Letter to EU W3C Members - Urgent; please distribute from Matthias Schunter (Intel Corporation) on 2016-08-31 (public-tracking@w3.org from August 2016)

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Wed, 31 Aug 2016 08:43:35 +0200
To: Alexandra Lacourba <alex@w3.org>
CC: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>, Jeff Jaffe <jeff@w3.org>
Message-ID: <57C67C97.2040906@schunter.org>
Hi Alexandra,

enclosed is the email that I would like to distribute to the EU
membership. Drop me a line if I need to send it myself to some
distribution address.

Regards,
matthias


-------------------------------

Subject: TPAC Session: Privacy compliance in the EU using W3C Tracking
Protection (TPAC early registration ends Sept 02)



Dear W3C Members in Europe,


we believe that the emerging EU privacy regulations will impact cookie
handling and web tracking.

The W3C Tracking Protection Working group (TPWG
https://www.w3.org/2011/tracking-protection/) completed two W3C
Candidate Recommendations:
 1. "Tracking Preference Expression (TPE)" allows users to express
    preferences whether to constrain or allow web-tracking and defines
    how web-sites should respond (https://www.w3.org/TR/tracking-dnt/)
 2. "Tracking Compliance and Scope (TCS)" provides guidance
    for web-sites on how to respect these preferences
    (https://www.w3.org/TR/tracking-compliance/).
We believe that these W3C recommendations can simplify compliance in the EU.


We invite you to join our breakout session at TPAC on Wednesday on
September 21 in Lisbon! Please register at
   https://www.w3.org/2016/09/TPAC/
   (early registration ends September 02!).


The benefits we offer to W3C members in this session are:
    1. Learn how to implement the Tracking Protection recommendations.
    2. Share implementation experiences and ask questions
    3. Learn about and discuss (emerging) EU privacy regulations
    2. Provide feedback on the draft recommendations
    4. Discuss with us the future of the working group


Planned Agenda Items:
- Tutorial on EU Privacy Regulations (by Rob van Eijk; Technologist
  at the Dutch Privacy Authority)
- Tutorial: On Implementing TPWG (by Mike O'Neil, Baycloud Systems)
- Discussion: Implementers Forum
- Discussion: Feedback and Way Forward for TPWG

If you need any additional information, want to provide feedback, you
can email me at mts-std@schunter.org



Regards,
  Matthias Schunter, Intel Corp. (TPWG co-chair)
  on behalf of the W3C Tracking Protection Working Group



--- FYI Appendix: Background on EU Regulations by Rob van Eijk ---

(1) The European Data Protection Supervisor reviewing the ePrivacy
Directive specifically refers (p. 16) to Do Not Track, and says
"Adherence to accepted technical and policy compliance standards by all
parties concerned, including the operators of the website, should become
obligatory"

https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2016/16-07-22_Opinion_ePrivacy_EN.pdf

(2) The Article 29 Working Party issues its opinion with regards to the
ePrivacy review as well [1].

On DNT is says (p.17):
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2016/wp240_en.pdf

"The Working Party calls on the EC to pay special attention to the
position of news media, since they seem to be the heaviest users of
tracking cookies and cookie walls 18 . There is a clear democratic need
to ensure the economic survival of news media. However the EC should not
accept that news media impose invasive tracking of users. When consent
is the applicable legal basis, users must be provided with truly easy
(user friendly) means to provide and revoke consent. The Working Party
recommends rephrasing the requirements in the current Recital 66 of
Directive 2009/136/EC. Instead of relying on website operators to obtain
consent on behalf of third parties (such as advertising and social
networks), manufacturers of browsers and other software or operating
systems should be encouraged to develop, implement and ensure effective
user empowerment, by offering control tools within the browser (or other
software or operating system) such as Do Not Track (DNT), or other
technical means that allow users to easily express and withdraw their
specific consent, in accordance with Article 7 of the GDPR. Such tools
can be offered to the user at the initial set-up with privacy-friendly
default settings. Adherence to accepted technical and policy compliance
standards must become a common practice. In addition, website operators
should respect and adhere to browser control tools or other user
preference settings."

(3) The GDPR Regulation (EU) 2016/679 is here:
http://eur-lex.europa.eu/legal-content/NL/TXT/?uri=CELEX%3A32016R0679

Article 21, Right to object, 21(5). "In the context of the use of
information society services, and notwithstanding Directive 2002/58/EC,
the data subject may exercise his or her right to object by automated
means using technical specifications."

(4) The e-Privacy Directive is currently under review. The European
Commission's website about the consultation contains a background
Section that may read as a primer on this topic.
https://ec.europa.eu/digital-single-market/en/news/eprivacy-directive-commission-launches-public-consultation-kick-start-review.
Received on Wednesday, 31 August 2016 06:44:08 UTC