Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

Hi Jeff - 

We had gone over this issue back in February and (at the time at least)
seemed closer to consensus than we seem to be at this point. I had proposed
the following:

When seeking exemption when DNT:1 is sent sites should communicate those
requests clearly, accurately and in line with consumer protection law(s) in
the jurisdiction(s) in which they operate.

And you had indicated that "The core issue is point A--providing accurate
information.  if we can address this in exemption process, we are there."

Please let me know if I'm mis-characterizing or otherwise mis-understanding
what you were trying to get at ­ but it would helpful for me to understand
whether my text suggestion gets you where we need to be ­ and if not, why
not?

Thanks!

Cheers,

Alan Chapell
Chapell & Associates
917 318 8440


From:  Jeffrey Chester <jeff@democraticmedia.org>
Date:  Thu, 29 Mar 2012 10:29:50 -0400
To:  Shane Wiley <wileys@yahoo-inc.com>
Cc:  Jonathan Mayer <jmayer@stanford.edu>, David Singer <singer@apple.com>,
John Simpson <john@consumerwatchdog.org>,
"public-tracking@w3.org(public-tracking@w3.org)" <public-tracking@w3.org>
Subject:  Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
Resent-From:  <public-tracking@w3.org>
Resent-Date:  Thu, 29 Mar 2012 14:53:17 +0000

Informed consent, inc for exceptions, core issue. I look forward to the F2F
discussion in 2 weeks on this topic.

thanks

Jeff



On 29 Mar 2012, at 07:31 AM, Shane Wiley <wileys@yahoo-inc.com> wrote:

