W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

RE: Action-101; language for issue-6 for TCS spec

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Tue, 28 Feb 2012 17:34:47 -0800
To: John Simpson <john@consumerwatchdog.org>
CC: David Singer <singer@apple.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D10109B88@SP2-EX07VS02.ds.corp.yahoo.com>

Thank you for the thoughtful response - and I agree "less will be more" in this case (at least we'll limit the areas of discussion where view points are largely divergent).

With that in mind, perhaps there is a middle ground between the current drafts and your draft below - the goal being to capture the specific issues being addressed and shy away from language/positions that are controversial within the group.  It would definitely be "shorter" and still provide some context (and can be used as a preamble for both documents).  Thoughts?

Thank you again,
- Shane

From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Tuesday, February 28, 2012 6:26 PM
To: Shane Wiley
Cc: David Singer; public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: Action-101; language for issue-6 for TCS spec

Shane and David,

I've been thinking a lot about the points you made here and even though I wrote the text that was supposed to go into the Compliance document in response to Issue-6, and I've concluded you are correct.  The TPE should be about sending the DNT message.  Compliance should only be about obligations when you get the DNT message.

Why we're doing this may lead to a never ending debate.  It is likely, in fact, that we're all doing this for different reasons. Trying to capture that in a specification documents  makes little sense and may be impossible.

I think this is true with both documents.  I'd be inclined to close Issue-6 and not attempt to add the language to the Compliance document.  There may be some further language there that should be cut, too. I need to look.

In the TPE, I'd cut virtually all the Introduction.  I'd propose keeping:

      " This specification defines the HTTP request header field DNT<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-dnt-1> for expressing a tracking preference on the Web, a well-known location (URI) for providing a machine-readable tracking status resource<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-tracking-status-resource> that describes a service's DNT compliance, and the HTTP response header field Tk<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-tk> for resources to communicate their compliance or non-compliance with the user's expressed preference.

        "A companion document, [TRACKING-COMPLIANCE<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#bib-TRACKING-COMPLIANCE>], more precisely defines the terminology of tracking preferences, the scope of its applicability, and the requirements on compliant first-party and third-party participants when an indication of tracking preference is received. "

I really believe this is a case where less is more.  We're all at the table for different reasons.  Let's put a laser-like focus on sending the DNT message (TPE) and what the obligations will be (compliance).

I really believe this may help move us toward consensus.


On Feb 22, 2012, at 4:37 PM, Shane Wiley wrote:

+ 1

I believe the language is highly overstated as well and would recommend this be completely removed from the Working Group document set.  Advocates could simply release their own "companion document" at the release of the W3C DNT documents (similar to what Trade Groups will probably do as well).  Otherwise, we'll need to unwind the clear bias in these descriptions to provide a more balanced message - which could eat up several weeks of Working Group time.

- Shane

From: David Singer [mailto:singer@apple.com]
Sent: Wednesday, February 22, 2012 4:13 PM
To: public-tracking@w3.org<mailto:public-tracking@w3.org> (public-tracking@w3.org<mailto:public-tracking@w3.org>)
Subject: Re: Action-101; language for issue-6 for TCS spec

I honestly think that the specifications should just state what the protocol is (TPE) and what it means to comply (compliance).  I think explanations of 'why', 'how', and so on, are best dealt with at length in a companion 'report'.  Trying to fit all the justification, background, rationale, examples, and so on, into the spec. just makes it unwieldy, IMHO.

On Feb 21, 2012, at 17:54 , John Simpson wrote:


This is Action-101: Revise Issue-6<https://www.w3.org/2011/tracking-protection/track/issues/6> text based on feedback on the mailing list.  It has been cut a bit from the first version and a new second paragraph inserted in response to comments on the list.  It would go in section 2.1 in the FPWD of the TCS.

Best regards,


Explaining stakeholders' concerns and the reasons to offer Do Not Track help put the Tracking Compliance and Scope standard in context so its importance will be understood.


The user experience online involves the exchange of data across servers. At the most basic level, online communication requires the exchange of IP addresses between two parties. Completion of e-commerce transactions normally involves the sending of credit card numbers and user contact information. However, the user experience also often involves unintentional disclosure of data and the commercial compilation of many different kinds of user data by different entities. Much web content is supported by advertising and much of this advertising is linked to either the content of the page visited or to a profile about the particular user or computer. Complex business models have arisen around these online data flows.

