Re: Fw: New text Issue 25: Aggregated data: collection and use for audience measurement research from Kimon Zorbas on 2013-03-06 (public-tracking@w3.org from March 2013)

From: Kimon Zorbas <vp@iabeurope.eu>
Date: Wed, 6 Mar 2013 13:22:49 +0000
To: "Edward W. Felten" <felten@CS.Princeton.EDU>, Kathy Joe <kathy@esomar.org>
CC: Peter Swire <peter@peterswire.net>, Justin Brookman <justin@cdt.org>, "<public-tracking@w3.org>" <public-tracking@w3.org>
Message-ID: <A6072CC8-11F8-4604-837D-4069765CAFB8@iabeurope.eu>

Fair point to not distinguish between commercial and non-commercial research. We support including non-commercial research.

Kind regards,
Kimon

----- Reply message -----
From: "Edward W. Felten" <felten@CS.Princeton.EDU>
To: "Kathy Joe" <kathy@esomar.org>
Cc: "Peter Swire" <peter@peterswire.net>, "Justin Brookman" <justin@cdt.org>, "<public-tracking@w3.org>" <public-tracking@w3.org>
Subject: Fw: New text Issue 25: Aggregated data: collection and use for audience measurement research
Date: Wed, Mar 6, 2013 2:18 pm

Kathy, thanks for providing this language.

Echoing Rob, I would find it useful to have a clearer understanding of how your proposal would change what is allowed under the standard.   The existing or likely safe harbors for consent, first-party practices, and unlinkable data would apply regardless of whether there is a special permitted use for research.  To what extent does your proposal change the normative requirements of the standard relating to collection, retention and use of data?

The text as provided seems to mix normative requirements with non-normative descriptions of the current practices of some companies.  But I am not always clear on where the boundary lies.  For example, I take the 53-week retention as a description of current practices, rather than a requirement that data must be kept for at least 53 weeks.  On the other hand, the discussion of de-identification later in the same sentence is probably meant as normative.  It would be nice to separate the text into normative and non-normative sections.

Finally, if we are going to have a research exemption, I don't see why it should be limited to commercial research.  Non-commercial research should be allowed as well, such as independent research on privacy practices and the effects of DNT, as long as the same normative requirements are met.

On Wed, Mar 6, 2013 at 7:34 AM, Kathy Joe <kathy@esomar.org<mailto:kathy@esomar.org>> wrote:
Here below is the revised text for issue 25 discussed with Justin and others in the group with some modifications to take Justin's comments into account.

Information may be collected to create statistical measures of the reach in relation to the total population, and frequency of exposure of the content to the online audience, including paid components of web pages. One such method is through using a panel of users who have affirmatively agreed to have their media consumption and web surfing behavior measured across sites.

The panel output is calibrated by counting actual hits on tagged content and re-adjusting the results in order to ensure data produced from the panel accurately represents the whole audience. The counts must be pseudonomised. Counts are retained for sample, quality control, and auditing purposes during which time contractual measures must be in place to limit access to, and protect the data from other uses. A 53 week retention period is necessary so that month over month reports for a one year period may be re-run for quality checking purposes, after which the data must be de-identified. The counted data is largely collected on a first party basis, but to ensure complete representation, some will be third party placement. This collection tracks the content rather than involving the collection of a user's browser history.

The purposes must be limited to:

facilitating online media valuation, planning and buying via accurate and reliable audience measurement.

optimizing content and placement on an individual site.

Audience measurement data must be reported as aggregated information such that no recipient is able to build commercial profiles about particular individuals or devices.

To clarify a comment from Justin about auditing, note that  audience measurement systems (whether TV, radio, print or online) are usually managed or monitored by an independent body as
guarantee of accuracy with various stakeholders in a joint industry body defining what is needed to provide a robust and impartial system.

MRC handles this in the US whilst the JICWEBs reporting standards of ABC handles this in the UK and AGMA  is the German audit body. Here is
a longer list  http://www.i-jic.org/index.php?PHPSESSID=55143f172846ed39c7958cbeb837a85a
and here is ABC  http://www.abc.org.uk/PageFiles/50/Web%20Traffic%20Audit%20Rules%20and%20Guidance%20Notes%20version2%20March%202013%20master.pdf

Regards

Kathy Joe
ESOMAR

--
Edward W. Felten
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University
609-258-5906           http://www.cs.princeton.edu/~felten

Received on Wednesday, 6 March 2013 13:23:35 UTC