> Jeff,
> 
> Where we disagree is that this is a key issue that¹s central to DNT.  I
> believe you¹re suggesting that DNT will not be viable due to 1st party
> interactions with users through widgets based on specific elements of how
> consent is obtained during a registration process.  This feels fairly fair
> away from the core goals of DNT and not ³central to the viability² of our work
> as a group.
>  
> I believe we¹ve agreed that for a 1st party to ignore the DNT signal when
> they¹re in a 3rd party context they must either have:
> ·         prior consent (this debate is on the specifics of how this works)
> 
> ·         a web-wide exception
> 
> ·         have ³meaningful interaction² with their Widget
> 
>  
> My position is that we¹ve done a great job to get to this point and that the
> details from this point forward are better left to local legal structures that
> already have strong views on these issues (acceptable consent paradigms).
>  
> - Shane 
>  
> 
> From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
> Sent: Thursday, March 29, 2012 12:57 AM
> To: Shane Wiley
> Cc: Jonathan Mayer; David Singer; John Simpson; public-tracking@w3.org
> (public-tracking@w3.org)
> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>  
> 
> This is a key issue central to the viability of DNT and whether it will have
> any support from key constituencies. This is not a one sided conversation  and
> if Shane is suggesting industry unwilling to discuss reasonably key DNT
> elements that is very disturbing.  We should address this issue at the F2F.
> 
> Jeff Chester
> 
> Center for Digital Democracy
> 
> Washington DC
> 
> www.democraticmedia.org <http://www.democraticmedia.org>
> 
> Jeff@democraticmedia.org
> 
> 
> On Mar 29, 2012, at 12:11 AM, Shane Wiley <wileys@yahoo-inc.com> wrote:
>> 
>> Jonathan,
>>  
>> We can agree to disagree on the details.  I believe for us to meaningfully
>> take a deep dive into ³consent standards² would be another working group
>> effort that would deservedly take several months if not more to tease through
>> all the details this significant of a topic would require.  I would recommend
>> academics and advocates perhaps come together to publish a paper of what you
>> believe ³appropriate consent² models should be.  I continue to believe this
>> is not within the scope of the working group (out of band is out of scope for
>> this group to address).  If you¹re comfortable having a one-sided
>> conversation on the topic (without much industry involvement), then please
>> continue. 
>>  
>> Co-Chairs,
>>  
>> I¹d like to understand the appropriate process where a large number of the
>> working group feels a topic is out of scope (and a small group feels it is in
>> scope).  Is there a way to take a straw poll to close on this topic so we can
>> get back to core issues at hand?
>>  
>> Thank you,
>> Shane
>>  
>> 
>> From: Jonathan Mayer [mailto:jmayer@stanford.edu]
>> Sent: Thursday, March 29, 2012 12:03 AM
>> To: Shane Wiley
>> Cc: David Singer; John Simpson; public-tracking@w3.org
>> (public-tracking@w3.org)
>> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>  
>> 
>> Consent standards are plainly within the group's charter.  Shane is wrong on
>> this point.
>> 
>>  
>> 
>> As for whether we should specify consent standards: yes, we should.  Some of
>> the issues that could arise if we don't:
>> 
>>  
>> 
>> -A U.S. website may circumvent U.S. user preferences wholesale by stuffing an
>> exception clause in its privacy policy.
>> 
>> -A U.S. website may circumvent U.S. user preferences near-wholesale by
>> stuffing a default exception in signup or login flow.
>> 
>> -Regional DNT implementations could fragment.  U.S. websites and users might
>> live in a world of privacy policy gotchas; EU/Canada websites and users would
>> have to use browser APIs and other more explicit choice mechanisms.
>> 
>>  
>> 
>> I don't follow how conversations on consent standards are "wasteful."
>> There's been good discussion on the list and even better discussion off-list.
>> 
>>  
>> 
>> In sum, specifying consent standards is in scope, essential, and proceeding
>> apace.
>> 
>>  
>> 
>> Jonathan
>>  
>> 
>> On Mar 28, 2012, at 8:12 PM, Shane Wiley wrote:
>> 
>> 
>> 
>> I respectfully but strongly disagree with you both.  It is FAR outside the
>> scope of this working group to attempt to define what is and is not
>> permissible in a registration process or an out-of-band consent event.  In my
>> opinion, this is wasteful for the working group to continue to explore.
>> Please leave these details to regional laws and let¹s get back to the core
>> business of DNT.
>> 
>>  
>> 
>> Thank you,
>> 
>> - Shane
>> 
>>  
>> 
>> From: David Singer [mailto:singer@apple.com]
>> Sent: Wednesday, March 28, 2012 7:54 PM
