RE: Issue 115, exemptions, best practices: Issue 25 and 34

"Bombardment of pleas" is certainly subjective. Websites should have the right to request engagement from consumers in order to help fund the free content they provide. Hopefully sites will be subtle in their pleas, but this shouldn't be part of the DNT rules.

On the status quo, either we provide one liners or short interstitials, which provide brief information or we long comprehensive statements that arguably are difficult to wade through. I don't know how we find middle ground since providing more inline will be annoying to consumers and providing shorter privacy statements could lead to complaints of withholding details. I like the interstitials with a link to more information, where the information has to be comprehensive. I would love to hear suggestions for something better.

Collegiality, you bet. I'm expecting a group hug at IAPP. :)

JC

From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
Sent: Sunday, February 26, 2012 7:56 AM
To: Karl Dubost
Cc: Alan Chapell; public-tracking@w3.org Group WG
Subject: Re: Issue 115, exemptions, best practices: Issue 25 and 34

I appreciate the discussion and apologize I wasn't able to respond more quickly to thread.

I understand and agree with Karl it is necessary to create objective and testable standards.  What best practice can be developed that helps users when they are asked to provide exemptions for sites even after they have enabled DNT:1?  Users should not have to face a bombardment of pleas to allow a site to track, after they have made (presumably) an informed decision about their tracking preference.  There is a need to have a balance--allowing the site to request a user to change his/her mind, and ensuring a user has sufficient information to make a better decision.  The status quo we have today (with privacy policies and landing page optimization, for example) that gives sites the upper hand in any such user discussion isn't effective.  Can we propose a more level playing field for the user?

Many thanks.  And by the way.  I want to reiterate how impressed and appreciative I am about the level of collegiality and sprit of informed discussion in the tracking protection group.  I have told press and policymakers it is the kind of "multi-stakeholder" dialogue just endorsed by the US Obama White House.


Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009
www.democraticmedia.org<http://www.democraticmedia.org>
www.digitalads.org<http://www.digitalads.org>
202-986-2220

On Feb 23, 2012, at 3:08 PM, Karl Dubost wrote:


trimming the cc: list

Le 13 févr. 2012 à 15:29, Alan Chapell a écrit :

It might be helpful to return to Jeff's original post. The primary issue that I'm raising is that Jeff's best practices below exceed the scope of what we as a group should be trying to address.

ok, let's see.
What follows is my personal opinions when I try to see that from an RFC2119 point of view. What I mean by that is an operational point of view outside of any legal, ethical requirements.

Basically as a *technical* standard working group:



Best Practices for sites to manage exemptions should include:

A site must provide accurate information to users on the actual data collection and use practices of the site.  This should include all information used for tracking, targeting, sales of profiles.


"A site must provide accurate information to users" is NOT TESTABLE without a definition of what is contained in "accurate information"

To achieve this in a meaningful way, the Browser and the Web site needs a common format describing all the data categories. If not an actual grammar or syntax, it means that we would need to come up with a taxonomy for these data. A bit like what has been done by the W3C Note on Test Metadata.
http://www.w3.org/TR/test-metadata/



A site should not suggest that the ability to access information is dependent on blanket acceptance of a site's data practices.


This is not testable. We can't define it in a way that would improve interoperability. What it tells me is that when a user is sending a "DNT:1", and the site is blocking access as a result of that with a message "We can't grant you access because we need to track you to operate our business. If you want access, opt-in but you understand that your data will be tracked."

The only option I could see that is that the Response header (server->client) contains the information necessary to say that the access has not been granted, that you pay with money or you personal data is the choice of users. It looks a bit like "HTTP 402" [1]

   7.4.3.  402 Payment Required
   This code is reserved for future use.

[1]: http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-18#section-7.4.3



A site should not use "immersive" multimedia applications designed to foster opt-in as a way to encourage a user agreeing to an exemption.


This is totally out of scope or should be treated differently. This is a "Do not lie to the user"



A site should not use a special landing page that has been designed principally to convert a user to agree to permit an exemption.


Out of scope. This is typically the Web page of any Web site that makes it possible for a Web site to offer a subscription for example. I wish in fact that there would be more pages like this, telling to the user "You have to pay with your personal data or you can subscribe by paying $AMOUNT"



A site should not use social media marketing to urge a user to ask their "friends" to approve exemptions.


Out of scope. We can't do anything about that. Same category than the do not lie.



A site should not offer rewards and incentives for a user to approve of an exemption.


Category of all business practices if you pay for 3 months, you get 1 month free.



--
Karl Dubost - http://dev.opera.com/
Developer Relations, Opera Software

Received on Sunday, 26 February 2012 17:26:48 UTC