RE: ACTION-267 - Propose first/third party definitions from existing DAA documents

Hi Rachel,

It would be interesting to run the same test, on a slightly changed 
widget that starts with a different default, i.e. users need to opt-in 
instead of opt-out. Do you have any nombers/results on such an approach 
as well?

Regards,
Rob

Rachel Thomas schreef op 2012-10-11 16:28:
> As promised, here are the links to the TRUSTe pilot I mentioned in my
> note below:
>
> · Press Release: Consumers Find Behavioral Advertising Choices
> Compelling with TRUSTe TRUSTed Ads Privacy Platform
> 
> http://www.truste.com/about-TRUSTe/press-room/news_truste_PCH_TrustedAds_results
> [20]
>
> · Full Results: Trusted Ads – OBA Notice and Choice
> 
> http://www.truste.com/pdf/TRUSTe-OBA-Behavioral-Advertising-Opt-Out.pdf
> [21]
>
> Very best,
>
> Rachel
>
> FROM: Jonathan Mayer [mailto:jmayer@stanford.edu]
> SENT: Wednesday, October 10, 2012 4:43 PM
> TO: Rachel Thomas
> CC: Jeffrey Chester; public-tracking@w3.org
> SUBJECT: Re: ACTION-267 - Propose first/third party definitions from
> existing DAA documents
>
> Rachel,
>
> This information is helpful, thanks. Two quick followup questions.
>
> First, is the TRUSTe pilot report available somewhere? It would be
> helpful to better understand the methodology and results. For 
> example,
> it's difficult to estimate the proportion of users who clicked 
> through
> the ad notice from the passage you provided.
>
> Second, about what proportion of web users are presently taking
> advantage of the DAA program's choice mechanism? Again, it's hard to
> get a sense from the numbers below.
>
> Thanks,
>
> Jonathan
>
> On Wednesday, October 10, 2012 at 12:55 PM, Rachel Thomas wrote:
>
>> Hi Jeff – It actually wasn’t me to whom you directed this
>> question during the briefing that DMA recently hosted for you and
>> other consumer groups (in conjunction with the NTIA multistakeholder
>> process). You were in conversation with my colleague, Sarah Hudgins
>> from IAB, who was presenting an update regarding the DAA program.
>> We’re both brunettes, and you’re not the first to confuse us. J
>> Regardless, I would like to correct the record regarding testing of
>> the DAA program…
>>
>> THE DAA ICON PROGRAM IMPLEMENTATION WAS CONSUMER-TESTED PRIOR TO ITS
>> LAUNCH – AND WITH VERY POSITIVE RESULTS. TRUSTe ran a pilot of the
>> icon implementation (serving via a “widget” that launches from a
>> clickable icon placed on adjacent to advertisements or in the
>> header/footer of pages). The pilot ran for approximately six months
>> in market, and was executed with Comcast.net [1] and PCHLotto.com
>> [2]. TRUSTe reported positive findings in November 2011, including:
>>
>> 1. Consumers engaged more with Ad Notice [the icon implementation]
>> outside the Privacy Policy. Over the 6 months 2.5 more people
>> engaged with the ad notice than the privacy policy.
>>
>> 2. Consumer education, notice and choice were effective to build
>> consumer trust with online behavioral advertising. During the pilot,
>> over 80% of visitors did not make any changes to their preferences;
>> only 1% chose to opt-out of OBA. Over 55% of feedback respondents
>> found the Notice helpful.
>>
>> MUCH MORE COMPELLING, I WOULD ARGUE, IS THE FACT THAT – SINCE THE
>> DAA PROGRAM’S LAUNCH IN 2010 – MORE THAN 16 MILLION CONSUMERS
>> HAVE VISITED THE DAA SITES TO LEARN ABOUT THEIR ADVERTISING DATA
>> CHOICES, AND, TO DATE, MORE THAN 1 MILLION CONSUMERS HAVE TAKEN
>> ACTION TO EXERCISE THEIR CHOICE ABOUT HOW ADVERTISERS WILL USE THEIR
>> DATA.
>>
>> Hard to argue that the design and usability of the DAA program is
>> “inadequate” with 16 million consumers served to date.
