Re: Issue 115, exemptions, best practices: Issue 25 and 34

Jeff ­ I respectfully disagree. Attempted an end around existing law just
doesn't appear reasonable to meŠ.

Moreover, can you provide some evidence to back up the claim that it is a
reasonable expectation for publishers to have a group with almost zero
direct input from the publisher community dictate the terms of their
interactions with their visitors?


Cheers,

Alan Chapell
Chapell & Associates
917 318 8440


From:  Jeffrey Chester <jeff@democraticmedia.org>
Date:  Mon, 13 Feb 2012 12:01:40 -0500
To:  Alan Chapell <achapell@chapellassociates.com>
Cc:  Lee Tien <tien@eff.org>, "Amy Colando (LCA)" <acolando@microsoft.com>,
Kathy Joe <K.Joe@esomar.org>, Jules Polonetsky
<julespol@futureofprivacy.org>, "public-tracking@w3.org"
<public-tracking@w3.org>, "adam.phillips@realresearch.co.uk"
<adam.phillips@realresearch.co.uk>
Subject:  Re: Issue 115, exemptions, best practices: Issue 25 and 34

This isn't about existing law.  It's about defining practices related to
exemption under DNT:1 to ensure meaningful user interaction.   That is a
reasonable expectation for this group and also publishers.



Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009
www.democraticmedia.org <http://www.democraticmedia.org>
www.digitalads.org <http://www.digitalads.org>
202-986-2220

On Feb 13, 2012, at 11:47 AM, Alan Chapell wrote:

