- From: Lee Tien <tien@eff.org>
- Date: Mon, 13 Feb 2012 08:33:06 -0800
- To: "Amy Colando (LCA)" <acolando@microsoft.com>
- Cc: Alan Chapell <achapell@chapellassociates.com>, Jeffrey Chester <jeff@democraticmedia.org>, Kathy Joe <K.Joe@esomar.org>, Jules Polonetsky <julespol@futureofprivacy.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "adam.phillips@realresearch.co.uk" <adam.phillips@realresearch.co.uk>
- Message-Id: <7DC20E97-9B7F-4849-A6F2-C1E9A5718C86@eff.org>
Alan and Amy, What would users learn about what granting an exemption means for their data under your approach? Lee Sent from my iPod On Feb 13, 2012, at 7:44 AM, "Amy Colando (LCA)" <acolando@microsoft.com> wrote: > Alan, I agree. Some of the text I previously submitted (will have to > look up issue number) on user override/consent could be helpful here > and would allow for the continued evolution of law/business model/ > consumer expectations. > > Sent from my Windows Phone > From: Alan Chapell > Sent: 2/13/2012 6:55 AM > To: Jeffrey Chester; Kathy Joe > Cc: Jules Polonetsky; public-tracking@w3.org; 'adam.phillips@realresearch.co.uk > ' > Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34 > > Jeff - > > I'm concerned that you're attempting to set a granular, world-wide > standard for disclosures – which may conflict with local law, and cr > eate another layer of legal and technical hurdles for small to mid-s > ized publishers --- most of whom are already in compliance with loca > l consumer protection law. And it would seem to me that a world-wide > analysis of how these new rules work across jurisdictions would be > a pretty significant undertaking on our end. > > Why not simply state that sites seeking exemptions should > communicate those requests clearly and in line with consumer > protection law(s) in the jurisdiction(s) in which they operate? > > > Cheers, > > Alan Chapell > Chapell & Associates > 917 318 8440 > > > From: Jeffrey Chester <jeff@democraticmedia.org> > Date: Mon, 13 Feb 2012 09:12:52 -0500 > To: Kathy Joe <K.Joe@esomar.org> > Cc: Jules Polonetsky <julespol@futureofprivacy.org>, Alan Chapell <achapell@chapellassociates.com > >, "public-tracking@w3.org" <public-tracking@w3.org>, "'adam.phillips@realresearch.co.uk > '" <adam.phillips@realresearch.co.uk> > Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34 > Resent-From: <public-tracking@w3.org> > Resent-Date: Mon, 13 Feb 2012 14:13:46 +0000 > > For any site seeking an exemption, it should be required to explain > clearly upfront how the data is to be collected and used. This > isn't the privacy policy, which few people read and generally fails > to explain what goes on. When a user has DNT:1 on, the bar for the > exemption process should be reasonably higher in terms of candid > disclosure. If the research community can live with such candor, > given what ever rules are applied by W3C, that's fine. > > Happy to discuss this issue further. I understand the need to use > panels, etc., but we should establish a clear digital bright line > for the exemption process. > > > > > >> Hi Jeffrey, >> >> The conditions on best practice for sites to manage exemptions >> include: A site should not use a special landing page that has been >> designedprincipally to convert a user to agree to permit an >> exemption. …A site should not offer rewards and incentives for a >> user to approve of an exemption. >> >> We appreciate what you are aiming to do but a blanket ban would >> harm research and make it impossible to ask people to take part in >> surveys as research panels offer respondents small incentives to >> participate in research. >> >> In our text for Issue 25 and 34 (see below), we outline how site >> users might be recruited to a research panel and agree to >> participate in research that could gather site specific or cross >> site data. The research site explains what information would be >> collected, the purpose of the research and provides a mechanism for >> the user to give their consent. If panel members elect to be >> tracked, it is with their consent as part of their agreement with >> the research organisation. They can opt-out at any time. >> >> If a user agrees to the terms of participation having received >> transparent information in the site’s privacy policy they would be >> compensated for their time and effort with small incentives such >> as a chance to participate in a prize draw. >> >> Best regards >> >> Kathy Joe >> >> Issue 25: Possible exemption forresearch purposes covered by >> conditions for outsourcing and issue 34: Exemption for aggregated >> data >> An exemption for research purposes is not required as this is >> covered under conditions for outsourcing 3.6.1.2.1 where user’s co >> nsent is required for cross-site tracking or issue 34, exemption f >> or aggregated data. >> >> Description: The first party site has an agreement with a research >> company to serve an invitation to a user as a result of something >> they have done on the site, eg visited a travel section. The user >> has a first party relationship with the site. >> >> Suggestion: Site users’ individualised data can be collected with >> permission, the use of the data cannot be applied in an interactiv >> e way and no products or services are offered to respondents on th >> e basis of their individual responses. The researcher and sponsor >> use theinformation gathered strictly for research purposes. Resear >> chers aggregate research data and when reported, the data is de-id >> entified and cannot be linked to a specific user, computer or devi >> ce. Any disclosures of identifiable research data must be used str >> ictly for research purposes and with respondent consent. >> >> If the respondent consents to be tracked, the data that is shared >> with the client is anonymised and aggregated in such a way that no >> discernable patterns can be