>>
>> Very best, as always,
>>
>> Rachel
>>
>> FROM: Jeffrey Chester [mailto:jeff@democraticmedia.org [3]]
>> SENT: Wednesday, October 10, 2012 11:52 AM
>> TO: Thomas Roessler; Aleecia McDonald; Matthias Schunter
>> CC: Rachel Thomas; Craig Spiezle; public-tracking@w3.org [4]; Kimon
>> Zorbas
>> SUBJECT: Re: ACTION-267 - Propose first/third party definitions from
>> existing DAA documents
>>
>> I have to say I am dismayed that colleagues from the US online
>> marketing community are trying to replace the W3C multistakeholder
>> process with a system devised exclusively by the online ad industry.
>> As I mentioned during last week's f2f, NGOs and other civil society
>> groups across the Atlantic have criticized the DAA system as
>> inadequate. Leading computer science and other researchers have also
>> repeatedly shown how lacking and ineffective it is. Indeed, just two
>> weeks ago in DC I asked Ms. Thomas if there had been any testing
>> done for design and usability of the system--including by
>> independent bodies. The answer was basically there was no such
>> usability and independent review. As we all know, the user
>> experience online is tested and "optimized" to move them through a
>> digital data collection funnel-- in order to achieve the required
>> "conversion." Until such independent testing of the DAA system to
>> show that it can effectively inform and empower online users about
>> their privacy choices-- in the face of a purposefully powerful and
>> designed interactive experience--the W3C would be remiss adopting it
>> in all or in part.
>>
>> In addition, yesterday's announcement by the DAA that it would, in
>> essence, condone a boycott of DNT requests from users relying on the
>> IE browser (or other browsers adopting privacy by design
>> frameworks), suggests there is a political motivation that should be
>> addressed by the group and W3C (inc. Mr. Berners-Lee). Instead of
>> developing the best technical standard through expert and objective
>> international standards work, we appear to now confront a political
>> agenda designed to maintain the data collection and user targeting
>> status quo. The W3C needs to do better than be silent about these
>> recent developments.
>>
>> Jeffrey Chester
>>
>> Center for Digital Democracy
>>
>> 1621 Connecticut Ave, NW, Suite 550
>>
>> Washington, DC 20009
>>
>> www.democraticmedia.org [5]
>>
>> www.digitalads.org [6]
>>
>> 202-986-2220
>>
>> On Oct 10, 2012, at 10:57 AM, Kimon Zorbas wrote:
>>
>> Dear all,
>>
>> to add some European flavour, here what we use in our OBA Framework,
>> matching European law. We call First Parties "Web Site Operators".
>> W3C can of course use this wording, we have the full rights to it.
>>
>> Third Party
>>
>> An entity is a Third Party to the extent that it engages in Online
>> Behavioural Advertising on a web site or web sites other than a web
>> site or web sites it or a an entity under Common Control owns or
>> operates.
>>
>> Web Site Operator
>>
>> A Web Site Operator is the owner, controller or operator of the web
>> site with which the web user interacts.
>>
>> Control
>>
>> Control of an entity means that another entity (1) holds a majority
>> of the voting rights in it, or (2) is a member of it and has the
>> right to appoint or remove a majority of its board of directors, or
>> (3) is a member of it and controls alone, pursuant to an agreement
>> with other members, a majority of the voting rights in it, or (4)
>> has placed obligations upon or otherwise controls the policies or
>> activities of it by way of a legally binding contract, or (5)
>> otherwise has the power to exercise a controlling influence over the
>> management, policies or activities of it, and “Controlled” shall
>> be construed accordingly.
>>
>> Common Control
>>
>> Entities or web sites under Common Control include ones which
>> Control, for example parent companies, are Controlled by, such as
>> subsidiaries, or are under common Control, such as group companies.
>> They also include entities that are under a written agreement to
>> process data for the controlling entity or entities, and do such
>> processing only for and on behalf of that entity or entities and not
>> for their own purposes or on their own behalf.
