Re: Action-101; language for issue-6 for TCS spec from David Singer on 2012-02-23 (public-tracking@w3.org from February 2012)

From: David Singer <singer@apple.com>
Date: Wed, 22 Feb 2012 16:12:54 -0800
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <CB8BE2C0-0CEE-4C8C-AA82-67E8EEA60FF3@apple.com>
I honestly think that the specifications should just state what the protocol is (TPE) and what it means to comply (compliance).  I think explanations of 'why', 'how', and so on, are best dealt with at length in a companion 'report'.  Trying to fit all the justification, background, rationale, examples, and so on, into the spec. just makes it unwieldy, IMHO.


On Feb 21, 2012, at 17:54 , John Simpson wrote:

> Colleagues:
> This is Action-101: Revise Issue-6 text based on feedback on the mailing list.  It has been cut a bit from the first version and a new second paragraph inserted in response to comments on the list.  It would go in section 2.1 in the FPWD of the TCS.
> Best regards,
> John
> ------------
> Explaining stakeholders' concerns and the reasons to offer Do Not Track help put the Tracking Compliance and Scope standard in context so its importance will be understood.
> 
> Specification:
> 
> The user experience online involves the exchange of data across servers. At the most basic level, online communication requires the exchange of IP addresses between two parties. Completion of e-commerce transactions normally involves the sending of credit card numbers and user contact information. However, the user experience also often involves unintentional disclosure of data and the commercial compilation of many different kinds of user data by different entities. Much web content is supported by advertising and much of this advertising is linked to either the content of the page visited or to a profile about the particular user or computer. Complex business models have arisen around these online data flows.
> 
> Citizens and consumers confront a far-reaching and largely non-transparent system of data collection and analysis used to make decisions about them. The Internet should ensure that users have control over their information, and to the largest extent possible, over the methods used to process such data. Providing more transparency about data flows and empowering users to control their data, will bolster users' confidence in the Internet. Such an outcome is a win, win for business and consumers alike.
> 
> Exactly how data is gathered and used is not clear to most users. Moreover, users have repeatedly expressed concerns about the use of their data, as this data can be considered personal or even sensitive. For example, a Consumers Union Poll (http://www.consumersunion.org/pub/core_telecom_and_utilities/006189.html ) found that 72 percent or respondents are concerned that their online behaviors were being tracked and profiled by companies. A poll conducted for Consumer Watchdog by Grove Insight found 80 percent support for a "Do Not Track" feature (http://insidegoogle.com/wp-content/uploads/2010/07/wfreInternet.release1.pdf). TRUSTe featured two research studies attempting to quantify consumer concerns around tracking in mobile (April 2011) (http://www.truste.com/about_TRUSTe/press-room/news_truste_mobile_privacy_survey_results_2011) and more generally around OBA (July 2011) http://www.truste.com/ad-privacy/TRUSTe-2011-Consumer-Behavioral-Advertising-Survey-Results.pdf) The Special European Barometer 359 ( http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf) found that 54 percent of respondents were uncomfortable with the fact that websites "use information about your online activity to tailor advertisements or content to your hobbies and interests."
> 
> In non-US jurisdictions, consumers have a different, and higher, expectation around privacy, which stems closer to a fundamental "right" granted to them as part of their citizenship of a particular country. The concept of non-permissive collection of their browsing behavior and personal information is antithetical to their fundamental values and expectations of how they should be treated online.
> 
> The accompanying Tracking Preference Expression recommendation explains how a user, through a user agent, can clearly express a desire not to be tracked. This Tracking Compliance and Scope recommendation sets the standard for the obligations of a website that receives such a DNT message.
> 
> Taken together these two standards should have three substantial outcomes:
> 
> Empower users to manage their preference around the collection and correlation of data about Internet activities that occur on different sites and spell out the obligations of sites in honoring those preferences when DNT is enabled.
> Provide an exceedingly straightforward way for users to gain transparency and control over data usage and the personalization of content and advertising on the web.
> 
> Enable a vibrant Internet to continue to flourish economically by supporting innovative business models while protecting users' privacy.
> 
> Examples and use cases:
> 
> 1.	Several of the stated research studies have shown that when consumers are asked about their preferences around tracking, usually a large majority state they do not wish to be tracked under any circumstances, even when told of how the tracking is to be used (e.g., to provide relevant advertising).
> 
> 2.	However, research of this type doesn't often map to reality when it comes to actual behavior of consumers using technology to control this preference. Examples include:
> a. Users that block 3rd party cookies by default, or that clear their cookies after each setting.
> b. Users of third party privacy add-ons to help manage their privacy. 
> c. Users that have seen the AdChoices icon, clicked on it and opt-ed out of tracking in the current DAA regime.
> d Recent DNT data from Mozilla shows a very small minority of uptake and usage.
> 
> In each of these cases, a very small minority have chosen to use these technologies. But, it can be argued that for the average user, all of these methods are just complex to use and as such a simpler framework is needed. Hence, why consumer advocacy and governments intervene. 
> 
> 3.	Users are often offered a free ad-supported application or service (vs. a paid-for equivalent) and still continue to select free apps when given the choice. [The underlying assumption is that they associate "seeing apps" with "tracking".]
> 
> 4.	In the EU, the issue of choice takes a higher level position of human right based upon Article 8 of The Charter of Fundamental Rights of the European Union and Article 8 of The European Convention on Human Rights, the former saying,"Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law." In this case, it is argued that all citizens should offer express consent prior to allowing any tracking that is not absolutely critical to delivering the fundamental function of the visited website.
> 
> 5.	Another level to this argument argument is that everyone is at least due transparency and the *option* to express a preference with the belief that that preference will mean something (accountability). This is a fundamental right in the value exchange of personal information online, especially when data is already being collected without that person's knowledge or explicit permission. Whether it is opt-in or opt-out can vary by location of course. If such system was prevalent then perhaps more people would change their minds on willingness to be tracked.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Thursday, 23 February 2012 00:13:51 UTC