- From: Lou Mastria <lou@aboutads.info>
- Date: Fri, 12 Jul 2013 17:02:06 -0400
- To: Peter Swire <peter@peterswire.net>, Alan Chapell <achapell@chapellassociates.com>, public-tracking@w3.org
- Cc: Nicholas Doty <npdoty@w3.org>
- Message-ID: <162e813e15b7d6e66ab748e4f6279a56@mail.gmail.com>
I seem to have run into the same issue…
Below, please find DAA’s submission in objection to the Editors’ Draft.
Please confirm receipt.
Thank you and have a good weekend.
Lou
The Digital Advertising Alliance (DAA) is gratified to be part of a
consensus solution regarding what constitutes effective consumer privacy
protection, in a transparent, forthright manner, as a participant in the
Tracking Protection Working Group. DAA believes that any next steps in the
process must incorporate technological specifications in “do not track”
signals in a manner that allows the Internet to remain innovative, open and
competitive to all, and facilitates programmatic support for privacy where
the consumer, himself or herself, is in control.
We thank the World Wide Web Consortium (W3C) for the opportunity to provide
comment on the current draft – and we will direct our comments on where we
believe real consensus can be achieved, and where it cannot. We embrace
W3C’s mission to facilitate the functionality of the Internet – and our
bias is toward enabling responsible information use of the Internet for
marketing purposes in a manner that affords to consumers both transparency
and choice in how data regarding their own Internet experiences are
collected and used.
The reality is that DNT has become conflated with a misperception that the
Internet can function without data being shared. There is a reality, too,
that we believe all of the Group agrees upon which says that this is not
the case – that this is simply hype. That being the case, the more prudent
approach is not to focus on data collection, but rather on responsible,
transparent and enforceable data use. Transparency, user choice and use
limitations are hallmarks of good privacy design. The industry consensus
proposal appropriately focuses on these core elements. The Editors’ Draft
does not.
DAA Representation Reflects a Broad Spectrum of Digital Display Advertising
Ecosystem
DAA represents a broad coalition of companies and organizations that serve
interest-based advertising (IBA) – also known as online behavioral
advertising, a thriving component of the Internet economy that enables
relevant advertising served to Internet users based, in part, on recent
page visits. IBA delivers 2X cpm to publishers (big and small) of Internet
content and services and consumers click on it 2X as much as more generic
forms of online ads – a true win-win. Such advertising helps to finance a
diverse Internet experience based on a device’s online activity, and in a
largely de-identified manner. Consumers can opt out of such activity by
visiting DAA’s Consumer Choice page – accessible in the United States
through www.aboutads.info and www.youradchoices.com, and replicated in
similar DAA-partner sites in 30 nations worldwide. Consumers are presented
this choice currently at a rate of 1 trillion times per month with
just-in-time notice.
Further, the DAA Principles which guide this program specify restrictions
on acceptable information use of online data, security, and, importantly,
independent enforcement. The Principles also apply to the mobile Web, and
will soon include guidance for mobile applications as well. Overall, the
program has been commended by the US White House, and achieved acknowledged
support from regulators in the US and the EU.
(One ministerial clarification…while Option A has come to be called the DAA
Proposal, it is important to note that this consensus approach was
developed and submitted by a an entire cross-section of responsible
industry entities who all seek to provide a pragmatic way forward that
achieves real privacy protections while continuing to support the ad-funded
Internet we’ve all come to love.)
The Editors’ Draft Needs Further Refinement to Protect Internet Diversity
in Content, Programmatic Support for Self-Regulation Worldwide, and Real
Privacy Protection for Consumers
DAA directs its remarks to three specific areas of concern in the Editors’
Draft.
We understand that other organizations represented among DAA’s leadership –
4A’s, American Advertising Federation, Association of National Advertisers,
Direct Marketing Association, Interactive Advertising Bureau, Network
Advertising Initiative – that are also TPWG participants may have
additional comments of their own, to which DAA also subscribes.
1. The Editors’ Draft appears to overreach by attempting to
eliminate a business model (interest-based ads) as a way to achieve a
privacy goal. The reality is that these two things are NOT mutually
exclusive…and, with the implementation of the DAA Principles, they
represent a quantum leap in privacy protection for consumers from the old
days of notice exclusively living in privacy policies. Furthermore, we
believe that proposals, such as browsing history aggregation scoring and
de-identification, demonstrate that ad customization can be achieved in a
privacy-friendly way, and that it may be possible to have a well-balanced
and tailored approach that advances privacy while preserving competition,
continuing to help ad-funded content and gaining a high rate of adoption.
