W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: ACTION-110: Write proposal text for what it means to "not track" (ISSUE-119)

From: Geoff Gieron - AdTruth <ggieron@adtruth.com>
Date: Sun, 19 Feb 2012 20:59:04 +0000
To: JC Cannon <jccannon@microsoft.com>
CC: Jeffrey Chester <jeff@democraticmedia.org>, Jules Polonetsky <julespol@futureofprivacy.org>, Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, Ninja Marnau <nmarnau@datenschutzzentrum.de>, "Roy T. Fielding" <fielding@gbiv.com>
Message-ID: <B42D82F0-BBC8-43BD-BE50-66F9B527A050@adtruth.com>
Agreed...this should apply to all, if we have learned anything this week with the negative publicity over Google, Vibrant, Media Innovation Group and PointRoll bypassing a users designated browser setting in regard to tracking, exceptions or lack of universal applicability give way to these issues occurring and offers more fodder for those who find our self regulatory efforts to be laughable.

I have overseen the campaign deployment (both front end and retargeting) for many universities both for online and in-classroom programs.

While I agree many of these non-profits, universities, etc...do not engage in large scale advertising initiatives we have to look at companies that would fall into such an exemption group like Mozilla, University of Phoenix, FullSail, Heifer.org<http://Heifer.org>, etc...all good companies and spend substantially within our industry.

The recommendation for this is valid, but exceptions tend to lead the best of intentions to a road of being exploitation of those looking to gain a strategic advantage over others they compete with.

We need to treat this as a universal solution applying to all areas of Internet enabled devices currently known or on the horizon...and is applicable in every country.

A consumer should only ever need to answer the following:
Do I want to be tracked? Yes or No

Geoff Gieron

Sent from my iPhone

On Feb 19, 2012, at 11:50 AM, "JC Cannon" <jccannon@microsoft.com<mailto:jccannon@microsoft.com>> wrote:

I don’t understand why would provide special treatment to nonprofits or universities. Shouldn’t our standard apply equally to all organizations?


From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
Sent: Sunday, February 19, 2012 9:49 AM
To: Jules Polonetsky
Cc: 'Rigo Wenning'; public-tracking@w3.org<mailto:public-tracking@w3.org>; 'Ninja Marnau'; 'Roy T. Fielding'
Subject: Re: ACTION-110: Write proposal text for what it means to "not track" (ISSUE-119)

I agree we should cover nonprofits.   Universities, esp private for-profits--use behavioral targeting and lots of tracking.  That's how they find targets for high-priced college loans in the US.

Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009

On Feb 18, 2012, at 7:21 PM, Jules Polonetsky wrote:

A quick look at EU and US university sites indicates plenty of tracking.
(depending on what we consider tracking)....

Universities aren't acting as publishers carrying banner ads.  But they do
advertise elsewhere using third parties who track back the performance of
those ads to university sites by pixeling their pages.  And third party
analytics code is quite common place on university sites.

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org]<mailto:[mailto:rigo@w3.org]>
Sent: Saturday, February 18, 2012 6:16 PM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>; Ninja Marnau
Cc: Roy T. Fielding
Subject: Re: ACTION-110: Write proposal text for what it means to "not
track" (ISSUE-119)

Roy, Ninja,

looks like we have two very good proposals on the table. Just to also give
my recollection from the Brussels meeting: Matthias was complaining about
the small websites, but also about the Universities that will not do big DNT
implementation efforts. But they are not tracking either. How do we deal
with it. Ninja took a first (restrictive) suggestion. Roy toned down a bit
(I think we have too much misunderstandable EU data protection jargon in
Ninja's proposal).

Can you both be clear on:

1/ Log data (which data for how long?)

2/ Cookie data (session cookies are not in scope anyway, right?)

And can we please stop the confusion of this case with the DNT case for the
professionals? Only because there are  sites that do not participate in the
advertisement model (aka Universities) we should not disregard them in our
solution. And if you really fear that having "normal University sites
indicating that they do not track" is conveying a bad message on our normal
DNT specification, than this may be seen as a confession that the industry
doesn't trust the effectiveness of their own suggestions and that they want
to re-think their suggestions. But I believe this would be a dead-end
discussion, especially as I think all the alleged harm is not intended.

This said, I agree with Aleecia and Roy that we should be careful about the
concrete wording. "not-tracking" and "really-not-tracking" looks like a bad
option. Somebody will ultimately come up with a "really-really-really-not-
tracking-fingers-crossed". So I share Roy's concern, but I don't think Ninja
intended that effect. I remind you that we are in an international context
here with non-native speakers.



On Monday 13 February 2012 15:04:24 Roy T. Fielding wrote:

A party may claim that it is not tracking if

1) the party does not retain data from requests in a form that might
identify a user except as necessary to fulfill that user's intention
(e.g., credit card billing data is necessary if the user is making a
purchase) or for the limited purposes of access security, fraud
prevention, or audit controls;

2) when user-identifying data is retained for purposes other than to
fulfill the user's intention, the party maintains strict
confidentiality of that data and only retains that data for a limited
duration that is no longer than is necessary to accomplish that
purpose, thereafter destroying or otherwise clearing the
user-identifying data; and,

3) the party does not combine or correlate collected user-identifying
data with any other data obtained from prior requests,
user-identifying profiles, or data obtained from third parties unless
specifically directed to do so by the user (e.g., when a user
initiates a login request) or for the limited purposes of inspection
for access security, fraud prevention, or audit controls.

The information contained in this e-mail is confidential and/or proprietary of AdTruth. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system.
Received on Sunday, 19 February 2012 20:57:13 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:45 UTC