> They would learn the exemption options offered by each publisher (if any) in a
> manner that is both clear and in conformance with applicable law. If you and
> Jeff deem appropriate, you are certainly free to help educate regulators in
> each jurisdiction regarding how YOU believe their laws should apply to
> exemptions under the spec and/or issue complaints pointing out where you think
> certain websites fall short of what you think the standard is or should me.
> 
> I'm not sure its appropriate for this group to be re-writing or otherwise
> circumventing existing consumer protection law or interfering with websites
> direct' relationships with their visitors in areas where laws are already in
> existence.
> 
> 
> Cheers,
> 
> Alan Chapell
> Chapell & Associates
> 917 318 8440
> 
> 
> From:  Lee Tien <tien@eff.org>
> Date:  Mon, 13 Feb 2012 08:33:06 -0800
> To:  "Amy Colando (LCA)" <acolando@microsoft.com>
> Cc:  Alan Chapell <achapell@chapellassociates.com>, Jeffrey Chester
> <jeff@democraticmedia.org>, Kathy Joe <K.Joe@esomar.org>, Jules Polonetsky
> <julespol@futureofprivacy.org>, "public-tracking@w3.org"
> <public-tracking@w3.org>, "adam.phillips@realresearch.co.uk"
> <adam.phillips@realresearch.co.uk>
> Subject:  Re: Issue 115, exemptions, best practices: Issue 25 and 34
> 
> Alan and Amy,
> 
> What would users learn about what granting an exemption means for their data
> under your approach?
> 
> Lee 
> 
> Sent from my iPod
> 
> On Feb 13, 2012, at 7:44 AM, "Amy Colando (LCA)" <acolando@microsoft.com>
> wrote:
> 
>> Alan, I agree. Some of the text I previously submitted (will have to look up
>> issue number) on user override/consent could be helpful here and would allow
>> for the continued evolution of law/business model/consumer expectations.
>> 
>> Sent from my Windows Phone
>> 
>> From: Alan Chapell
>> Sent: 2/13/2012 6:55 AM
>> To: Jeffrey Chester; Kathy Joe
>> Cc: Jules Polonetsky; public-tracking@w3.org;
>> 'adam.phillips@realresearch.co.uk'
>> Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34
>> 
>> Jeff -
>> 
>> I'm concerned that you're attempting to set a granular, world-wide standard
>> for disclosures ­ which may conflict with local law, and create another layer
>> of legal and technical hurdles for small to mid-sized publishers --- most of
>> whom are already in compliance with local consumer protection law. And it
>> would seem to me that a world-wide analysis of how these new rules work
>> across jurisdictions would be a pretty significant undertaking on our end.
>> 
>> Why not simply state that sites seeking exemptions should communicate those
>> requests clearly and in line with consumer protection law(s) in the
>> jurisdiction(s) in which they operate?
>> 
>> 
>> Cheers,
>> 
>> Alan Chapell
>> Chapell & Associates
>> 917 318 8440
>> 
>> 
>> From: Jeffrey Chester < <mailto:jeff@democraticmedia.org>
>> jeff@democraticmedia.org>
>> Date: Mon, 13 Feb 2012 09:12:52 -0500
>> To: Kathy Joe < <mailto:K.Joe@esomar.org> K.Joe@esomar.org>
>> Cc: Jules Polonetsky < <mailto:julespol@futureofprivacy.org>
>> julespol@futureofprivacy.org>, Alan Chapell <
>> <mailto:achapell@chapellassociates.com> achapell@chapellassociates.com>, "
>> <mailto:public-tracking@w3.org> public-tracking@w3.org" <
>> <mailto:public-tracking@w3.org> public-tracking@w3.org>, "
>> <mailto:'adam.phillips@realresearch.co.uk>
>> 'adam.phillips@realresearch.co.uk'" <
>> <mailto:adam.phillips@realresearch.co.uk> adam.phillips@realresearch.co.uk>
>> Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34
>> Resent-From: < <mailto:public-tracking@w3.org> public-tracking@w3.org>
>> Resent-Date: Mon, 13 Feb 2012 14:13:46 +0000
>> 
>> For any site seeking an exemption, it should be required to explain clearly
>> upfront how the data is to be collected and used.  This isn't the privacy
>> policy, which few people read and generally fails to explain what goes on.
>> When a user has DNT:1 on, the bar for the exemption process should be
>> reasonably higher in terms of candid disclosure.  If the research community
>> can live with such candor, given what ever rules are applied by W3C, that's
>> fine.  
>> 
>> Happy to discuss this issue further.  I understand the need to use panels,
>> etc., but we should establish a clear digital bright line for the exemption
>> process.
>> 
>> 
>> 
>> 
>> 
>>> Hi Jeffrey,
>>>  
>>> The conditions on best practice for sites to manage exemptions include:A
>>> site should not use a special landing page that has been designedprincipally
>>> to convert a user to agree to permit an exemption. ŠA site should not offer
>>> rewards and incentives for a user to approve of an exemption.
>>>  
>>> We appreciate what you are aiming to do but a blanket ban would harm