>> To: John Simpson
>> Cc: public-tracking@w3.org (public-tracking@w3.org)
>> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>> 
>>  
>> 
>>  
>> 
>> On Mar 28, 2012, at 16:43 , John Simpson wrote:
>> 
>> 
>> 
>> 
>> 
>> I would think that the default would be that if I have enabled DNT:1, I could
>> not be tracked by a widget even if logged into the site, unless I interacted
>> with the widget when it was a third party, right?
>> 
>>  
>> 
>> Yes, I think the default would be to respect the sent DNT signal - don't
>> track me unless I interact.  Being logged in PLUS expressing a permission
>> would be needed to do more than that.
>> 
>> 
>> 
>> 
>> 
>>  
>> 
>>  
>> 
>> On Mar 28, 2012, at 4:35 PM, David Singer wrote:
>> 
>> 
>> 
>> 
>> 
>>  
>> 
>> On Mar 28, 2012, at 16:22 , John Simpson wrote:
>> 
>> 
>> 
>> 
>> 
>> David,
>> 
>>  
>> 
>> I'm trying to understand what your suggesting.  Is this essentially  the
>> scenario you have in mind:  When I register for a service and login I would
>> be presented with a series of choices of how the site's widgets would
>> interact with me when I'm off the site.  If one explicit preference was track
>> me, then that would be OK if I had checked it.  Another option might be JC's
>> goal of show me my friends' likes, but don't show them mine.  I suppose
>> another could be Do Not Track me unless I explicitly interact with the
>> widget...  Is the sort of scenario you have in mind?
>> 
>>  
>> 
>> Yes, that's it. I think we need to consider whether this choice needs to be
>> separately offered to the user, not set for everyone by the service and
>> bundled into the overall policy.
>> 
>> 
>> 
>> 
>> 
>>  
>> 
>> Thanks,
>> 
>> John
>> 
>>  
>> 
>>  
>> 
>> On Mar 28, 2012, at 3:51 PM, David Singer wrote:
>> 
>> 
>> 
>> 
>> 
>> There are several levels to disconnecting yourself from a service:
>> 
>> 1 logout;
>> 2 uncheck the 'remember me' so that your identity is no longer remembered;
>> 3 delete cookies etc. just in case there is a lingering cookie that still
>> remembers you;
>> [4 start using TOR :-(]
>> [5 go off-the-net :-(]
>> 
>> I actually have experimented with myself, trying to do up to (1), (2) or (3),
>> and I found it a pain in the neck. So, as Shane says, let's focus on
>> 'consent'.
>> 
>> The model I am exploring is saying that the consent to being tracked when
>> logged-in or remembered needs to be a distinct, separate, choice for the user
>> - which, as you say, gives the user more flexibility.  In this model, that
>> consent cannot be simply "well, you agreed to our policy and here it is on
>> page 8", because that's (a) hard to find for most users and (b) IMHO,
>> insufficiently granular; it basically says you have to stop using the service
>> if you don't want 'social buttons' to track you, which is harsh (and for many
>> users, not a meaningful choice).
>> 
>> As I say, I am not terribly keen on the rather subtle option "yes, you can
>> know who I am and tell me about my friends, but no, you cannot track what I
>> am doing (and hence, not tell my friends about it)" -- I fear it's rather
>> subtle, but it seems to be what JC prefers. I don't see a problem with
>> offering it as an option such as "Identify me and tell me relevant info, but
>> don't record anything about me".
>> 
>> so, here is a strawman:
>> 
>> ³User registration and login often are bundled with a set of preferences for
>> the user.  If a preference directly address interactions with users off of
>> the 1st parties direct web site, such as through Widgets or other
>> interactions with a user in a logged-in or 'remembered' state, in an open and
>> transparent manner, then this is considered an out-of-band user consent and
>> DNT requests may be met with a response that consent has been given, and
>> tracking to the extent expressed by the preference performed.²
>> 
>> On Mar 28, 2012, at 8:30 , JC Cannon wrote:
>> 
>> 
>> 
>> 
>> I¹m more inclined to agree with Shane here. I always want to vote on the side
>> of greater flexibility for the consumer.
>>> 
>>>  
>>> 
>>> David, by following your model I would have to click on the Like button to
>>> determine if my friends Liked an article, at the same time permitting FB to
>>> track me, which is what I don¹t want. Show me how in your model I can have
>>> the level of flexibility and privacy I describe.
>>> 
>>>  
>>> 
>>> JC
>>> 
>>>  
>>> 
>>> From: Shane Wiley [mailto:wileys@yahoo-inc.com]
>>> 
>>> Sent: Tuesday, March 27, 2012 7:52 PM
>>> 
>>> To: David Singer; public-tracking@w3.org (public-tracking@w3.org)
>>> 
>>> Subject: RE: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>> 
>>>  
>>> 
>>> David,
>>> 
>>>  
>>> 
>>> I disagree that asking users to manage their logged-in state is a
>>> non-starter.  What leads you to that conclusion?  Facebook charges $700K/day
