- From: David Wainberg <dwainberg@appnexus.com>
- Date: Tue, 31 Jan 2012 13:42:05 -0500
- To: Shane Wiley <wileys@yahoo-inc.com>
- CC: Tracking Protection Working Group WG <public-tracking@w3.org>
- Message-ID: <4F2835FD.4070504@appnexus.com>
In addition to these use based exceptions, shouldn't there be collection based exceptions that incentivize privacy-friendly technologies that use less data or store it in privacy safe ways? For example, where would Adnostic fall? On 1/31/12 12:57 AM, Shane Wiley wrote: > > I would also propose the addition of “Product Improvement” to cover > “customer service inquiries, debugging, and non-user specific modeling > for algorithmic improvements.” > > *From:*Shane Wiley > *Sent:* Monday, January 30, 2012 10:54 PM > *To:* public-tracking@w3.org > *Subject:* ACTION-49: Propose what the operational carve-outs for > 3.6.1.2.1 (e.g. debugging by 3rd party) are > > Description: > > Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging > by 3rd party) are > > NOTE – Initially captured in ISSUE-22 > > Draft: > > <Non-Normative> > > In order to not "break the Internet" and still protect consumer > privacy concerns, it will be necessary to provide operational > > purpose exceptions for critically necessary business activities even > when the DNT signal is on. There are several key categories of data > collection and use that must remain intact such that web site > operators who are (in the vast majority) offering their services free > of charge in exchange for advertising on their properties. > > In order to motivate immediate web-wide implementation of the DNT > standard upon release it will be important to focus on use based > exceptions initially. Where technical solutions exist and are readily > available, parties should transition to these options over use-based > restrictions. It’s difficult to put an exact date for when these > solutions will become generally available in the marketplace but it > will be critical for large site operators to collaborate with industry > and academics to develop these future solutions as soon as possible. > > With this in mind, the following exceptions are to be interpreted as > MUST employ use-based controls and SHOULD employ technology solutions > that avoid collection in the first place. > > <Normative> > > Parties may continue to collect and use data in a very limited number > of operational purposes outlined here: > > - Frequency Capping: A form of historical tracking to ensure the > number of times a user sees the same ad is kept to a minimum. > Provides a benefit to users to not see the same ad over and over > again, as well as, a benefit to advertisers who receive negative brand > reaction if an ad is shown too many times to users. Capping data > collection and use SHOULD be limited to only campaign IDs and > frequency counters where possible. > > - Financial Logging: Ad impressions and clicks (and sometimes > conversions) events are tied to financial transactions (this is how > online advertising is billed) and therefore must be collected and > stored for billing and auditing purposes. Information such as what > targeting criteria existed for a particular ad campaign MAY need to be > retained for audit purposes to demonstrate an ad server met its > obligations to an advertiser. > > - Aggregated & Anonymous Reporting: Data may be retained if it is > de-identified and aggregated in such a manner as to not allow > re-identification of an individual or unique device. > > - 3rd Party Auditing: As online advertising is a billed event and > there are concerns with accuracy in impression counting and quality of > placement so 3rd party auditors provide an independent reporting > service to advertisers and agencies so they can compare reporting for > accuracy. > > - Security: From traditional security attacks to more elaborate > fraudulent activity, Ad Servers and Publishers must have the ability > to log data about suspected bad actors to discern and filter their > activities from legitimate transactions. This information is sometimes > shared across 3rd parties in cooperatives to help reduce the > daisy-chain effect of attacks across the ad ecosystem. > > - Market Research: Data collected for the express purpose of market > research MAY be retained at a per user/device level for a limited time > to allow for reasonable aggregation. >
Received on Tuesday, 31 January 2012 18:42:31 UTC