Consumers are pragmatic toward relevant advertising – and understand the
value exchange that comes from having diverse content on the Internet that
is ad-funded. A recent (April 2013) Zogby poll, commissioned by DAA, shows
that:
• 92 percent of Americans think free content like news, weather
and blogs is
important to the overall value of the Internet
• 75 percent prefer ad supported content to paying for ad-free
content
• 68 percent prefer to get at least some ads Internet directed
at their interests
• 75 percent prefer to make their decisions about relevant
advertisements – not rely on decisions of governments of browser makers
• 40 percent prefer to get all their ads directed to their
interests
Such expectations of consumers need to be reflected and respected in the
TPWG process. Notice, choice and default do-not-track settings and
mechanisms need to remain in consumers’ hands, while enabling the Internet
to function with ad-supported content, with a bias toward the widest
diversity of content, the widest of diversity of sites and the widest
diversity of advertisers to enable such experiences for the consumer.
2. A balanced and narrowly tailored approach that solves
specific privacy concerns while maintaining competition and a diverse
Internet economy is much more likely to gain widespread adoption, and
ultimately benefit consumers with a net privacy gain through better
hygiene, de-linking and de-identification of data. The Editors’ Draft, even
though conceived after the May face to face meetings, did not include this
type of balanced provision. That is unfortunate and yet another reason why
the industry consensus proposal remains the best approach moving forward.
Furthermore, we already have a successful model in place for enforcing data
use compliance through the DAA. DAA would call on its program participants
to comply with a specification that met the twin goals of advancing privacy
and advancing the ad-funded internet. To date, 100-percent of enforcement
actions by DAA, among them 19 by the Council of Better Business Bureaus,
have been resolved successfully. That is effective enforcement with teeth.
3. The Editors’ Draft recommendation does not consider the
“tri-state approach” regarding data collection and permissible uses
reflected in the May 6-8, 2013, “consensus action summary.” This proposal
can provide heightened privacy protections while still allowing an
IBA-funded internet. A study by Professor Catherine Tucker of MIT Sloan
School of Management, regarding the EU e-Privacy Directive, shows that ad
performance suffers when interest-based ads are disallowed: ad performance
drops off by 65 percent. Barring interest-based ads would institutionalize
such advertising underperformance while affording no real consumer privacy
protection interest. Balance must be achieved between consumer privacy and
a thriving, diverse and free Internet – and the “tri-state approach”
enables this mutually-beneficial outcome.
Again, we thank W3C and TPWG for its efforts to balance all interests – but
to do so in a manner that protects overall Internet functionality,
productivity and diversity in a manner that supports consumer privacy
protection in its specifications while providing the ability for
legitimate, responsible and transparent business models that continue to
support ad-funded content.
*From:* Peter Swire [mailto:peter@peterswire.net]
*Sent:* Friday, July 12, 2013 12:48 PM
*To:* Alan Chapell; public-tracking@w3.org
*Cc:* Nicholas Doty
*Subject:* Re: procedure for posting comments today
Alan:
Ok. The link is now posted, so that worked.
For the group, this shows a back-up procedure if for some reason you have
trouble posting directly.
Thank you,
Peter
Prof. Peter P. Swire
C. William O'Neill Professor of Law
Ohio State University
240.994.4142
www.peterswire.net
Beginning August 2013:
Nancy J. and Lawrence P. Huang Professor
Law and Ethics Program
Scheller College of Business
Georgia Institute of Technology
*From: *Alan Chapell <achapell@chapellassociates.com>
*Date: *Friday, July 12, 2013 12:45 PM
*To: *Peter Swire <peter@peterswire.net>, "public-tracking@w3.org" <
public-tracking@w3.org>
*Cc: *Nicholas Doty <npdoty@w3.org>
*Subject: *Re: procedure for posting comments today
Hi Peter -
Thanks. I tried to submit my vote earlier, but it was rejected by the
system. It may have to do with the length. Nick kindly suggested that I
post it to the list, and then offer a link to my email in my response
(which I did).
Please let me know if it wasn't received.
Thanks!
*From: *Peter Swire <peter@peterswire.net>
*Date: *Friday, July 12, 2013 12:42 PM
*To: *Alan Chapell <achapell@chapellassociates.com>, "public-tracking@w3.org"
<public-tracking@w3.org>
*Cc: *Nicholas Doty <npdoty@w3.org>
*Subject: *procedure for posting comments today
Hello Alan and the group:
To make it as easy as possible to collect objections in one, viewable
place, we are asking that you post your comments/objections to the URL
below. It does require logging in as a working group member:
https://www.w3.org/2002/09/wbs/49311/datahygiene/
To view all comments/objections, click here:
https://www.w3.org/2002/09/wbs/49311/datahygiene/results
If you experience any technical problems in posting, you can send email to
the chairs and to Nick Doty, at npdoty@w3.org. This will assure that your
comments are considered as submitted in time. We can then assure that your
comments get posted.
This approach avoids duplicative emails to the list.
Thank you all,
Peter
Prof. Peter P. Swire
C. William O'Neill Professor of Law
Ohio State University
240.994.4142
www.peterswire.net
Beginning August 2013:
Nancy J. and Lawrence P. Huang Professor
Law and Ethics Program
Scheller College of Business
Georgia Institute of Technology
*From: *Alan Chapell <achapell@chapellassociates.com>
*Date: *Friday, July 12, 2013 12:30 PM
*To: *"public-tracking@w3.org" <public-tracking@w3.org>
*Subject: *Chapell - Objection to Editor's draft
*Resent-From: *<public-tracking@w3.org>
*Resent-Date: *Friday, July 12, 2013 12:31 PM
July 12, 2013
Peter Swire
Matthias Schunter
World Wide Web Consortium
32 Vassar Street, 32-G519
Cambridge, Massachusetts 02139
*Re: Tracking Protection Working Group July Vote*
Dear Peter & Matthias:
I’d like to thank the W3C and the co-chairs for the opportunity to provide
feedback to the June W3C Draft (“Editor’s Draft”). I recognize all of the
hard work that has gone into the Editor’s Draft.
However, I respectfully object to the Editor’s Draft, and strongly
encourage the W3C to use the industry consensus proposal (the “DAA
Proposal”) as a starting point for the TPWG’s continued work.
* *
*The Editor’s Draft is harmful to competition*.
The potential anti-competitive implications of this working group’s output
have been well documented. For example, during a recent hearing at the U.S.
Senate Commerce Committee, several of the committee members raised concerns
about the anti-competitive implications of DNT. Specifically, concerns were
raised about this working group picking winners and losers (Senator
Heller), and there were similar concerns that the W3C process may result in
bolstering a handful of giant Internet companies and ensuring everyone else
goes out of business (Senator McCaskill). Moreover, recent speeches by FTC
Commissioner Commission Olhousen raised anti-competitive concerns about
this process, and I’ve heard similar concerns coming from regulators within
the EU. It is worth noting that the FTC participation in this working group
has focused almost exclusively on privacy with very little mention of the
competitive impact of DNT.
For over two years, the approach of this working group has been to focus
almost exclusively on third-party data collection while imposing few limits
on larger entities. Under any implementation, data is going to be collected
when DNT=1 so it comes down to who gets to collect data and for what
purposes. Ceasing collection by third parties while barely curtailing first
party data collection does not provide consumers with meaningful privacy
protections under any objective analysis. And in light of recent events,
some analysts have noted that concentration of information in a small
number of large entities will have negative repercussions on personal
freedoms. (See
http://www.newyorker.com/online/blogs/elements/2013/06/why-monopolies-make-spying-easier.html
)
The Editor’s Draft continues this trend. I continue to be surprised that so
many working group members who hold themselves out as privacy advocates
have accepted this approach. The Editor’s Draft will negatively impact
competition in the Internet economy, without a positive net benefit to
users' privacy. By favoring first party business models and severely
curtailing third party players (who for the most part use pseudonymous
data, rather than the PII that most first parties hold), it would shift
marketplace incentives toward more first party data collection. The end
result will be less competition and more data collected and associated with
the personally identifiable information of consumers: a poor outcome by any
objective privacy standard.
Conversely, the DAA Proposal offers privacy-enhancing features (e.g.,
removal of the URL string when DNT=1) that are geared to address a core
concern raised by advocates and regulators while minimizing the
anti-competitive impact of DNT.
*Section 7 of the Editor’s Draft is unclear and conflates Opt-out with DNT*
As noted by other WG members, section 7 of the Editor’s Draft is confusing,
as it is not clear to which opt-outs the text is referring (user settings
for a specific site? Email marketing opt-outs?). Moreover, most opt-outs
choices are recorded utilizing third-party cookies. Any attempt to include
opt-out in a DNT spec is inappropriate without a corresponding requirement
that browser stop blocking third-party cookies.