Citizens and consumers confront a far-reaching and largely non-transparent system of data collection and analysis used to make decisions about them. The Internet should ensure that users have control over their information, and to the largest extent possible, over the methods used to process such data. Providing more transparency about data flows and empowering users to control their data, will bolster users' confidence in the Internet. Such an outcome is a win, win for business and consumers alike.

Exactly how data is gathered and used is not clear to most users. Moreover, users have repeatedly expressed concerns about the use of their data, as this data can be considered personal or even sensitive. For example, a Consumers Union Poll (http://www.consumersunion.org/pub/core_telecom_and_utilities/006189.html ) found that 72 percent or respondents are concerned that their online behaviors were being tracked and profiled by companies. A poll conducted for Consumer Watchdog by Grove Insight found 80 percent support for a "Do Not Track" feature (http://insidegoogle.com/wp-content/uploads/2010/07/wfreInternet.release1.pdf).<http://insidegoogle.com/wp-content/uploads/2010/07/wfreInternet.release1.pdf%29.> TRUSTe featured two research studies attempting to quantify consumer concerns around tracking in mobile (April 2011) (http://www.truste.com/about_TRUSTe/press-room/news_truste_mobile_privacy_survey_results_2011)<http://www.truste.com/about_TRUSTe/press-room/news_truste_mobile_privacy_survey_results_2011%29> and more generally around OBA (July 2011) http://www.truste.com/ad-privacy/TRUSTe-2011-Consumer-Behavioral-Advertising-Survey-Results.pdf)<http://www.truste.com/ad-privacy/TRUSTe-2011-Consumer-Behavioral-Advertising-Survey-Results.pdf%29> The Special European Barometer 359 ( http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf)<http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf%29> found that 54 percent of respondents were uncomfortable with the fact that websites "use information about your online activity to tailor advertisements or content to your hobbies and interests."

In non-US jurisdictions, consumers have a different, and higher, expectation around privacy, which stems closer to a fundamental "right" granted to them as part of their citizenship of a particular country. The concept of non-permissive collection of their browsing behavior and personal information is antithetical to their fundamental values and expectations of how they should be treated online.

The accompanying Tracking Preference Expression recommendation explains how a user, through a user agent, can clearly express a desire not to be tracked. This Tracking Compliance and Scope recommendation sets the standard for the obligations of a website that receives such a DNT message.

Taken together these two standards should have three substantial outcomes:

Empower users to manage their preference around the collection and correlation of data about Internet activities that occur on different sites and spell out the obligations of sites in honoring those preferences when DNT is enabled.
Provide an exceedingly straightforward way for users to gain transparency and control over data usage and the personalization of content and advertising on the web.

Enable a vibrant Internet to continue to flourish economically by supporting innovative business models while protecting users' privacy.

Examples and use cases:

1. Several of the stated research studies have shown that when consumers are asked about their preferences around tracking, usually a large majority state they do not wish to be tracked under any circumstances, even when told of how the tracking is to be used (e.g., to provide relevant advertising).

2. However, research of this type doesn't often map to reality when it comes to actual behavior of consumers using technology to control this preference. Examples include:
a. Users that block 3rd party cookies by default, or that clear their cookies after each setting.
b. Users of third party privacy add-ons to help manage their privacy.
c. Users that have seen the AdChoices icon, clicked on it and opt-ed out of tracking in the current DAA regime.
d Recent DNT data from Mozilla shows a very small minority of uptake and usage.

In each of these cases, a very small minority have chosen to use these technologies. But, it can be argued that for the average user, all of these methods are just complex to use and as such a simpler framework is needed. Hence, why consumer advocacy and governments intervene.

3. Users are often offered a free ad-supported application or service (vs. a paid-for equivalent) and still continue to select free apps when given the choice. [The underlying assumption is that they associate "seeing apps" with "tracking".]

4. In the EU, the issue of choice takes a higher level position of human right based upon Article 8 of The Charter of Fundamental Rights of the European Union and Article 8 of The European Convention on Human Rights, the former saying,"Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law." In this case, it is argued that all citizens should offer express consent prior to allowing any tracking that is not absolutely critical to delivering the fundamental function of the visited website.

5. Another level to this argument argument is that everyone is at least due transparency and the *option* to express a preference with the belief that that preference will mean something (accountability). This is a fundamental right in the value exchange of personal information online, especially when data is already being collected without that person's knowledge or explicit permission. Whether it is opt-in or opt-out can vary by location of course. If such system was prevalent then perhaps more people would change their minds on willingness to be tracked.

David Singer
Multimedia and Software Standards, Apple Inc.

John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
Received on Wednesday, 29 February 2012 01:35:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:34 UTC