- From: Aleecia M. McDonald <aleecia@aleecia.com>
- Date: Sat, 3 Dec 2011 10:26:14 -0800
- To: Tracking Protection Working Group WG <public-tracking@w3.org>
Greetings, We have a number of issues on the compliance documentation with very good text, and a reasonable idea of roughly where we will find consensus. The editors are going to incorporate this text into the draft so we can see how it comes together as a document rather than just isolated pieces. They may make some changes or document places where we are still considering options, but we should expect to get these issues resolved and closed in the near future. After that we will walk through the text, reach consensus, and close out the issues. Editors are working on incorporating: Issue-19, Data collection / Data use (3rd party) Issue-49, Issue-72, Issue-73, Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party? Basic principle: independent use as an agent of a first party In order for analytics or other contracting to count as first-party: by contract, by technical silo, both silo and contract Issue-91, Might want prohibitions on first parties re-selling data to get around the intent of DNT Issue-101, What is a user? Add to definitions Issue-104, Could use a better definition of user agent, rather than browser We are still awaiting text from some open action items, and ideally they will be ready soon enough for the current editors' work. As mentioned on conference calls, I will ask TPWG members to write quick drafts of text for other issues. Then a second TPWG member will take a quick editing pass. The idea here is not to get perfection, but a solid starting point for group discussion. It is ok if the initial author and editor disagree -- please just write where there is disagreement, and we will work through it. The first set of issues we will address this way is: Issue-6, What are the underlying concerns? Issue-14, How does what we talk about with 1st/3rd party relate to European law about data controller vs data processor? Issue-15, What special treatment should there be for children's data? Issue-22, Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.) Issue-23 and Issue-34, Possible exemption for analytics Possible exemption for aggregate analytics Issue-24, Possible exemption for fraud detection and defense Issue-25, Possible exemption for research purposes Issue-28, Exception for mandatory legal process Issue-30, Will Do Not Track apply to offline aggregating or selling of data? Issue-31, Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions) Issue-32, Sharing of data between entities via cookie syncing / identity brokering Issue-35, Issue-52, Issue-53, Issue-56, Issue-57, Issue-58 How will DNT interact with existing opt-out programs (industry self-reg, other)? What if conflict between opt-out cookie and DNT? How should opt-out cookie and DNT signal interact? What if DNT is unspecified and an opt-out cookie is present? What if an opt-out cookie exists but an "opt back in" out-of-band is present? What if DNT is explicitly set to 0 and an opt-out cookie is present? Issue-36, Should DNT opt-outs distinguish between behavioral targeting and other personalization? Issue-39, Tracking of geographic data (however it's determined, or used) Issue-54, Can first party provide targeting based on registration information even while sending DNT Issue-65, How does logged in and logged out state work Issue-71, Does DNT also affect past collection or use of past collection of info? Issue-74, Are surveys out of scope? Issue-88, different rules for impression of and interaction with 3rd-party ads/content Issue-92, If data collection (even very specific with IP address, user agent, referrer) is time-limited, with very limited retention, is that still tracking? Total count of issues is 20. We have 46 members, as per http://www.w3.org/2000/09/dbwg/details?group=49311&public=1 Excluded: both co-chairs, the four editors on compliance, any anyone with an overdue action (Jonathan, Tom, Karl). We also have some W3C staff members and regulators who may not participate. This means a few people will both write a draft for an issue and edit a second issue. The big set of issues that is not part of this group of issue is how to have site-specific exceptions ("opt back in") which I think will be rather more work, both technically and in terms of how we might be able to support EU consent models. We will talk about that further as a group before trying to draft text. I had hoped to have requests out to draft authors already but I am running a bit behind. My next step is putting names to issues. Coming soon. Aleecia
Received on Saturday, 3 December 2011 18:26:36 UTC