W3C home > Mailing lists > Public > public-tracking@w3.org > September 2012

Re: ACTION-255: Work on financial reporting text as alternative to legal requirements

From: Alan Chapell <achapell@chapellassociates.com>
Date: Mon, 24 Sep 2012 12:38:43 -0400
To: Nicholas Doty <npdoty@w3.org>
CC: <public-tracking@w3.org>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
Message-ID: <CC84EC73.21730%achapell@chapellassociates.com>
ACTION-255: Work on financial reporting text as alternative to legal
requirements

Hi Alan,

HEY NICK ­ THANKS. ANSWERS IN CAPSŠ

Thanks for sharing this text (and sorry we didn't get a chance to talk about
it earlier during drafting).

As I understood the discussion from the call on the 12th, the goal here was
to find a proposal that would allow retention related to proof of billing
for contracts without letting contracts override any requirements the spec
has for compliance. My proposal (based on past discussions within the group)
was to rely on the requirements of financial reporting laws rather than
going into specific details in this specification about particular billing
terms.

THE CHALLENGE TO RELYING  SOLELY UPON FINANCIAL REPORTING LAWS IS THAT THERE
ARE OTHER REQUIREMENTS THAT EXIST THAT ARE IN ADDITION TO THOSE CREATED
UNDER LAW. 

A couple of questions on reading the below:

Would this proposal prohibit retention and use of user browsing data for
behavioral targeting of online ads? If I sign a contract that I will only
show a particular ad to users who previously visited a certain set of web
pages, would I then be permitted regardless of DNT signal to retain and use
any information from requests in order to verify that an ad is only shown to
such visitors? Or to bill differently for visitors who had visited certain
sites in the past? 

I'M NOT INTENDING TO ALLOW SOMEONE TO OVERRIDE DNT SIMPLY BY ADDING 'WE
DON'T HAVE TO HONOR DNT' IN CONTRACT TERMS. PERHAPS WE CAN CLARIFY THAT IN
NON-NORMATIVE LANGUAGE.

Similarly, your final example is a case of remarketing or retargeting -- as
I understand it, you're suggesting that ad networks must continue to retain
data of who saw which ad where so that they can confirm that a certain ad is
only shown to visitors who had previously seen a particular ad on a
particular site. I was under the impression that the group had certainly
agreed that alteration of future requests based on past requests on other
sites would generally be prohibited.

THE FINAL EXAMPLE IS A REAL WORLD EXAMPLE. I RAISED IT ON THE CALL A FEW
WEEKS AGO AND ALEECIA ASKED ME TO DOCUMENT IT. FRANKLY, I'M STILL WORKING
THROUGH EXACTLY HOW WE ADDRESS IT. IF A CONSUMER ENABLES DNT AFTER THEY HAVE
SEEN THE RETARGETED AD BUT PRIOR TO THE REQUEST FROM THE PCMCP, THE AD
NETWORK THAT SERVED THAT AD WOULD NEED TO PROVIDE PROOF TO THEIR AD AGENCY
AND THE PCMCP. "SORRY, WE CAN'T HELP YOU BECAUSE THAT USER TURNED ON DNT" IS
UNLIKELY TO BE AN ACCEPTABLE ANSWER.

I'm also curious about the "subsequent action or conversion" purpose and
corresponding post-impression conversion example. Does retention of data
about a request and correlation of that data with other requests on other
sites qualify as data to confirm that a "request met various criteria set
forth by the contract"? I would generally be afraid that it would be hard to
explain to users that their browsing activity was being tracked under DNT:1
because certain contracts granted different financial terms based on past or
future online activity.

THE SUBSEQUENT ACTION OR CONVERSION PURPOSE IS IMPORTANT TO THE COST PER
ACTION MODEL. BROOKS HELPED WITH THIS LANGUAGE SO HE MAY WANT TO EXPLAIN
FURTHER.

ALSO, REGARDLESS OF THE DEFINITIONS WE ULTIMATELY CHOOSE, USER ACTIVITY IS
GOING TO BE TRACKED ­ FOR EXAMPLE, UNDER ONE OF THE ENUMERATED EXCEPTIONS.
I'M A BIT UNCOMFORTABLE GOING TOO FAR DOWN THE "HOW DO WE EXPLAIN XXXXX TO
USERS" WHEN WE'VE CLEARLY PUNTED ON THAT BY NOT REQUIRING THE BROWSERS TO DO
SO. 

I would like to hope that our permitted use text can avoid a detailed list
of which contractual practices are allowed and which are prohibited, but it
may be helpful to determine whether the group has a common understanding
there. I could certainly understand a concern that this form of proposal
would allow any contractual relationship to override a user's expressed
preference, which I don't believe to be our common intent.

I'M NOT SURE HOW ELSE WE APPROACH, BUT I'M OPEN TO SUGGESTIONS. KEEPING IT
HIGH LEVEL MAY WORK FOR SOME, BUT WILL UNDOUBTEDLY CAUSE HEARTBURN FOR
OTHERS IN THE WG.

THANKS NICK!

