- From: David Wainberg <david@networkadvertising.org>
- Date: Thu, 11 Oct 2012 10:27:19 -0400
- To: Jeffrey Chester <jeff@democraticmedia.org>
- CC: Mike Zaneis <mike@iab.net>, Thomas Roessler <tlr@w3.org>, Aleecia McDonald <aleecia@aleecia.com>, Matthias Schunter <mts-std@schunter.org>, Rachel Thomas <RThomas@the-dma.org>, Craig Spiezle <craigs@otalliance.org>, "public-tracking@w3.org" <public-tracking@w3.org>, Kimon Zorbas <vp@iabeurope.eu>
- Message-ID: <5076D747.20406@networkadvertising.org>
Jeff, I've raised this several times before. You've not addressed it, and you continue to repeat the same thing. Tell me how focusing primarily on third parties is a compromise. With whom did you make this compromise? The third parties -- the primary targets of this standard -- do not see it as such and have serious concerns about the competitive effects of the direction this standard has been going. -David On 10/11/12 8:22 AM, Jeffrey Chester wrote: > Dear Mike: > > As you and colleagues know, the privacy advocates have been willing to > engage in compromise in pursuit of a standard that would effectively > protect privacy. We were willing to focus primarily on Third parties, > consider supporting the no-default approach, etc. Indeed, just > several weeks ago in DC I spoke to the DAA's lobbyist. At that time > he praised the willingness to compromise by the privacy groups working > within the WC3. He made it clear that the industry objected to > Microsoft's IE default. I told him that I was willing to discuss this > issue (speaking only for my CDD) in the context of a deal offering a > stronger outcome (no unique cookies, etc). > > However, the recent actions by the DAA/IAB show the US online ad trade > groups are working to derail the W3C standards process. The recent > strong-arm tactics against Microsoft taken by the ANA and DAA (with > IAB US support) are designed to intimidate companies trying to be > responsible on the privacy issue. The move last week by the DAA to > have all marketing and advertising declared acceptable practices > ("/Marketing…is as American as apple pie") /illustrates the failure of > US online ad industry leaders to accept responsibility for its > pervasive data collection practices. > > If the W3C cannot develop a meaningful standard for DNT, the failure > to do so is due to the intransigent position of the DAA. It is a lost > opportunity. > > Regards, > > Jeff > > > > Jeffrey Chester > Center for Digital Democracy > 1621 Connecticut Ave, NW, Suite 550 > Washington, DC 20009 > www.democraticmedia.org <http://www.democraticmedia.org> > www.digitalads.org <http://www.digitalads.org> > 202-986-2220 > > On Oct 10, 2012, at 6:39 PM, Mike Zaneis wrote: > >> Jeff, >> >> I really do enjoy revisiting the IE10/browser default/non-compliant >> DNT signal issue every couple of months because it gives me the >> opportunity to just recycle my old emails on the subject. Please see >> my previous email below on the matter, which references your previous >> agreement that we should not honor default "on" browser settings: >> >> >> Jeff, >> I hate to revisit an issue that has been closed at least twice >> before, the first time being way back in September, but you again >> raised the browser default setting issue and its place in the W3C >> standards process - >> http://www.chicagotribune.com/news/tribnation/chi-reporting-privacy-vs-profits-on-internet-browsers-20120726,0,5932169.story. >> The story is about the W3C TPE Working Group and how Microsoft has >> decided to ship IE10 with the DNT flag turned on. I was extremely >> disappointed to see your quote that industry would face a “bloody >> virtual and real-world fight” if we did not honor such a default. >> That flies in the face of your statement from last month (see below >> to refresh your memory). >> I have to question whether you are negotiating at the W3C in good >> faith. If the industry is to be attacked and engaged in a bloody >> fight even if we develop and adopt a W3C standard, then what is the >> incentive for us to remain at the table? Can you please clarify your >> position on this vitally important issue. >> Mike Zaneis >> SVP & General Counsel >> Interactive Advertising Bureau >> (202) 253-1466 <tel:%28202%29%20253-1466> >> Follow me on Twitter @mikezaneis >> *From:* Jeffrey Chester [mailto:jeff@democraticmedia.org] >> *Sent:* Sunday, June 03, 2012 5:41 PM >> *To:* Shane Wiley >> *Cc:* Roy T. Fielding; Justin Brookman; public-tracking@w3.org >> <mailto:public-tracking@w3.org> >> *Subject:* Re: ISSUE-4 and clarity regarding browser defaults >> I support what the working group agreed to, with DNT not being >> shipped as on. That is part of the set of compromises we have agreed >> to within the working group. I was surprised as everyone else