RE: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are

Lauren,

Apologies on the misquote - I missed the "a".  :)

All exceptions are stated in such a way as to not honor the general rule - that's why they're called "exceptions".  With that in mind, I don't see the value to your most recent approach as its analogous to saying "this is the rule and this is the exception to that rule".

- Shane

From: Lauren Gelman [mailto:gelman@blurryedge.com]
Sent: Wednesday, February 01, 2012 8:12 PM
To: Shane Wiley
Cc: Jeffrey Chester; John Simpson; David Wainberg; Tracking Protection Working Group WG
Subject: Re: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are


I said I have " *A* little knowledge of this stuff", by which I meant less than you, but likely the knowledge what a person who has to read and confirm a companies compliance with the spec has ;)

Can I ask this a little differently?  Is it correct to say you are rewriting this clause in your previous email:

Data collected by a 3rd party MUST be segregated according to the 1st party from which it was collected.  A 3rd party MUST NOT aggregate, correlate or use together data that was collected on different 1st party sites.

HOWEVER, a 3rd party MAY aggregate, correlate or use together data that was collected on different 1st party sites for the purpose of not showing users the same ad too many times.

Is this correct?

How would you phrase this for the other exceptions?

On Feb 1, 2012, at 4:34 PM, Shane Wiley wrote:


Lauren,

Thank you for the feedback.  Since you have "little knowledge of this stuff", I'll do my best to help provide more information to cover on areas you're seeking more information.

Please see my comments below in [ ]:

- Shane

From: Lauren Gelman [mailto:gelman@blurryedge.com]
Sent: Wednesday, February 01, 2012 7:09 PM
To: Jeffrey Chester
Cc: John Simpson; David Wainberg; Shane Wiley; Tracking Protection Working Group WG
Subject: Re: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are


I was not privy to the conversations in Geneva.
But +1 for the idea that this laundry list of exceptions is a very, very bad idea.
While "don't break the internet" is a good intention for the project, it should not codified the current advertising business model as of 1/2012 in a way that stops progress or innovation. Plus, I have a little knowledge of this stuff

[I'm not quite sure I understand your lack of knowledge in this area.  These exceptions are enumerated to allow minimum business operations to continue when a DNT:1 is present - meaning DNT:1 doesn't give users a free pass to a publisher's web site such that even non-targeted ads render no revenue for site operators.]

and I don't even understand what these exceptions encompass.
[Does anyone have an intern or student that can make a chart with each value of DNT (on the horizontal) against the actual information that can be collected, including with the proposed exceptions exemptions (on the vertical)?  That could be pretty helpful but I don't understand this enough to do it]

[There are only 2 values of note:  0 (all tracking allowed) and 1 (do not track).  In the case of DNT:1, these are the minimum business operations that would be allowed to continue.]

For example, what exactly, technically is frequency capping?   Might it be reasonable to say that a person with DNT:1 has to see the same ad many times?  That is part of the trade-off?  Maybe this will make people think tracking is awesome and opt-in!  Maybe advertisers get a % discount based on a publishers % of users who were DNT:1?  What if someone comes up with a new way to deal with this problem that is not called "frequency capping"?

[Technically frequency capping is ensuring a browser (typically based on an anonymous cookie) does not see the same ad more than a set number of times.  If the group ties DNT:1 to mean users will see the same ad many times, there are multiple negative outcomes:

- Users:  Will see the same ad, over and over and over, and will likely turn OFF DNT to remove this outcome.  This feels like throwing out the baby with the bathwater and will ultimately harm what I believe the desired outcome of DNT be for users.

- Publishers:  May not receive payment for impressions that exceed the frequency cap - and therefore meaning DNT means zero advertising revenue for some DNT:1 users (I'm hopeful natural ad rotation would help diminish this slightly so not to be 100% but will likely be the vast majority).

- Advertiser:  Will receive negative feedback from users for seeing their ad too much and will cause them to rethink online marketing in-general - possibly harming all online publishers in a new way.]

No one is even going to try if you publish a standard with this exception.

[Not true at all - and would ask you to substantiate such a significant claim.]

[And frankly it is logically incoherent to say that it DNT:1 means you CAN NOT track someone to SHOW them ads but you CAN track them to NOT SHOW them ads.]

[We've had many discussions in the working group about the dangers of a literal translation of DO NOT TRACK and that's why many have argued for DO NOT CROSS-SITE TRACK as a more accurate description.]

What exactly, technically is financial logging?  By targeting criteria, you mean which segment? For a DNT:1 user, what does this look like and why does it have to be identifying?   I think everyone agrees that you can track someone who clicks on an ad.  So are you saying that a publisher can share identifying information with 3rd parties about DNT:1 users that are shown an ad to prove that they met a segment?  How is that different than the behavior that is prohibited?

[Nothing in financial logging is related to sharing data with 3rd parties for reuse (not sure how you made that connection).  Financial logging is keeping a log of "what ad" was shown to "what user" (unique ID, typically anonymous) in "what location" (URL/page position) at "what time" and with "what outcome" (clicked?).]

Anonymous/aggregate: any data that an entity received in compliance with DNT:1 should not require an exception to keep in anonymous/aggregate form indefinitely so I don't know why this is needed.  This should be part of a retention limitation that applies to data collected under the other exemptions.