>>
>> For other UA, we capture them through the following wording:
>>
>> To the extent that Companies collect and use data via specific
>> technologies or practices that are intended to harvest data from all
>> or substantially all URLs traversed by a particular computer or
>> device across multiple web domains and use such data for OBA, they
>> should first obtain Explicit Consent.
>>
>> Kind regards,
>>
>> Kimon
>>
>> FROM: Rachel Thomas <RThomas@the-dma.org [7]>
>> DATE: Wednesday 10 October 2012 16:48
>> TO: Craig Spiezle <craigs@otalliance.org [8]>,
>> "public-tracking@w3.org [9]" <public-tracking@w3.org [10]>
>> SUBJECT: RE: ACTION-267 - Propose first/third party definitions from
>> existing DAA documents
>> RESENT-FROM: <public-tracking@w3.org [11]>
>> RESENT-DATE: Wednesday 10 October 2012 16:43
>>
>> Hi Craig, great question – let me try to clarify with some
>> additional info from the DAA principles. Below is the definition of
>> “affiliate” as well as some commentary on the definition from
>> the DAA’s Self-Regulatory Principles for Online Behavioral
>> Advertising. (Also, please note that while there is not an explicit
>> definition of “affiliate” included in the DAA’s
>> Self-Regulatory Principles for Multi-Site Data, the same definition
>> applies in that context as well).
>>
>> AFFILIATE
>>
>> DEFINITION: An Affiliate is an entity that Controls, is Controlled
>> by, or is under common Control with, another entity.
>>
>> COMMENTARY (RELATING TO DEFINITIONS OF BOTH “AFFILIATE” AND
>> “CONTROL”): These terms set an objective test to separate
>> related First Party entities from Third Parties and others. An
>> Affiliate is defined as an entity that Controls, is Controlled by,
>> or is under common Control with, another entity. The definition of
>> Control sets out two alternative tests, which reflect a commonly
>> understood definition of a single entity. The first alternative
>> looks to whether one entity is under significant common ownership
>> with the other entity. The second alternative looks to whether one
>> entity has the power to exercise a controlling influence over the
>> management or policies of the other. In addition, each entity must
>> be subject to Online Behavioral Advertising policies that are not
>> materially inconsistent with the other entity’s Online Behavioral
>> Advertising policies. The combination of Control and governance by
>> similar Online Behavioral Advertising policies renders the two
>> entities Affiliates of each other.
>>
>> The tests for Control are unrelated to brand names. As a result,
>> different brands, if they otherwise meet one of the tests for
>> Control, would be treated as Affiliates rather than Third Parties.
>>
>> The starting point for whether two or more affiliated
>> consumer-facing Web sites constitute a First Party under the
>> Principles is whether the Web sites are the same company. The use of
>> the term Affiliate is intended to allow affiliated companies that
>> are in the same corporate family to share information within that
>> family as if they are the same company, thereby benefitting from
>> their collective assets. The treatment of Affiliates is not intended
>> to create a means for companies that are in reality unrelated in
>> corporate structure (and, therefore, that consumers would never
>> expect would be sharing information,) to avoid providing the choice
>> required under these Principles. In many cases companies can readily
>> be transparent either in branding on the Web sites or through
>> clarity in the privacy notices of their particular Affiliates.
>> Assuming an entity otherwise meets the standard set forth in the
>> definition of Control, such practices would clearly satisfy and
>> permit inclusion in the definition of Affiliate. However, such
>> branding on a Web site or inclusion in a privacy notice is not
>> required under the Principles as in some instances the complexity of
>> corporate affiliates driven by corporate legal principles pose
>> practical operational challenges.
>>
>> And very best,
>>
>> Rachel
>>
>> FROM: Craig Spiezle [mailto:craigs@otalliance.org [12]]
>> SENT: Tuesday, October 09, 2012 11:58 PM
>> TO: Rachel Thomas; public-tracking@w3.org [13]
>> SUBJECT: RE: ACTION-267 - Propose first/third party definitions from
>> existing DAA documents
>>
>> This is helpful.
>>
>> Just so we are all on the same page can you clarify affiliate vs.
>> non-affiliate. Is it correct to assume affiliate means a wholly
>> owned entity?
