Re: ACTION-49: Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging by 3rd party) are from David Wainberg on 2012-01-31 (public-tracking@w3.org from January 2012)

From: David Wainberg <dwainberg@appnexus.com>
Date: Tue, 31 Jan 2012 13:42:05 -0500
To: Shane Wiley <wileys@yahoo-inc.com>
CC: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-ID: <4F2835FD.4070504@appnexus.com>
In addition to these use based exceptions, shouldn't there be collection 
based exceptions that incentivize privacy-friendly technologies that use 
less data or store it in privacy safe ways? For example, where would 
Adnostic fall?

On 1/31/12 12:57 AM, Shane Wiley wrote:
>
> I would also propose the addition of “Product Improvement” to cover 
> “customer service inquiries, debugging, and non-user specific modeling 
> for algorithmic improvements.”
>
> *From:*Shane Wiley
> *Sent:* Monday, January 30, 2012 10:54 PM
> *To:* public-tracking@w3.org
> *Subject:* ACTION-49: Propose what the operational carve-outs for 
> 3.6.1.2.1 (e.g. debugging by 3rd party) are
>
> Description:
>
> Propose what the operational carve-outs for 3.6.1.2.1 (e.g. debugging 
> by 3rd party) are
>
> NOTE – Initially captured in ISSUE-22
>
> Draft:
>
> <Non-Normative>
>
> In order to not "break the Internet" and still protect consumer 
> privacy concerns, it will be necessary to provide operational
>
> purpose exceptions for critically necessary business activities even 
> when the DNT signal is on. There are several key categories of data 
> collection and use that must remain intact such that web site 
> operators who are (in the vast majority) offering their services free 
> of charge in exchange for advertising on their properties.
>
> In order to motivate immediate web-wide implementation of the DNT 
> standard upon release it will be important to focus on use based 
> exceptions initially.  Where technical solutions exist and are readily 
> available, parties should transition to these options over use-based 
> restrictions.  It’s difficult to put an exact date for when these 
> solutions will become generally available in the marketplace but it 
> will be critical for large site operators to collaborate with industry 
> and academics to develop these future solutions as soon as possible.
>
> With this in mind, the following exceptions are to be interpreted as 
> MUST employ use-based controls and SHOULD employ technology solutions 
> that avoid collection in the first place.
>
> <Normative>
>
> Parties may continue to collect and use data in a very limited number 
> of operational purposes outlined here:
>
> - Frequency Capping:  A form of historical tracking to ensure the 
> number of times a user sees the same ad is kept to a minimum.  
> Provides a benefit to users to not see the same ad over and over 
> again, as well as, a benefit to advertisers who receive negative brand 
> reaction if an ad is shown too many times to users.  Capping data 
> collection and use SHOULD be limited to only campaign IDs and 
> frequency counters where possible.
>
> - Financial Logging:  Ad impressions and clicks (and sometimes 
> conversions) events are tied to financial transactions (this is how 
> online advertising is billed) and therefore must be collected and 
> stored for billing and auditing purposes.  Information such as what 
> targeting criteria existed for a particular ad campaign MAY need to be 
> retained for audit purposes to demonstrate an ad server met its 
> obligations to an advertiser.
>
> - Aggregated & Anonymous Reporting:  Data may be retained if it is 
> de-identified and aggregated in such a manner as to not allow 
> re-identification of an individual or unique device.
>
> - 3rd Party Auditing:  As online advertising is a billed event and 
> there are concerns with accuracy in impression counting and quality of 
> placement so 3rd party auditors provide an independent reporting 
> service to advertisers and agencies so they can compare reporting for 
> accuracy.
>
> - Security:  From traditional security attacks to more elaborate 
> fraudulent activity, Ad Servers and Publishers must have the ability 
> to log data about suspected bad actors to discern and filter their 
> activities from legitimate transactions. This information is sometimes 
> shared across 3rd parties in cooperatives to help reduce the 
> daisy-chain effect of attacks across the ad ecosystem.
>
> - Market Research:  Data collected for the express purpose of market 
> research MAY be retained at a per user/device level for a limited time 
> to allow for reasonable aggregation.
>
Received on Tuesday, 31 January 2012 18:42:31 UTC