>>> to post an ad on their logout page.  J  (I hope I¹ve quoted that from recent
>>> press articles correctly.)
>>> 
>>>  
>>> 
>>> But I believe that¹s a red herring for this discussion and would instead
>>> focus on the ³consent² element.
>>> 
>>>  
>>> 
>>> First, I didn¹t intend to state that UAs won¹t continue to send DNT:1 for a
>>> logged-in user, I¹m stating that if its sent and the party has out-of-band
>>> consent from the user for tracking in that circumstance that the DNT signal
>>> will be ignored.  Also, why are we discussing cookies here?
>>> 
>>>  
>>> 
>>> Second, on the concepts of bundling and product features, while I agree that
>>> ³open and transparent² notices are best practice, I don¹t believe it¹s
>>> appropriate for this group to attempt to set standards of acceptable consent
>>> paradigms that will vary significantly based on situation.  As we¹ve
>>> discussed on similar topics, it¹s more appropriate to allow local legal
>>> structures to continue to manage the required level of disclosure.  For
>>> example, in the US we have the Sears Consent Order to draw upon.
>>> 
>>>  
>>> 
>>> I¹d ask that we focus on the core issues with DNT and resist the temptation
>>> to solve the broader set of online privacy debates in one pass.
>>> 
>>>  
>>> 
>>> Thank you,
>>> 
>>> - Shane
>>> 
>>>  
>>> 
>>> From: David Singer [mailto:singer@apple.com]
>>> 
>>> Sent: Tuesday, March 27, 2012 7:50 PM
>>> 
>>> To: public-tracking@w3.org (public-tracking@w3.org)
>>> 
>>> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>> 
>>>  
>>> 
>>>  
>>> 
>>> On Mar 27, 2012, at 5:54 , Shane Wiley wrote:
>>> 
>>>  
>>> 
>>>  
>>> 
>>> Per my action item from last week, here is a position statement with respect
>>> to setting new business rules for ³logged-in users² with respect to
>>> personalization off of the 1st party site and DNT.
>>> 
>>>  
>>> 
>>> ³User registration and login often are bundled with a set of sign-up flow
>>> notices, Terms of Service, and Privacy Policy by which a 1st party will
>>> operate.  If these notices directly address interactions with users off of
>>> the 1st parties direct web site, such as through Widgets or other
>>> interactions with a user in a logged-in state, in an open and transparent
>>> manner, then this is considered an out-of-band user consent and DNT signals
>>> will be ignored.²
>>> 
>>>  
>>> 
>>> Shane
>>> 
>>>  
>>> 
>>> I don't think we can tell users "if you want privacy, remember to log out
>>> all the time".  That's a non-starter. So I agree, a general "logged-in
>>> exception" doesn't fly, for me.
>>> 
>>>  
>>> 
>>> Nor do I think we can tell UAs "don't send cookies with DNT:1" because then
>>> trivial things will stop working (e.g. a cookie that selected the language
>>> or size of the 'like' button itself).  Sites will have to expect to get DNT
>>> and cookies, and we need to say what that means if the cookies are actually
>>> identifying the user.
>>> 
>>>  
>>> 
>>>  
>>> 
>>> I think the text needs to be more explicit, and say that permitting the site
>>> to track the user has to be a distinct choice, not 'bundled' with any other
>>> (e.g. a check-box in the preferences).  Otherwise I fear that sites will say
>>> that merely by signing up you made that choice.  I would prefer it not even
>>> be a choice, I think, but I am open to debate.
>>> 
>>>  
>>> 
>>> Otherwise, what Jonathan has said holds - that if you set DNT, and not the
>>> preference (if any), then you'll need to interact directly with the third
>>> party before they will recognize you and track you. I don't think it's too
>>> bad; click on the button, and now it can track you, for example.
>>> 
>>>  
>>> 
>>> Treating me as someone you know, but about whom you *remember* nothing, is
>>> intriguing but (IMHO) excessively subtle.
>>> 
>>>  
>>> 
>>>  
>>> 
>>> David Singer
>>> 
>>> Multimedia and Software Standards, Apple Inc.
>> 
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>> 
>> 
>> 
>>  
>> 
>> ----------
>> 
>> John M. Simpson
>> 
>> Consumer Advocate
>> 
>> Consumer Watchdog
>> 
>> 1750 Ocean Park Blvd. ,Suite 200
>> 
>> Santa Monica, CA,90405
>> 
>> Tel: 310-392-7041
>> 
>> Cell: 310-292-1902
>> 
>> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org/>
>> 
>> john@consumerwatchdog.org
>> 
>>  
>> 
>>  
>> 
>> David Singer
>> 
>> Multimedia and Software Standards, Apple Inc.
>> 
>>  
>> 
>>  
>> 
>> ----------
>> 
>> John M. Simpson
>> 
>> Consumer Advocate
>> 
>> Consumer Watchdog
>> 
>> 1750 Ocean Park Blvd. ,Suite 200
>> 
>> Santa Monica, CA,90405
>> 
>> Tel: 310-392-7041
>> 
>> Cell: 310-292-1902
>> 
>> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org/>
>> 
>> john@consumerwatchdog.org
>> 
>>  
>> 
>>  
>> 
>> David Singer
>> 
>> Multimedia and Software Standards, Apple Inc.
>>