>>> preference (if any), then you'll need to interact directly with the third
>>>> party before they will recognize you and track you. I don't think it's too
>>>> bad; click on the button, and now it can track you, for example.
>>>>  
>>>> Treating me as someone you know, but about whom you *remember* nothing, is
>>>> intriguing but (IMHO) excessively subtle.
>>>>  
>>>>  
>>>> David Singer
>>>> Multimedia and Software Standards, Apple Inc.
>>> 
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>>> 
>>> 
>>> 
>>>  
>>> ----------
>>> John M. Simpson
>>> Consumer Advocate
>>> Consumer Watchdog
>>> 1750 Ocean Park Blvd. ,Suite 200
>>> Santa Monica, CA,90405
>>> Tel: 310-392-7041
>>> Cell: 310-292-1902
>>> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org/>
>>> john@consumerwatchdog.org
>>>  
>>>  
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>>>  
>>>  
>>> ----------
>>> John M. Simpson
>>> Consumer Advocate
>>> Consumer Watchdog
>>> 1750 Ocean Park Blvd. ,Suite 200
>>> Santa Monica, CA,90405
>>> Tel: 310-392-7041
>>> Cell: 310-292-1902
>>> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org/>
>>> john@consumerwatchdog.org
>>>  
>>>  
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>>>  
Received on Thursday, 29 March 2012 15:50:49 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC