RE: June Draft of the DNT compliance spec

This is really determined by the browser vendor and or user setting if
"private browsing" (InPrivate, Incognito.)  is a session based or persistent
setting.  

 

From: Alan Chapell [mailto:achapell@chapellassociates.com] 
Sent: Thursday, June 13, 2013 7:07 AM
To: Justin Brookman; Craig Spiezle; David Singer
Cc: 'Shane Wiley'; 'Peter Swire'; public-tracking@w3.org
Subject: Re: June Draft of the DNT compliance spec

 

Thanks Justin. I was unaware of the Private Browsing feature. 

 

David, does Private Browsing turn on DNT automatically during a private
browsing session, and then turn it off automatically once the private
browsing session is over?

 

 

 

From: Justin Brookman <jbrookman@cdt.org>
Date: Monday, June 10, 2013 12:37 PM
To: Craig Spiezle <craigs@otalliance.org>
Cc: 'Shane Wiley' <wileys@yahoo-inc.com>, Alan Chapell
<achapell@chapellassociates.com>, 'Peter Swire' <peter@peterswire.net>,
<public-tracking@w3.org>
Subject: Re: June Draft of the DNT compliance spec

 

Previously, I thought we had agreement that selection of a special
privacy-protective product or setting could imply consent to send DNT:1
This agreement is currently reflected in the TPE in Section 3:
http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determin
ing.  For example, I believe that Safari turns on DNT:1 whenever someone
engages "Private Browsing" mode, despite no specific language about Do Not
Track: http://www.apple.com/safari/features.html

 

However, that language/agreement may have been subsumed by more recent
discussions.

 

On Jun 10, 2013, at 11:15 AM, "Craig Spiezle" <craigs@otalliance.org> wrote:





I apologize for possibly bringing up a closed issue, but do you see a
distinction between a browser or a privacy / security enhancing product?   I
agree with what is proposed by a browser, but see there might be other
scenarios where the consumer is making an implied decision when acquiring a
third party security / privacy add-on?.

 

Conceptually let's call the product Privacy and Data Protector which by
default out of the box offers "maximized protection of your data collection
and privacy".   Could one argue that one who purchases such a product in
effect is making an implied decision to use such functionality.  Better yet
Ad-Block Plus?    

 

 

 

 

 

From: Shane Wiley [mailto:wileys@ <http://yahoo-inc.com> yahoo-inc.com] 
Sent: Monday, June 10, 2013 7:17 AM
To: Alan Chapell; Peter Swire;  <mailto:public-tracking@w3.org>
public-tracking@w3.org
Subject: RE: June Draft of the DNT compliance spec

 

Friendly amendment suggestion:

 

".unless they have otherwise obtained consent from the user to do so."

 

- Shane

 

From: Alan Chapell [ <mailto:achapell@chapellassociates.com>
mailto:achapell@chapellassociates.com] 
Sent: Monday, June 10, 2013 6:31 AM
To: Peter Swire;  <mailto:public-tracking@w3.org> public-tracking@w3.org
Subject: Re: June Draft of the DNT compliance spec

 

Thanks Peter. I'm still generally uncomfortable that DNT doesn't place
requirements on First Parties. 

 

One item of particular concern that seems to have fallen off the radar is
the scenario where a party collects data in a first party context and
attempts to use it in a third party context when DNT is enabled. I thought
there was agreement on this issue. However, I keep raising it, and it
doesn't seem to make it into the drafts. Perhaps its implied in the language
". customize the content, services, and advertising in the context of the
first party experience." However, it is not clear enough, IMHO.

 

To address, I offer the following language to Section 4 (First Party
Compliance). The new language is below.

 

First Parties must not use data collected while a First Party when acting as
a Third-Party when DNT = 1. 

 

 

Nick - if I need to open up another issue on this, please let me know.
Thanks!

 

Alan

From: Peter Swire < <mailto:peter@peterswire.net> peter@peterswire.net>
Date: Monday, June 10, 2013 7:47 AM
To: " <mailto:public-tracking@w3.org> public-tracking@w3.org" <
<mailto:public-tracking@w3.org> public-tracking@w3.org>
Subject: June Draft of the DNT compliance spec
Resent-From: < <mailto:public-tracking@w3.org> public-tracking@w3.org>
Resent-Date: Mon, 10 Jun 2013 11:47:58 +0000

 

To the Working Group:

 

        Attached please find a June Draft of the compliance spec.  The spec
is also available at:

 

 
<http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.
html>
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.h
tml

 

This draft builds directly on the Consensus Action Summary from the
Sunnyvale F2F.  Working closely with W3C staff, and based on numerous
discussions with members of the WG, this June Draft is my best current
estimate of a document that can be the basis for a consensus document in
time for Last Call.

 

        The June Draft includes a number of grammatical and stylistic edits
to various provisions of the previous working drafts.  These sorts of edits
were done in hopes of adding clarity and good writing to the provisions.  In
the spirit of humility, W3C staff and I recognize that members of the WG may
spot substantive objections to these stylistic edits - let us work within a
constructive spirit of the working group process to examine and, where
appropriate, make changes to these edits.

 

        The Draft also addresses the four task areas included in the
Consensus Action Summary.  In proposing language in the June Draft, my
intent and belief was to make good substantive judgments about an overall
package that may achieve consensus, as well as item-by-item judgments about
what is substantively most defensible within the context of the WG.
Clearly, the group will need to work through each piece of the text, members
can suggest alternatives, and we will need to determine where and whether
consensus exists.

 

        The June Draft contains normative text but not non-normative text.
In part, this reflects my view that we have the best chance to work
constructively on a relatively short amount of normative text.  Proposed
non-normative text can be proposed for provisions in time for Last Call.  As
a potentially useful alternative, W3C has various mechanisms for publishing
notes or other documents that illuminate a standard.  The best time for
detailed discussion of most non-normative text quite possibly will be after
Last Call.

 

        The June Draft discusses only items that the W3C WG can address.
Clearly, the actions of others on these issues may be relevant to the
overall outcome.  For instance, the DAA has discussed changes to its code,
including on its market research and product development exceptions.   There
has been discussion of a potentially useful limit on any blocking of 3d
party cookies for sites that comply withDNT.  There may also be new and
useful technical measures that would be important to the future of
advertising in a privacy-protective manner.  The text here, as indicated,
addresses what would be within the compliance spec itself.

 

        W3C staff and I are working on further explanatory materials that
will seek to clarify the changes here, and link the June Draft to the issues
on the WG site.

 

        The regular call this Wednesday will be an opportunity for the Group
to have an initialdiscussion of the June Draft.  To give everyone a chance
to review this material, we will not be seeking to close compliance issues
during this Wednesday's calls.

 

        Thank you,

 

        Peter

 

 

 

Prof. Peter P. Swire

C. William O'Neill Professor of Law

           Ohio State University

240.994.4142

 <http://www.peterswire.net> www.peterswire.net

 

Beginning August 2013:

Nancy J. and Lawrence P. Huang Professor

Law and Ethics Program

Scheller College of Business

Georgia Institute of Technology