attributed to a single individual. >> >> Online surveys are usually interactive with the site user >> indicating their consent (YES) and not filling them (or pressing >> the "no" button) is equivalent to NO (meaningful interaction). Ie >> explicit yes or no. >> >> Example and use cases: A site user is browsing a site. If they >> fulfil certain criteria, they may be served a pop up invitation >> which they may choose to click through to accept in which case the >> research company would then become the first party. The research >> company may ask to be granted an exception, site-specific or cross- >> site. The data collected would be aggregated in the results as the >> research company is not interested in identifying that particular >> person. >> >> Opt back in for panel members who have DNT - see 4.3.1: how should >> a tracking reference interact with user over-rides of the tracking >> compliance, Issue 27: How should the “opt-back in” mechanism be >> designed? >> Description: Research panel member eg Suppress DNT because there is >> a contractual agreement with the user (ie users have a pre-existing >> agreement to be tracked) >> Panel Members are individual users that have expressed the desire >> to be part of a research study and/or group as part of a behavioral >> tracking research program which would need to over-ride the DNT >> standard. We introduce this to distinguish it from a site-specific >> exemption which may represent a desire/preference whereas a panel >> member relationship represents a contractual obligation with the >> research organization that may cover different domains. >> >> >> >> Kathy Joe >> Professional Standards & Public Affairs Director >> >> <image002.jpg> >> >> >> Eurocenter 2, 11th floor >> Barbara Strozzilaan 384 >> 1083 HN Amsterdam >> The Netherlands >> Tel: +31 20 664 2141 >> Fax: +31 20 664 2922 >> www.esomar.org >> >> >> >> >> From: Jeffrey Chester [mailto:jeff@democraticmedia.org] >> Sent: 09 February 2012 01:41 >> To: Jules Polonetsky >> Cc: 'Alan Chapell'; public-tracking@w3.org >> Subject: Re: Issue 115, exemptions, best practices >> >> It's a panel, which is distinct from user impact/expectations. >> That is covered by research issue. >> >> >> On Feb 8, 2012, at 6:24 PM, Jules Polonetsky wrote: >> >> >> Here is a current example of users being paid for tracking >> >> http://www.huffingtonpost.com/2012/02/08/google-screenwise-project_n_1263128.html?ref=tw >> >> From: AlanChapell [mailto:achapell@chapellassociates.com] >> Sent: Wednesday, February 08, 2012 3:59 PM >> To: Jeffrey Chester >> Cc: public-tracking@w3.org (public-tracking@w3.org) >> Subject: Re: Issue 115, exemptions, best practices >> >> Jeff - >> >> If we're starting with the premise that any attempt to get a User >> to agree to an exemption is undermining User intent, we're going to >> have trouble finding common ground. Are there ANY mechanisms for >> providing a reward for the User's agreement to an exemption that >> are acceptable to you? What about providing additional free content >> inexchange for an exemption? Is that ok? >> >> >> Cheers, >> >> Alan Chapell >> Chapell & Associates >> 917 318 8440 >> >> >> From: Jeffrey Chester <jeff@democraticmedia.org> >> Date: Wed, 08 Feb 2012 15:50:09 -0500 >> To: Alan Chapell <achapell@chapellassociates.com> >> Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org >> > >> Subject: Re: Issue 115, exemptions, best practices >> >> Alan: As you know, online marketing practices are designed to >> process users to agree to opt-in and data practices. What I wrote >> below are just a few of the practices used by the leading co's and >> many others. If a users decision on DNT is not to be undermined, >> we must ensure that practices are incorporated the permit fair user >> choice. >> >> >> >> >> Jeffrey Chester >> Center for Digital Democracy >> 1621 Connecticut Ave, NW, Suite 550 >> Washington, DC 20009 >> www.democraticmedia.org >> www.digitalads.org >> 202-986-2220 >> >> On Feb 8, 2012, at 3:23 PM, Alan Chapell wrote: >> >> >> >> Jeff – In looking at what you've provided here, I'm a bit concerne >> d that you are dictating the terms that a website has with its vis >> itors. Can you share the rationale for each of these – and specifi >> cally, what you are trying to guard against? >> >> Alternatively, I'm happy to have a one-off discussion on this topic >> on Friday early AM with Ninja and Jim. >> >> >> Cheers, >> >> Alan Chapell >> Chapell & Associates >> 917 318 8440 >> >> >> From: Jeffrey Chester <jeff@democraticmedia.org> >> Date: Wed, 08 Feb 2012 14:05:40 -0500 >> To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org >> > >> Subject: Issue 115, exemptions, best practices >> Resent-From: <public-tracking@w3.org> >> Resent-Date: Wed, 08 Feb 2012 20:08:56 +0000 >> >> https://www.w3.org/2011/tracking-protection/track/issues/115 >> >> [I await input from Ninja, Alan and Jim] >> >> >> >> Best Practices for sites to manage exemptions should include: >> >> A site must provide accurate information to users on the actual >> data collection and use practices of the site. This should include >> all information used for tracking, targeting, sales of profiles. >> A site should not suggest that the ability to access information is >> dependent on blanket acceptance of a site's data practices. >> A site should not use "immersive" multimedia applications designed >> to foster opt-in as a way to encourage a user agreeing to an >> exemption. >> A site should not use a special landing page that has been designed >> principally to convert a user to agree to permit an exemption. >> A site should not use social media marketing to urge a user to ask >> their "friends" to approve exemptions. >> A site should not offer rewards and incentives for a user to >> approve of an exemption. >> >> >
Received on Monday, 13 February 2012 16:35:39 UTC