Action-101: Revise text for Issue-6, What are the underlying concerns?

Colleagues:

Following completes Action-101, revise draft text for the the Compliance and Scope Specification,  Issue-6, based on feedback from the mail list.

John
---------------------------


Issue Number: Issue-6

Issue Name:
What are underlying concerns? Why are we doing this? What are people afraid of?

Issue URL:
http://www.w3.org/2011/tracking-protection/track/issues/6

Section number in the FPWD: 2.1 Goals

Contributors to this text:
John M. Simpson
Kevin Trilli

Description:
Explaining stakeholders' concerns and the reasons to offer Do Not Track help put the Tracking Compliance and Scope standard in context so its importance will be understood.

Specification:
The user experience online involves the exchange of data across servers. At the most basic level, online communication requires the exchange of IP addresses between two parties. Completion of e-commerce transactions normally involves the sending of credit card numbers and user contact information. However, the user experience also often involves unintentional disclosure of data and the commercial compilation of many different kinds of user data by different entities. Much web content is supported by advertising and much of this advertising is linked to either the content of the page visited or to a profile about the particular user or computer. Complex business models have arisen around these online data flows.

Exactly how this information is gathered and used is not clear to most users. Moreover, users have repeatedly expressed concerns about the use of their data,  as this data can be considered personal or even sensitive.  For example, a Consumers Union Poll (http://www.consumersunion.org/pub/core_telecom_and_utilities/006189.html ) found that 72 percent or respondents are concerned that their online behaviors were being tracked and profiled by companies. A poll conducted for Consumer Watchdog by Grove Insight found 80 percent support for a "Do Not Track" feature (http://insidegoogle.com/wp-content/uploads/2010/07/wfreInternet.release1.pdf). TRUSTe featured two research studies attempting to quantify consumer concerns around tracking in mobile (April 2011) (http://www.truste.com/about_TRUSTe/press-room/news_truste_mobile_privacy_survey_results_2011) and more generally around OBA (July 2011) http://www.truste.com/ad-privacy/TRUSTe-2011-Consumer-Behavioral-Advertising-Survey-Results.pdf)  The Special European Barometer 359  ( http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf) found that 54 percent of respondents were uncomfortable with the fact that websites "use information about your online activity to tailor advertisements or content to your hobbies and interests."

In non-US jurisdictions, consumers have a different, and higher, expectation around privacy, which stems closer to a fundamental "right" granted to them as part of their citizenship of a particular country.  The concept of non-permissive collection of their browsing behavior and personal information is antithetical to their fundamental values and expectations of how they should be treated online.

In response to such concerns in 2007 several public interest groups including the World Privacy Forum, CDT and EFF, asked the U.S. Federal Trade Commission to create a Do Not Track list for online advertising. The idea was compared to the popular  "Do Not Call" list administered by the Commission.  Other groups around the world have followed suit like eDAA and Canada, and are in some cases pushing for an express consent model (opt-in) vs. opt-out model.

It became clear that a Do Not Track list was impractical, but support for the concept of empowering users to have greater control over the information that is gathered about them has continued.  Providing more transparency about data flows and empowering users to control their data, will bolster users' confidence in the Internet. Such an outcome is a win, win for business and consumers alike.

The accompanying Tracking Preference Expression recommendation explains how a user, through a user agent, can clearly express a desire not to be tracked. This Tracking Compliance and Scope recommendation sets the standard for the obligations of a website that receives such a DNT message.

Taken together these two standards should have three substantial outcomes:
Empower users  to manage their preference around the collection and correlation of data about Internet activities that occur on different sites and spell out the obligations of sites in honoring those preferences when DNT is enabled.
Provide an exceedingly straightforward way for users to gain transparency and control over data usage and the personalization of content and advertising on the web.
Enable a vibrant Internet to continue to flourish economically by supporting innovative business models while protecting users' privacy.
Examples and use cases:
1.	Several of the stated research studies have shown that when consumers are asked about their preferences around tracking, usually a large majority state they do not wish to be tracked under any circumstances, even when told of how the tracking is to be used (e.g., to provide relevant advertising).

2.	However, research of this type doesn't often map to reality when it comes to actual behavior of consumers using technology to control this preference.  Examples include:
	a. Users that block 3rd party cookies by default, or that clear their cookies after each setting.
	b. Users of third party privacy add-ons to help manage their privacy.  
	c. Users that have seen the AdChoices icon, clicked on it and opt-ed out of tracking in the current DAA regime.
	d  Recent DNT data from Mozilla shows a very small minority of uptake and usage.

In each of these cases, a very small minority have chosen to use these technologies.  But, it can be argued that for the average user, all of these methods are just complex to use and as such a simpler framework is needed.  Hence, why consumer advocacy and governments intervene. 

3.	Users are often offered a free ad-supported application or service (vs. a paid-for equivalent) and still continue to select free apps when given the choice.  [The underlying assumption is that they associate "seeing apps" with "tracking".]

4.	In the EU, the issue of choice takes a higher level position of human right based upon Article 8 of The Charter of Fundamental Rights of the European Union and Article 8 of The European Convention on Human Rights, the former saying,"Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law." In this case, it is argued that all citizens should offer express consent prior to allowing any tracking that is not absolutely critical to delivering the fundamental function of the visited website.

5.	Another level to this argument argument  is that everyone is at least due transparency and the *option* to express a preference with the belief that that preference will mean something (accountability).  This is a fundamental right in the value exchange of personal information online, especially when data is already being collected without that person's knowledge or explicit permission.  Whether it is opt-in or opt-out can vary by location of course.  If such system was prevalent then perhaps  more people would change their minds on willingness to be tracked.

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org
john@consumerwatchdog.org

Received on Thursday, 2 February 2012 21:15:25 UTC