>>
>> So a Third Party who collects data from an affiliate is not a third
>> party. So this would or could mean a totally separate brand which
>> the user has no knowledge of?
>>
>> Thanks
>>
>> FROM: Rachel Thomas [mailto:RThomas@the-dma.org] [14]
>> SENT: Tuesday, October 09, 2012 1:16 PM
>> TO: public-tracking@w3.org [15]
>> SUBJECT: ACTION-267 - Propose first/third party definitions from
>> existing DAA documents
>>
>> Folks – As promised, I am submitting the Digital Advertising
>> Alliance (DAA) definitions of “first party” and “third
>> party” for consideration / inclusion in section 3.5 [16] (“First
>> and Third Parties”) of the W3C TPWG "Tracking Compliance and
>> Scope” document. Below are both formal definitions and related
>> commentary from the DAA Self-Regulatory Principles for Multi-Site
>> Data [17].
>>
>> FIRST PARTY
>>
>> DEFINITION: A First Party is the entity that is the owner of the Web
>> site or has Control over the Web site with which the consumer
>> interacts and its Affiliates.
>>
>> COMMENTARY: The actions of agents and other entities that similarly
>> perform business operations of First Parties are treated as if they
>> stand in the shoes of First Parties under these Principles and thus
>> such actions are not included in Multi-Site Data.
>>
>> THIRD PARTY
>>
>> DEFINITION: An entity is a Third Party to the extent that it
>> collects Multi-Site Data on a non-Affiliate’s Web site.
>>
>> COMMENTARY: As described in the OBA Principles, in certain
>> situations where it is clear that the consumer is interacting with a
>> portion of a Web site that is being operated by a different entity
>> than the owner of the Web site, the different entity would not be a
>> Third Party for purposes of the Principles, because the consumer
>> would reasonably understand the nature of the direct interaction
>> with that entity. The situation where this occurs most frequently
>> today is where an entity through a “widget” or “video
>> player” enables content on a Web site and it is clear that such
>> content and that portion of the Web sites is provided by the other
>> entity and not the First Party Web site. The other entity (e.g. the
>> “widget” or “video player”) is directly interacting with the
>> consumer and, from the consumer’s perspective, acting as a First
>> Party. Thus, it is unnecessary to apply to these activities the
>> Principles governing data collection and use by Third Parties with
>> which the consumer is not directly interacting.
>>
>> Very best,
>>
>> Rachel
>>
>> RACHEL NYSWANDER THOMAS
>>
>> Vice President, Government Affairs
>>
>> Direct Marketing Association
>>
>> (202) 861-2443 office
>>
>> (202) 560-2335 cell
>>
>> rthomas@the-dma.org [18]
>>
>> JOIN US AT DMA2012 CONFERENCE AND EXHIBITION
>>
>> The Global Event for Real-Time Marketers
>>
>> October 13-18, 2012 | Las Vegas, NV
>>
>> REGISTER NOW & SAVE UP TO $200 |www.dma12.org [19]
>
>
>
> Links:
> ------
> [1] http://Comcast.net
> [2] http://PCHLotto.com
> [3] mailto:jeff@democraticmedia.org
> [4] mailto:public-tracking@w3.org
> [5] http://www.democraticmedia.org
> [6] http://www.digitalads.org
> [7] mailto:RThomas@the-dma.org
> [8] mailto:craigs@otalliance.org
> [9] mailto:public-tracking@w3.org
> [10] mailto:public-tracking@w3.org
> [11] mailto:public-tracking@w3.org
> [12] mailto:craigs@otalliance.org
> [13] mailto:public-tracking@w3.org
> [14] mailto:[mailto:RThomas@the-dma.org]
> [15] mailto:public-tracking@w3.org
> [16]
> 
> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#first-third-parties
> [17]
> 
> https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf
> [18] mailto:rthomas@the-dma.org
> [19] http://www.dma12.org/
> [20]
> 
> http://www.truste.com/about-TRUSTe/press-room/news_truste_PCH_TrustedAds_results
> [21] 
> http://www.truste.com/pdf/TRUSTe-OBA-Behavioral-Advertising-Opt-Out.pdf

Received on Thursday, 11 October 2012 15:04:30 UTC