Fwd: Letter to EU W3C Members - Urgent; please distribute V06

FYI: I received some further suggestions (e.g. from Shane, David, Rob,
and Alexandra from W3C) and tried to address them in subsequent versions.
This is the final version that has been submitted for distribution.


-------- Original-Nachricht --------
Betreff: 	Letter to EU W3C Members - Urgent; please distribute V06
Datum: 	Thu, 01 Sep 2016 10:26:15 +0200
Von: 	Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
An: 	Alexandra Lacourba <alex@w3.org>, bgidon@w3.org



Hi Bernard,

thanks a lot! Enclosed is the final version. Please distribute the email
below the line. I will add a session description to the wiki.

Regards,
matthias



-------------------------------

Subject: TPAC Session: Privacy compliance in the EU using W3C Tracking
Protection (TPAC early registration ends Sept 02)



Dear W3C Members in Europe,



we believe that the emerging EU privacy regulations may impact cookie
handling and tracking. We also believe that our recommendations have the
potential to simplify compliance with these regulations.


The W3C Tracking Protection Working group (TPWG
https://www.w3.org/2011/tracking-protection/) has completed two W3C
Candidate Recommendations:
 1. "Tracking Preference Expression (TPE)" allows users to express
    preferences whether to constrain or allow web-tracking and defines
    how web-sites should respond (https://www.w3.org/TR/tracking-dnt/)
 2. "Tracking Compliance and Scope (TCS)" provides guidance
    for web-sites on how to respect these preferences
    (https://www.w3.org/TR/tracking-compliance/).
We believe that these W3C recommendations can simplify compliance in the EU.


! We invite you to join our breakout session on September 21 at TPAC in
Lisbon. !

The breakout is part of the technical plenary day and is scheduled
approx. 13-15h. Please register for TPAC via
  https://www.w3.org/2002/09/wbs/35125/TPAC2016/
(feel free to also join our WG Meeting on Thursday;
TPAC early registration ends September 02!).


The benefits we offer to W3C members in this session are:
    1. Learn how to implement the Tracking Protection recommendations.
    2. Share implementation experiences and ask questions
    3. Learn about and discuss (emerging) EU privacy regulations
    2. Provide feedback on the draft recommendations
    4. Discuss with us the future of the working group


Planned Agenda Items:
- Tutorial on EU Privacy Regulations (by Rob van Eijk; Technologist
  at the Dutch Privacy Authority)
- Tutorial: On Implementing TPWG (by Mike O'Neil, Baycloud Systems)
- Discussion: Implementers Forum
- Discussion: Feedback and Way Forward for TPWG

If you need any additional information, want to provide feedback, you
can email me at mts-std@schunter.org



Regards,
  Matthias Schunter, Intel Corp. (TPWG co-chair)
  on behalf of the W3C Tracking Protection Working Group



--- FYI Appendix: Background on EU Regulations by Rob van Eijk ---

(1) The European Data Protection Supervisor reviewing the ePrivacy
Directive specifically refers (p. 16) to Do Not Track, and says
"Adherence to accepted technical and policy compliance standards by all
parties concerned, including the operators of the website, should become
obligatory"

https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2016/16-07-22_Opinion_ePrivacy_EN.pdf

(2) The Article 29 Working Party issues its opinion with regards to the
ePrivacy review as well [1].

On DNT is says (p.17):
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2016/wp240_en.pdf

"The Working Party calls on the EC to pay special attention to the
position of news media, since they seem to be the heaviest users of
tracking cookies and cookie walls 18 . There is a clear democratic need
to ensure the economic survival of news media. However the EC should not
accept that news media impose invasive tracking of users. When consent
is the applicable legal basis, users must be provided with truly easy
(user friendly) means to provide and revoke consent. The Working Party
recommends rephrasing the requirements in the current Recital 66 of
Directive 2009/136/EC. Instead of relying on website operators to obtain
consent on behalf of third parties (such as advertising and social
networks), manufacturers of browsers and other software or operating
systems should be encouraged to develop, implement and ensure effective
user empowerment, by offering control tools within the browser (or other
software or operating system) such as Do Not Track (DNT), or other
technical means that allow users to easily express and withdraw their
specific consent, in accordance with Article 7 of the GDPR. Such tools
can be offered to the user at the initial set-up with privacy-friendly
default settings. Adherence to accepted technical and policy compliance
standards must become a common practice. In addition, website operators
should respect and adhere to browser control tools or other user
preference settings."

(3) The GDPR Regulation (EU) 2016/679 is here:
http://eur-lex.europa.eu/legal-content/NL/TXT/?uri=CELEX%3A32016R0679

Article 21, Right to object, 21(5). "In the context of the use of
information society services, and notwithstanding Directive 2002/58/EC,
the data subject may exercise his or her right to object by automated
means using technical specifications."

(4) The e-Privacy Directive is currently under review. The European
Commission's website about the consultation contains a background
Section that may read as a primer on this topic.
https://ec.europa.eu/digital-single-market/en/news/eprivacy-directive-commission-launches-public-consultation-kick-start-review.

Received on Friday, 2 September 2016 05:35:29 UTC