Agenda for 2011-09-28 TPWG call
Facebook tracking
tracking-ISSUE-88: different rules for impression of and interaction with 3rd-party ads/content [Tracking Preference Expression Definitions and Compliance]
Re: ISSUE-23 and ISSUE-34 (exemption for analytics and exemption for aggregate analytics)
ISSUE-87: Should there be an option for the server to respond with "I don't know what my policy is"
ISSUE-86: Do we have general extensibility capability for header response?
ISSUE-85: DOM property and its access generally and specifically to web apps
ISSUE-84: Do we need a JavaScript API / DOM property for client-side js access to Do Not Track status?
ISSUE-83: How do you opt out if already opted in?
ISSUE-82: Should the DNT header be extensible with additional parameters?
ISSUE-81: Do we need a response at all from server?
ISSUE-80: Instead of responding with a Link: header URI, does it make sense to use a well-known location for this policy?
ISSUE-79: Should a server respond if a user sent DNT:0?
ISSUE-78: What is the difference between absence of DNT header and DNT = 0?
ISSUE-77: How does a website determine if a first or third party and should this be included in the protocol?
ISSUE-76: Should a server echo the DNT header to confirm receipt?
ISSUE-75: How co companies claim exemptions and is that technical or not?
ISSUE-74: Are surveys out of scope?
ISSUE-73: In order for analytics or other contracting to count as first-party: by contract, by technical silo, both silo and contract
ISSUE-72: Basic principle: independent use as an agent of a first party
ISSUE-71: Does DNT also affect past collection or use of past collection of info?
ISSUE-70: Does a past HTTP request with DNT set affect future HTTP requests? (expiration)
ISSUE-69: Should the spec say anything about minimal notice? (ie. don't bury in a privacy policy)
ISSUE-68: Should there be functionality for syncing preferences about tracking across different browsers?
ISSUE-67: Should opt-back-in be stored on the client side?
ISSUE-66: Can user be allowed to consent to both third party and first party to override general DNT?
ISSUE-65: How does logged in and logged out state work
ISSUE-64: How does preference management work with DNT
ISSUE-63: Should there be a popup dialog or something like that which should override DNT?
ISSUE-62: The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context
ISSUE-61: A site could publish a list of the other domains that are associated with them
ISSUE-60: Will a recipient know if it itself is a 1st or 3rd party?
ISSUE-59: Should the first party be informed about whether the user has sent a DNT header to third parties on their site?
ISSUE-58: What if DNT is explicitly set to 0 and an opt-out cookie is present?
ISSUE-57: What if an opt-out cookie exists but an "opt back in" out-of-band is present?
ISSUE-56: What if DNT is unspecified and an opt-out cookie is present?
ISSUE-55: What is relationship between behavioral advertising and tracking, subset, different items?
ISSUE-54: Can first party provide targeting based on registration information even while sending DNT
ISSUE-53: How should opt-out cookie and DNT signal interact?
ISSUE-52: What if conflict between opt-out cookie and DNT?
ISSUE-51: Should 1st party have any response to DNT signal
ISSUE-50: Are DNT headers sent to first parties?
More details for tomorrow AM
ISSUE-49: Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party?
updated agenda for tomorrow
ISSUE-48: Response from the server could both acknowledge receipt of a value and (separately) whether the server will honor it
ISSUE-47: Should the response from the server point to a URI of a policy (or an existing protocol) rather than a single bit in the protocol?
ISSUE-46: Enable users to do more granular blocking based on whether the site responds honoring Do Not Track
ISSUE-45: Companies making public commitments with a "regulatory hook" for US legal purposes
ISSUE-44: Ability to measure/detect who is honoring Do Not Track at a technical level
ISSUE-43: Sites should be able to let the user know their options when they arrive with Do Not Track
ISSUE-42: Feedback to the user from the browser when Do Not Track is turned on
ISSUE-41: Consistent way to discuss tracking with users (terminology matters!)
ISSUE-40: Enable Do Not Track just for a session, rather than being stored
ISSUE-39: Tracking of geographic data (however it's determined, or used)
ISSUE-38: Granularity for different people who share a device or browser
ISSUE-37: Granularity could be as complex as something P3P-style, based on business types and uses
ISSUE-36: Should DNT opt-outs distinguish between behavioral targeting and other personalization?
ISSUE-35: How will DNT interact with existing opt-out programs (industry self-reg, other)?
ISSUE-34: Possible exemption for aggregate analytics
ISSUE-33: Complexity of user choice (are exemptions exposed to users?)
ISSUE-32: Sharing of data between entities via cookie syncing / identity brokering
ISSUE-31: Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions)
ISSUE-30: Will Do Not Track apply to offline aggregating or selling of data?
ISSUE-29: Tracking that may be required by law enforcement
ISSUE-28: Exception for mandatory legal process
ISSUE-27: Mechanism to revoke Do Not Track for specific entities (maybe I really like Google), "opt back in"
ISSUE-26: Providing data to 3rd-party widgets -- does that imply consent?
ISSUE-25: Possible exemption for research purposes
ISSUE-24: Possible exemption for fraud detection and defense
ISSUE-23: Possible exemption for analytics
ISSUE-22: Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.)
ISSUE-21: Enable external audit of DNT compliance
ISSUE-20: Different types of data, what counts as PII, and what definition of PII
ISSUE-19: Data collection / Data use (3rd party)
ISSUE-18: Collection definition (not sure I said the prefix before?)
ISSUE-17: Data use by 1st Party
ISSUE-16: What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)
ISSUE-15: What special treatment should there be for children's data?
ISSUE-14: How does what we talk about with 1st/3rd party relate to European law about data collector vs data processor?
ISSUE-13: What are the requirements for DNT on apps/native software in addition to browsers?
ISSUE-12: How does tracking require relation to unique identities, pseudonyms, etc.?
ISSUE-11: Document a longer list of use cases -- what's going on today
ISSUE-10: What is a first party? As an example, CBS and C|Net are the same company but visually distinct websites/brand, is this a first party relationship?
ISSUE-9: Understand all the different first- and third-party cases.
ISSUE-8: How do we enhance transparency and consumer awareness?
ISSUE-7: What types of tracking exists, and what are the use cases for these types of tracking?
ISSUE-6: What are the underlying concerns? Why are we doing this / what are people afraid of?
ISSUE-5: What is the definition of tracking?
ISSUE-4: What is the default? Is this an opt-in or an opt-out?
ISSUE-3: What is the granularity of the choice we expect users to make?
ISSUE-2: What is the meaning of DNT (Do Not Track) header?
ISSUE-1: Example issue to be closed, so people can see what an issue looks like.
f2f for remote attendees
Welcome to Matthias, co-chair
URL Filter List file format
Opera URL Filter API
Comments on Web Tracking Protection W3C Member Submission 24 February 2011
- RE: Comments on Web Tracking Protection W3C Member Submission 24 February 2011
- Re: Comments on Web Tracking Protection W3C Member Submission 24 February 2011