>>> research and make it impossible to ask people to take part in surveys as
>>> research panels offer respondents small incentives to participate in
>>> research. 
>>>  
>>> In our text for Issue 25 and 34 (see below), we outline how site users might
>>> be recruited to a research panel and agree to participate in research that
>>> could gather site specific or cross site data. The research site explains
>>> what information would be collected, the purpose of the research and
>>> provides a mechanism for the user to give their consent. If panel members
>>> elect to be tracked, it is with their consent as part of their agreement
>>> with the research organisation. They can opt-out at any time.
>>>  
>>> If a user agrees to the terms of participation having received transparent
>>> information in the site¹s privacy policy they would be compensated for their
>>> time and effort with small incentives such as a chance to participate in a
>>> prize draw.
>>>  
>>> Best regards
>>>  
>>> Kathy Joe
>>>  
>>> Issue 25: Possible exemption forresearch purposes covered by conditions for
>>> outsourcing and issue 34: Exemption for aggregated data
>>> An exemption for research purposes is not required as this is covered under
>>> conditions for outsourcing 3.6.1.2.1 where user¹s consent is required for
>>> cross-site tracking or issue 34, exemption for aggregated data.
>>>  
>>> Description: The first party site has an agreement with a research company
>>> to serve an invitation to a user as a result of something they have done on
>>> the site, eg visited a travel section. The user has a first party
>>> relationship with the site.
>>>  
>>> Suggestion: Site users¹individualised data can be collected with permission,
>>> the use of the data cannot be applied in an interactive way and no products
>>> or services are offered to respondents on the basis of their individual
>>> responses. The researcher and sponsor use theinformation gathered strictly
>>> for research purposes. Researchers aggregate research data and when
>>> reported, the data is de-identified and cannot be linked to a specific user,
>>> computer or device. Any disclosures of identifiable research data must be
>>> used strictly for research purposes and with respondent consent.
>>>  
>>> If the respondent consents to be tracked, the data that is shared with the
>>> client is anonymised and aggregated in such a way that no discernable
>>> patterns can be attributed to a single individual.
>>>  
>>> Online surveys are usually interactive with the site user indicating their
>>> consent (YES) and not filling them (or pressing the "no" button) is
>>> equivalent to NO (meaningful interaction). Ie explicit yes or no.
>>>  
>>> Example and use cases: A site user is browsing a site. If they fulfil
>>> certain criteria, they may be served a pop up invitation which they may
>>> choose to click through to accept in which case the research company would
>>> then become the first party. The research company may ask to be granted an
>>> exception, site-specific or cross-site. The data collected would be
>>> aggregated in the results as the research company is not interested in
>>> identifying that particular person.
>>>  
>>> Opt back in for panel members who have DNT- see 4.3.1: how should a tracking
>>> reference interact with user over-rides of the tracking compliance, Issue
>>> 27: How should the ³opt-back in² mechanism be designed?
>>> Description: Research panel member eg Suppress DNT because there is a
>>> contractual agreement with the user (ie users have a pre-existing agreement
>>> to be tracked)
>>> Panel Members are individual users that have expressed the desire to be part
>>> of a research study and/or group as part of a behavioral tracking research
>>> program which would need to over-ride the DNT standard. We introduce this to
>>> distinguish it from a site-specific exemption which may represent a
>>> desire/preference whereas a panel member relationship represents a
>>> contractual obligation with the research organization that may cover
>>> different domains.
>>>  
>>>  
>>>  
>>> Kathy Joe
>>> Professional Standards & Public Affairs Director
>>> <image002.jpg>
>>>  
>>> 
>>> Eurocenter 2, 11th floor
>>> Barbara Strozzilaan 384
>>> 1083 HN Amsterdam
>>> The Netherlands
>>> Tel: +31 20 664 2141
>>> Fax: +31 20 664 2922
>>> www.esomar.org <http://www.esomar.org/>
>>> 
>>> 
>>>  
>>> 
>>> From: Jeffrey Chester [ <mailto:jeff@democraticmedia.org>
>>> mailto:jeff@democraticmedia.org]
>>> Sent: 09 February 2012 01:41
>>> To: Jules Polonetsky
>>> Cc: 'Alan Chapell';  <mailto:public-tracking@w3.org> public-tracking@w3.org
>>> Subject: Re: Issue 115, exemptions, best practices