Thanks,
Nick

On Sep 19, 2012, at 8:42 AM, Alan Chapell <achapell@chapellassociates.com>
wrote:

> Good Morning,
> Here is the language we came up with. I'm on a plane. I'll be on IRC, but not
> the call until perhaps the end.
> 
> 6.1.1.5 Financial Logging and Auditing
> 
> Regardless of DNT signal, any information sent via the request may be
> collected, retained and used as a record that the request occurred and that
> the request met various criteria set forth by the contract or as terms of more
> standard industry audits used to determine the quality of impressions, clicks
> or actions.  This may include information used to verify:
> * Number and quality of ad impressions
>> * Basics of MRC audit and of all contracts
> * Unique visitors receiving impressions
>> * Typical contractual term
> * Number and quality of clicks
>> * Basic of MRC audit and of all contracts and vital to confidence in CPM
>> pricing
> * Unique visitors imparting clicks
>> * Basics of MRC audit and all contracts
> * Subsequent action(s) or conversion post click or impression
>> * Key to entire CPA billing model
> * Unique visitors engaging in post click or impression action or activity
>> * Key to entire CPA billing model
> * The degree to which ad ad was rendered
>> * MRC audit IAB standard contracts
> * Display time and user interaction with ad
>> * Contracts
> * Location on page where ad rendered
>> * Contracts
> * URL Location on which ad rendered
>> * Contract and used to ensure that ads are delivered on "inappropriate" sites
>> (per Alans' comments)
> 
> 6.1.1.5.1 Examples
> This section is non-normative.
> 
> A snow tire manufacturer, BigSnowTire Co, enters into a contract to buy 1
> billion ad impressions at $3 per thousand on BigPublisher to specific pages on
> BigPublisher's site to viewers in certain Northern US sites at a given time of
> day.  BigSnowTire Co uses a popular ad delivery tool to record IP address, Ad
> Unit Served , URL on which it was served, Time it was served (among other
> information) to ensure that the terms of its contract with BigPublisher were
> met.  Absent this data BigSnowTire Co would have no lasting record that
> significant financial outlay of $3million was correctly delivered.
> 
> A large law firm with a class action practice, DewyCheatim LLC, purchases CPM
> based advertising at a rate of $50 a click for keyword "classactionenoma" from
> a large search engine, BigSearch.  DewyCheatim uses a popular 3rd party tool
> provider to record click information including cookie, IP address, user agent
> and time stamp relating to the click to ensure that contract terms with
> BigSearch were met by retaining the ability to filter multiple clicks by the
> same end user, filter "low quality" clicks coming from competing law firm
> "AndHow LLC" or clicks potentially coming from BigSearch or its affiliates.
> 
> A large credit card agency, BigPlastic, offers a $100 bounty to all sites who
> run display ads featuring BigPlastic credit card offers where within 24 hours
> of a user's view of such ad or click on such ad, user visits BigPlastic.com
> <http://BigPlastic.com>  and signs up for a card.  BigPlastic.com
> <http://BigPlastic.com>  by contract retains the right to hold back such
> bounty if user later fails to qualify or use such card.  BigPlastic.com
> <http://BigPlastic.com>  retains a 3rd party ad service provider who, on
> BigPlastic's behalf, retains or supplies to BigPlastic, data which would allow
> such correlation to occur including IP, ReferringURL and unique cookie.
> 
> An industry group called the Prescription Medicines Code of Practice Authority
> (PCMCP) is charged with regulating certain aspects of  (among other things)
> pharmaceutical advertising in the UK.  An Advertising Network campaign was
> created and run for a U.S. based pharma company, Burtussion Pharmaceuticals.
> The site list for the campaign included ³News.co.uk <http://News.co.uk> ² a
> site that is widely viewed by people located across both the U.S. and Europe.
> A user located in the UK who was served an at from Burtussion on News.co.uk
> <http://News.co.uk>  took a snapshot and filed a complaint with the PMCPA as
> it was against the PMCPA Code for an American company to advertise an American
> prescription / Rx product in the UK. However, if the ad network could
> demonstrate that the User was a) located in the U.S. and b) had been
> previously served a Burtussion ad on a U.S. based site as part of this
> campaign, the likelihood of the PMCPA taking action would diminish greatly.
> 5000 UK impressions were served as part of a remarketing campaign. Six months
> after the campaign had run, PMCPA contacted the ad network, the ad agency and
> Burtussion as part of their investigation into the alleged breach of their
> code and requested (among other items): demonstrable proof that re-targeted
> viewers had to have seen the Burtussion Pharmaceuticals advertisement
> previously on a US site before they could be served the same advertisement on
> the UK based site. i.e. if the viewer saw the advertisement on the News.co.uk
> <http://News.co.uk>  website.  The ad network was asked to check its logs to
> confirm that those applicable Users have viewed the advertisement previously.
> The agency shared that the pharmaceutical company was facing fines, and that
> there¹s was a high potential that the issue would be escalated if the ad
> network didn¹t clarify the above points quickly.
> ·         
> 
> Alan
Received on Monday, 24 September 2012 16:39:44 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:34 UTC