[If unique identifiers are not included in the outcome, I would argue Anonymous/Aggregate information is outside of the scope of DNT.  This helps solidify that expression of fact.

On data retention - it is not this working group's place to arbitrarily set data retention standards for types of information.  These are far too varied and nuanced to set a single, all-encompassing, generalized bar.  Minimization standards should continue to be the path forward - as already stated in the draft document.]

audit- a third party auditor should be a service provider so I don't know why this is needed.

[Auditors are a service provider to the advertiser and therefore must track across multiple websites to report on where their ads were shown and if both financial and quality commitments were honored.]

On Feb 1, 2012, at 1:12 PM, Jeffrey Chester wrote:




I also have concerns about these exceptions and we need to fine-tune and vet them carefully.  First, the notion that DNT will "break the Internet" is over-broad.  What we are talking about are the business practices and conditions for digital marketing.  As I expressed last week, I am in favor in principle of supporting current practices used for ad monetization/delivery practices in a DNT environment.  But we need to specify how such exemptions permit an individual who doesn't wish to be tracked.  If DNT:1 is sent, then we need to have system where frequency capping cannot occur using traditional methods.  So I look forward to granular discussion on these.  As for market research, this is used as part of the profiling process, in addition to trend analysis (esp. as we move further with real-time optimization).  I assume panelists will disable DNT, so no exemption needed for them.  When research is to be conducted other ways, they should respect DNT.






It seems to me you're starting open a floodgate of exceptions.  I don't understand the need for the "market research" exception. In addition each exception should come with a limit on long the data can be retained.


On Jan 31, 2012, at 10:42 AM, David Wainberg wrote:



In addition to these use based exceptions, shouldn't there be collection based exceptions that incentivize privacy-friendly technologies that use less data or store it in privacy safe ways? For example, where would Adnostic fall?

On 1/31/12 12:57 AM, Shane Wiley wrote:
I would also propose the addition of "Product Improvement" to cover "customer service inquiries, debugging, and non-user specific modeling for algorithmic improvements."

From: Shane Wiley
Sent: Monday, January 30, 2012 10:54 PM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are

Description:
Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are

NOTE - Initially captured in ISSUE-22

Draft:
<Non-Normative>
In order to not "break the Internet" and still protect consumer privacy concerns, it will be necessary to provide operational
purpose exceptions for critically necessary business activities even when the DNT signal is on. There are several key categories of data collection and use that must remain intact such that web site operators who are (in the vast majority) offering their services free of charge in exchange for advertising on their properties.

In order to motivate immediate web-wide implementation of the DNT standard upon release it will be important to focus on use based exceptions initially.  Where technical solutions exist and are readily available, parties should transition to these options over use-based restrictions.  It's difficult to put an exact date for when these solutions will become generally available in the marketplace but it will be critical for large site operators to collaborate with industry and academics to develop these future solutions as soon as possible.

With this in mind, the following exceptions are to be interpreted as MUST employ use-based controls and SHOULD employ technology solutions that avoid collection in the first place.

<Normative>
Parties may continue to collect and use data in a very limited number of operational purposes outlined here:

- Frequency Capping:  A form of historical tracking to ensure the number of times a user sees the same ad is kept to a minimum.  Provides a benefit to users to not see the same ad over and over again, as well as, a benefit to advertisers who receive negative brand reaction if an ad is shown too many times to users.  Capping data collection and use SHOULD be limited to only campaign IDs and frequency counters where possible.

- Financial Logging:  Ad impressions and clicks (and sometimes conversions) events are tied to financial transactions (this is how online advertising is billed) and therefore must be collected and stored for billing and auditing purposes.  Information such as what targeting criteria existed for a particular ad campaign MAY need to be retained for audit purposes to demonstrate an ad server met its obligations to an advertiser.

- Aggregated & Anonymous Reporting:  Data may be retained if it is de-identified and aggregated in such a manner as to not allow re-identification of an individual or unique device.

- 3rd Party Auditing:  As online advertising is a billed event and there are concerns with accuracy in impression counting and quality of placement so 3rd party auditors provide an independent reporting service to advertisers and agencies so they can compare reporting for accuracy.

- Security:  From traditional security attacks to more elaborate fraudulent activity, Ad Servers and Publishers must have the ability to log data about suspected bad actors to discern and filter their activities from legitimate transactions. This information is sometimes shared across 3rd parties in cooperatives to help reduce the daisy-chain effect of attacks across the ad ecosystem.

- Market Research:  Data collected for the express purpose of market research MAY be retained at a per user/device level for a limited time to allow for reasonable aggregation.

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org<http://www.ConsumerWatchdog.org/>
john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>



Lauren Gelman
BlurryEdge Strategies
415-627-8512
gelman@blurryedge.com<mailto:gelman@blurryedge.com>
http://blurryedge.com<http://blurryedge.com/>


Lauren Gelman
BlurryEdge Strategies
415-627-8512
gelman@blurryedge.com<mailto:gelman@blurryedge.com>
http://blurryedge.com

Received on Thursday, 2 February 2012 01:30:18 UTC