with >> Microsoft's announcement. I was just responding the tone of some of >> the comments in the press where various industry players suggest that >> Microsoft is a digital Benedict Arnold. That said, we need to >> conclude this work with agreement on definition for policy. I still >> believe there is a win-win here that can be achieved. If we can all >> agree on meaningful final policy, it will be the norm which everyone >> should abide. >> So to be clear. I am not trying to undo the agreement and urge us to >> stay in discussions. >> But it sounds like there will be a lot of sleeplessness in Seattle! >> Those Microsoft people better lock their doors! >> Regards, >> Jeff >> Jeffrey Chester >> Center for Digital Democracy >> 1621 Connecticut Ave <x-apple-data-detectors://4>, NW, Suite 550 >> Washington, DC 20009 <x-apple-data-detectors://5> >> www.democraticmedia.org <http://www.democraticmedia.org/> >> www.digitalads.org <http://www.digitalads.org/> >> 202-986-2220 <tel:202-986-2220> >> On Jun 3, 2012, at 4:44 PM, Shane Wiley wrote: >> >> >> Jeff, >> I thought we had solved this issue sometime ago at the beginning of >> the working group: opt-in vs. opt-out. By moving the UA to default >> to DNT:1 without an explicit user action, you’re creating an opt-in >> world. I understand you like that end-point, but if you’re unwilling >> to move back to the originally agreed upon opt-out structure, I >> suspect industry participants may leave the working group. A pure >> opt-in outcome will have devastating impact to the online ecosystem, >> will prompt many to develop overly inclusive opt-in approaches, and >> ultimately consumers lose after being barraged with a sea of opt-in >> requests. I’m saddened by this sudden 180 on this very key >> perspective but hopefully saner minds will prevail. >> >> In my opinion, we need to resolve this fundamentally core issue prior >> to moving forward on any other issues at the TPWG. Please let me >> know if you agree. >> Thank you, >> Shane >> * >> * >> >> Mike Zaneis >> SVP & General Counsel, IAB >> (202) 253-1466 >> >> >> >> On Oct 10, 2012, at 11:52 AM, "Jeffrey Chester" >> <jeff@democraticmedia.org <mailto:jeff@democraticmedia.org>> wrote: >> >>> I have to say I am dismayed that colleagues from the US online >>> marketing community are trying to replace the W3C multistakeholder >>> process with a system devised exclusively by the online ad industry. >>> As I mentioned during last week's f2f, NGOs and other civil society >>> groups across the Atlantic have criticized the DAA system as >>> inadequate. Leading computer science and other researchers have >>> also repeatedly shown how lacking and ineffective it is. Indeed, >>> just two weeks ago in DC I asked Ms. Thomas if there had been any >>> testing done for design and usability of the system--including by >>> independent bodies. The answer was basically there was no such >>> usability and independent review. As we all know, the user >>> experience online is tested and "optimized" to move them through a >>> digital data collection funnel-- in order to achieve the required >>> "conversion." Until such independent testing of the DAA system to >>> show that it can effectively inform and empower online users about >>> their privacy choices-- in the face of a purposefully powerful and >>> designed interactive experience--the W3C would be remiss adopting it >>> in all or in part. >>> >>> In addition, yesterday's announcement by the DAA that it would, in >>> essence, condone a boycott of DNT requests from users relying on the >>> IE browser (or other browsers adopting privacy by design >>> frameworks), suggests there is a political motivation that should be >>> addressed by the group and W3C (inc. Mr. Berners-Lee). Instead of >>> developing the best technical standard through expert and objective >>> international standards work, we appear to now confront a political >>> agenda designed to maintain the data collection and user targeting >>> status quo. The W3C needs to do better than be silent about these >>> recent developments. >>> >>> >>> >>> >>> Jeffrey Chester >>> Center for Digital Democracy >>> 1621 Connecticut Ave, NW, Suite 550 >>> Washington, DC 20009 >>> www.democraticmedia.org <http://www.democraticmedia.org/> >>> www.digitalads.org <http://www.digitalads.org/> >>> 202-986-2220 >>> >>> On Oct 10, 2012, at 10:57 AM, Kimon Zorbas wrote: >>> >>>> Dear all, >>>> >>>> to add some European flavour, here what we use in our OBA >>>> Framework, matching European law. We call First Parties "Web Site >>>> Operators". W3C can of course use this wording, we have the full >>>> rights to it. >>>> >>>> Third Party >>>> An entity is a Third Party to the extent that it engages in Online >>>> Behavioural Advertising on a web site or web sites