* *
More importantly, industry self-regulatory opt-out mechanisms were always
intended to function separately from DNT. DNT is intended to be a global
standard, and the self-regulatory regimes focus on particular regions. I
(and other WG members) have concerns about including a reference to such
programs in a global specification where implementers may be in regions
where the self-regulatory program has not been deployed. Some members of
the working group have suggested that DNT should replace the industry
self-regulatory programs. However, this notion ignores the significant time
and resources invested in self-regulatory programs that were created in
consultation with regulators from multiple jurisdictions. The
self-regulatory programs are effective, while DNT is completely untested to
date. Throwing out the self-regulatory programs in favor of DNT at this
junction would be reckless and could harm consumer privacy interests.
Finally, and as described below, the volume of non-browser, non-user
activated DNT signals is growing at an alarming rate. Until DNT:1 signals
can be technically structured such that Servers have confidence they were
actually turned on by users, then equating DNT:1 to the industry opt-out
program is impractical.
*The Editor’s Draft does not offer any mechanism to address the
proliferation of invalid DNT signals*
By definition, many of the DNT signals being sent today are out of
compliance with the Editor’s Draft. This is not meant to be a criticism of
work done by the browsers to date. Rather, its meant as a simple
observation: that a significant number of DNT signals were enacted in a
manner that is out of compliance with the User Agent requirements contained
the Editor’s Draft (e.g., the disclosure guidelines in Section 3). In order
to mitigate this issue, the Editor’s Draft would need to essentially
require that all enactments of DNT be turned off (set to DNT:unset) so that
Users may reset them in a manner that meets the basic disclosure
requirements of the current spec.
Perhaps more concerning, the volume of non-browser, non-user activated DNT
signals is growing at an alarming rate. The cost of adding DNT:1 to the
header is very inexpensive from a technical perspective and we’ve seen
routers, anti-virus software, plug-ins and other tools set DNT=1 in ways
that violate basic standards of privacy. To use W3C co-chair Matthias
Schunter's phrase, we're seeing a proliferation of DNT signals "spraying"
into the ecosystem. While many of us are still hopeful solutions can be
found to contain the issue, the reality for the foreseeable future is that
we’ll continue to see DNT invalid implementations of DNT and are unlikely
to consistently be able to distinguish between valid and invalid DNT
implementations.
Some working group members have asserted that we should simply err on the
side of caution and treat all DNT signals as valid. However, I strongly
believe that this approach would violate long-standing privacy concepts
such as notice, choice, and transparency.
*The Editor’s Draft exempts browsers and other user agents from
prohibitions against tracking*
The Editor’s Draft does not prohibit user agents from either: a) taking URL
string to create segments to sell to advertisers (or others) for ad
targeting across the web, or b) enabling other entities to do so. To my
eyes, that type of behavior would be considered tracking and should be
prohibited by the spec. Unfortunately, it is not covered by the Editor’s
Draft. If others in the ecosystem are prohibited from tracking, it seems
fair and appropriate that we ensure that similar prohibitions are placed on
user agents.
*The Editor’s Draft will result in a low level of adoption*
The larger goal of all W3C initiatives is voluntary adoption by
implementers of the standard. Unfortunately, the Editor’s Draft suffers
from too many significant flaws that it is unlikely to be adopted by the
marketplace. The entities primarily covered by the proposed DNT standard --
third party online businesses – are unlikely to adopt and comply with the
approach in the Editor’s Draft, because it is over-broad and
anti-competitive, and would severely curtail their businesses without a
commensurate privacy benefit to consumers. A balanced and narrowly tailored
approach that solves specific privacy concerns while maintaining
competition and a diverse internet economy is much more likely to gain
widespread adoption, and ultimately benefit consumers.
Conversely, the DAA Proposal has a significantly greater chance of
receiving widespread adoption (admittedly, with some polishing). The
Editor’s Draft has so many flaws and non-starters for the intended
implementers it's not a useful baseline for continuing discussion,
especially in light of the DAA's proposal which is ostensibly much, much
closer to a form that would actually be accepted by intended implementers.
Hence, the DAA Proposal has a significantly greater chance of receiving
widespread adoption.
For the above reasons, I object to the Editor’s Draft and encourage the
chairs to move forward with the DAA Proposal.
Respectfully,
Alan Chapell
Chapell & Associates
Received on Friday, 12 July 2013 21:02:31 UTC