>>>  
>>> It's a panel, which is distinct from user impact/expectations.  That is
>>> covered by research issue.
>>>  
>>>  
>>> On Feb 8, 2012, at 6:24 PM, Jules Polonetsky wrote:
>>> 
>>> 
>>> Here is a current example of users being paid for tracking
>>>  
>>>  
>>> <http://www.huffingtonpost.com/2012/02/08/google-screenwise-project_n_126312
>>> 8.html?ref=tw> 
>>> http://www.huffingtonpost.com/2012/02/08/google-screenwise-project_n_1263128
>>> .html?ref=tw
>>>  
>>> From: AlanChapell [ <mailto:achapell@chapellassociates.com>
>>> mailto:achapell@chapellassociates.com]
>>> Sent: Wednesday, February 08, 2012 3:59 PM
>>> To: Jeffrey Chester
>>> Cc:  <mailto:public-tracking@w3.org> public-tracking@w3.org (
>>> <mailto:public-tracking@w3.org> public-tracking@w3.org)
>>> Subject: Re: Issue 115, exemptions, best practices
>>>  
>>> Jeff -
>>>  
>>> If we're starting with the premise that any attempt to get a User to agree
>>> to an exemption is undermining User intent, we're going to have trouble
>>> finding common ground. Are there ANY mechanisms for providing a reward for
>>> the User's agreement to an exemption that are acceptable to you? What about
>>> providing additional free content inexchange for an exemption? Is that ok?
>>>  
>>>  
>>> Cheers,
>>>  
>>> Alan Chapell
>>> Chapell & Associates
>>> 917 318 8440
>>>  
>>>  
>>> From: Jeffrey Chester < <mailto:jeff@democraticmedia.org>
>>> jeff@democraticmedia.org>
>>> Date: Wed, 08 Feb 2012 15:50:09 -0500
>>> To: Alan Chapell < <mailto:achapell@chapellassociates.com>
>>> achapell@chapellassociates.com>
>>> Cc: " <mailto:public-tracking@w3.org> public-tracking@w3.org (
>>> <mailto:public-tracking@w3.org> public-tracking@w3.org)" <
>>> <mailto:public-tracking@w3.org> public-tracking@w3.org>
>>> Subject: Re: Issue 115, exemptions, best practices
>>>  
>>> Alan:  As you know, online marketing practices are designed to process users
>>> to agree to opt-in and data practices.  What I wrote below are just a few of
>>> the practices used by the leading co's and many others.  If a users decision
>>> on DNT is not to be undermined, we must ensure that practices are
>>> incorporated the permit fair user choice.
>>>  
>>>  
>>>  
>>>  
>>> Jeffrey Chester
>>> Center for Digital Democracy
>>> 1621 Connecticut Ave, NW, Suite 550
>>> Washington, DC 20009
>>>  <http://www.democraticmedia.org/> www.democraticmedia.org
>>> <http://www.democraticmedia.org/>
>>>  <http://www.digitalads.org/> www.digitalads.org
>>> <http://www.digitalads.org/>
>>> 202-986-2220
>>>  
>>> On Feb 8, 2012, at 3:23 PM, Alan Chapell wrote:
>>> 
>>> 
>>> 
>>> Jeff ­ In looking at what you've provided here, I'm a bit concerned that you
>>> are dictating the terms that a website has with its visitors. Can you share
>>> the rationale for each of these ­ and specifically, what you are trying to
>>> guard against?
>>>  
>>> Alternatively, I'm happy to have a one-off discussion on this topic on
>>> Friday early AM with Ninja and Jim.
>>>  
>>>  
>>> Cheers,
>>>  
>>> Alan Chapell
>>> Chapell & Associates
>>> 917 318 8440
>>>  
>>>  
>>> From: Jeffrey Chester < <mailto:jeff@democraticmedia.org>
>>> jeff@democraticmedia.org>
>>> Date: Wed, 08 Feb 2012 14:05:40 -0500
>>> To: " <mailto:public-tracking@w3.org> public-tracking@w3.org (
>>> <mailto:public-tracking@w3.org> public-tracking@w3.org)" <
>>> <mailto:public-tracking@w3.org> public-tracking@w3.org>
>>> Subject: Issue 115, exemptions, best practices
>>> Resent-From: < <mailto:public-tracking@w3.org> public-tracking@w3.org>
>>> Resent-Date: Wed, 08 Feb 2012 20:08:56 +0000
>>>  
>>>   <https://www.w3.org/2011/tracking-protection/track/issues/115>
>>> https://www.w3.org/2011/tracking-protection/track/issues/115
>>>  
>>> [I await input from Ninja, Alan and Jim]
>>> 
>>> 
>>> 
>>> Best Practices for sites to manage exemptions should include:
>>> 
>>> A site must provide accurate information to users on the actual data
>>> collection and use practices of the site.  This should include all
>>> information used for tracking, targeting, sales of profiles.
>>> A site should not suggest that the ability to access information is
>>> dependent on blanket acceptance of a site's data practices.
>>> A site should not use "immersive" multimedia applications designed to foster
>>> opt-in as a way to encourage a user agreeing to an exemption.
>>> A site should not use a special landing page that has been designed
>>> principally to convert a user to agree to permit an exemption.
>>> A site should not use social media marketing to urge a user to ask their
>>> "friends" to approve exemptions.
>>> A site should not offer rewards and incentives for a user to approve of an
>>> exemption.
>>>  
>>>  
>>