other than a web >>>> site or web sites it or a an entity under Common Control owns or >>>> operates. >>>> >>>> Web Site Operator >>>> A Web Site Operator is the owner, controller or operator of the web >>>> site with which the web user interacts. >>>> >>>> Control >>>> Control of an entity means that another entity (1) holds a majority >>>> of the voting rights in it, or (2) is a member of it and has the >>>> right to appoint or remove a majority of its board of directors, or >>>> (3) is a member of it and controls alone, pursuant to an agreement >>>> with other members, a majority of the voting rights in it, or (4) >>>> has placed obligations upon or otherwise controls the policies or >>>> activities of it by way of a legally binding contract, or (5) >>>> otherwise has the power to exercise a controlling influence over >>>> the management, policies or activities of it, and “Controlled” >>>> shall be construed accordingly. >>>> >>>> Common Control >>>> Entities or web sites under Common Control include ones which >>>> Control, for example parent companies, are Controlled by, such as >>>> subsidiaries, or are under common Control, such as group companies. >>>> They also include entities that are under a written agreement to >>>> process data for the controlling entity or entities, and do such >>>> processing only for and on behalf of that entity or entities and >>>> not for their own purposes or on their own behalf. >>>> >>>> >>>> For other UA, we capture them through the following wording: >>>> To the extent that Companies collect and use data via specific >>>> technologies or practices that are intended to harvest data from >>>> all or substantially all URLs traversed by a particular computer or >>>> device across multiple web domains and use such data for OBA, they >>>> should first obtain Explicit Consent. >>>> >>>> Kind regards, >>>> Kimon >>>> >>>> From: Rachel Thomas <RThomas@the-dma.org <mailto:RThomas@the-dma.org>> >>>> Date: Wednesday 10 October 2012 16:48 >>>> To: Craig Spiezle <craigs@otalliance.org >>>> <mailto:craigs@otalliance.org>>, "public-tracking@w3.org >>>> <mailto:public-tracking@w3.org>" <public-tracking@w3.org >>>> <mailto:public-tracking@w3.org>> >>>> Subject: RE: ACTION-267 - Propose first/third party definitions >>>> from existing DAA documents >>>> Resent-From: <public-tracking@w3.org <mailto:public-tracking@w3.org>> >>>> Resent-Date: Wednesday 10 October 2012 16:43 >>>> >>>> Hi Craig, great question – let me try to clarify with some >>>> additional info from the DAA principles. Below is the definition >>>> of “affiliate” as well as some commentary on the definition from >>>> the DAA’s Self-Regulatory Principles for Online Behavioral >>>> Advertising. (Also, please note that while there is not an explicit >>>> definition of “affiliate” included in the DAA’s Self-Regulatory >>>> Principles for Multi-Site Data, the same definition applies in that >>>> context as well). >>>> *_AFFILIATE_* >>>> *Definition:*An Affiliate is an entity that Controls, is Controlled >>>> by, or is under common Control with, another entity. >>>> *Commentary (relating to definitions of both “affiliate” and >>>> “control”):*These terms set an objective test to separate related >>>> First Party entities from Third Parties and others. An Affiliate is >>>> defined as an entity that Controls, is Controlled by, or is under >>>> common Control with, another entity. The definition of Control sets >>>> out two alternative tests, which reflect a commonly understood >>>> definition of a single entity. The first alternative looks to >>>> whether one entity is under significant common ownership with the >>>> other entity. The second alternative looks to whether one entity >>>> has the power to exercise a controlling influence over the >>>> management or policies of the other. In addition, each entity must >>>> be subject to Online Behavioral Advertising policies that are not >>>> materially inconsistent with the other entity’s Online Behavioral >>>> Advertising policies. The combination of Control and governance by >>>> similar Online Behavioral Advertising policies renders the two >>>> entities Affiliates of each other. >>>> The tests for Control are unrelated to brand names. As a result, >>>> different brands, if they otherwise meet one of the tests for >>>> Control, would be treated as Affiliates rather than Third Parties. >>>> The starting point for whether two or more affiliated >>>> consumer-facing Web sites constitute a First Party under the >>>> Principles is whether the Web sites are the same company. The use >>>> of the term Affiliate is intended to allow affiliated companies >>>> that are in the same corporate family to share information within >>>> that family as if they are the same company, thereby benefitting >>>> from their collective assets. The treatment of Affiliates is not >>>> intended to create a means for companies that are in reality >>>> unrelated in corporate structure (and, therefore, that consumers >>>> would never expect would be sharing information,) to avoid >>>> providing the choice required under these Principles. In many cases >>>> companies can readily be transparent either in branding on the Web >>>> sites or through clarity in the privacy notices of their particular >>>> Affiliates. Assuming an entity otherwise meets the standard set >>>> forth in the definition of Control, such practices would clearly >>>> satisfy and permit inclusion in the definition of Affiliate. >>>> However, such branding on a Web site or inclusion in a privacy >>>> notice is not required under the Principles as in some instances >>>> the complexity of corporate affiliates driven by corporate legal >>>> principles pose practical operational challenges. >>>> And very best, >>>> Rachel >>>> *From:*Craig Spiezle [mailto:craigs@otalliance.org] >>>> *Sent:* Tuesday, October 09, 2012 11:58 PM >>>> *To:* Rachel Thomas; public-tracking@w3.org >>>> <mailto:public-tracking@w3.org> >>>> *Subject:* RE: ACTION-267 - Propose first/third party definitions >>>> from existing DAA documents >>>> This is helpful. >>>> Just so we are all on the same page can you clarify affiliate vs. >>>> non-affiliate. Is it correct to assume affiliate means a wholly >>>> owned entity? >>>> So a Third Party who collects data from an affiliate is not a third >>>> party. So this would or could mean a totally separate brand which >>>> the user has no knowledge of? >>>> Thanks >>>> *From:*Rachel Thomas [mailto:RThomas@the-dma.org] >>>> <mailto:[mailto:RThomas@the-dma.org]> >>>> *Sent:* Tuesday, October 09, 2012 1:16 PM >>>> *To:* public-tracking@w3.org <mailto:public-tracking@w3.org> >>>> *Subject:* ACTION-267 - Propose first/third party definitions from >>>> existing DAA documents >>>> Folks – As promised, I am submitting the Digital Advertising >>>> Alliance (DAA) definitions of “first party” and “third party” for >>>> consideration / inclusion in section 3.5 >>>> <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#first-third-parties> >>>> (“First and Third Parties”) of the W3C TPWG "Tracking Compliance >>>> and Scope” document. Below are both formal definitions and related >>>> commentary from the DAA Self-Regulatory Principles for Multi-Site >>>> Data >>>> <https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf>. >>>> *_FIRST PARTY_* >>>> ** >>>> >>>> *Definition*: A First Party is the entity that is the owner of the >>>> Web site or has Control over the Web site with which the consumer >>>> interacts and its Affiliates. >>>> >>>> *Commentary:*The actions of agents and other entities that >>>> similarly perform business operations of First Parties are treated >>>> as if they stand in the shoes of First Parties under these >>>> Principles and thus such actions are not included in Multi-Site Data. >>>> >>>> ** >>>> *_THIRD PARTY_* >>>> >>>> *Definition*: An entity is a Third Party to the extent that it >>>> collects Multi-Site Data on a non-Affiliate’s Web site. >>>> >>>> *Commentary*: As described in the OBA Principles, in certain >>>> situations where it is clear that the consumer is interacting with >>>> a portion of a Web site that is being operated by a different >>>> entity than the owner of the Web site, the different entity would >>>> not be a Third Party for purposes of the Principles, because the >>>> consumer would reasonably understand the nature of the direct >>>> interaction with that entity. The situation where this occurs most >>>> frequently today is where an entity through a “widget” or “video >>>> player” enables content on a Web site and it is clear that such >>>> content and that portion of the Web sites is provided by the other >>>> entity and not the First Party Web site. The other entity (e.g. the >>>> “widget” or “video player”) is directly interacting with the >>>> consumer and, from the consumer’s perspective, acting as a First >>>> Party. Thus, it is unnecessary to apply to these activities the >>>> Principles governing data collection and use by Third Parties with >>>> which the consumer is not directly interacting. >>>> >>>> Very best, >>>> Rachel** >>>> ** >>>> *Rachel Nyswander Thomas* >>>> Vice President, Government Affairs >>>> Direct Marketing Association >>>> (202) 861-2443 office >>>> (202) 560-2335 cell >>>> rthomas@the-dma.org <mailto:rthomas@the-dma.org> >>>> *Join us at DMA2012 Conference and Exhibition* >>>> The Global Event for Real-Time Marketers >>>> October 13-18, 2012 | Las Vegas, NV >>>> *Register NOW & SAVE up to $200*|www.dma12.org <http://www.dma12.org/> >>> >
Received on Thursday, 11 October 2012 14:27:56 UTC