W3C home > Mailing lists > Public > public-tracking@w3.org > April 2013

Re: DNT: Agenda for April 10 call

From: Berin Szoka <bszoka@techfreedom.org>
Date: Tue, 9 Apr 2013 17:01:44 -0400
Message-ID: <CAEjRf9K4rynYsKkhf7MkfgRizg2apEQhx0-K=FWGwNxesvqe2Q@mail.gmail.com>
To: Peter Swire <peter@peterswire.net>
Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Thanks, Peter.  How did you manage to email this from your typewriter? ;)


On Tue, Apr 9, 2013 at 4:59 PM, Peter Swire <peter@peterswire.net> wrote:

>  (Very roughly, first half on compliance spec and second half on TPE
> spec.)
>
>
> ---------------------------****
>
> Administrative****
>
> ---------------------------****
>
>  ****
>
> *1. Confirmation of scribe* – glad to accept volunteer  -- no volunteer
> thus far.****
>
>  ****
>
> *2. Offline-caller-identification: *
>
> If you intend to join the phone call, youmusteither associate your phone
> number with your IRC username once you've joined the call (command: "Zakim,
> [ID] is [name]" e.g., "Zakim, ??P19 is schunter" in my case), or let Nick
> know your phone number ahead of  time. If you are not comfortable with the
> Zakim IRC syntax for associating your phone number, please email your name
> and phone number to npdoty@w3.org. We want to reduce (in fact, eliminate)
> the time spent on the call identifying phone numbers. Note that if your
> number is not identified and you do not respond to off-the-phone reminders
> via IRC, you will be dropped from the call.****
>
>  ****
>
> ---------------------------****
>
> Compliance Spec – Peter Swire****
>
> ---------------------------****
>
> * *
>
> *3.   User education/ User interface. *
>
> ** **
>
> *Proposed Text:*
>
> *5. User Agent Compliance*****
>
> A user agent *MUST* offer a control to express a tracking preference to
> third parties. The control *MUST* communicate the user's preference in
> accordance with the [*TRACKING-DNT*<http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-TRACKING-DNT>]
> recommendation and otherwise comply with that recommendation. A user agent
> *MUST NOT* express a tracking preference for a user unless the user has
> given express and informed consent to indicate a tracking preference.****
>
>  ****
>
> While we do not specify how tracking preference choices are offered to the
> user or how the preference is enabled, each implementation MUST follow the
> following user interface guidelines:****
>
> 1.     The User Agent is responsible for determining the user experience
> by which a tracking preference is enabled. For example, a user might select
> a check-box in their user agent's configuration, or install an extension or
> add-on that is specifically designed to add a tracking preference
> expression so long as the checkbox, extension or add-on otherwise follows
> these user interface guidelines;****
>
> 2.     The User Agent MUST ensure that the tracking preference choices are
> communicated to users clearly and conspicuously, and shown at the time and
> place the tracking preference choice is made available to auser;****
>
> 3.     The User Agent MUST ensure that the tracking preference choices
> accurately describe DNT, including the parties to whom DNT applies, and
> MUST make available via a link in explanatory text where DNT is enabled to
> provide more detailed information about DNT functionality.****
>
>  ****
>
> Non-Normative:****
>
>  ****
>
> The User Agent plays a key role in enacting the DNT functionality. As a
> result, it is appropriate for the User Agent to play an equally key role in
> describing DNT functionality and educating users about DNT in order for
> this standard to be meaningful.****
>
>  ****
>
> While the user interface guidelines do not specify the exact presentation
> to the user, they are intended to help ensure that users understand their
> choices with respect to DNT. For example, outlining the parties (e.g.,
> First Parties, Service Providers, Third Parties) to whomDNTapplies and
> using language that a reasonable user is likely to understand is critical
> for ensuring that users are in position to provide their informed consent
> to a tracking preference.****
>
>  ****
>
> Moreover, as DNT functionality is complex, it is important that User
> Agents educate users about DNT, including but not limited to offering a
> clearly described link that takes the user to additional information about
> DNT functionality. For example, given that some parties may chose not to
> comply with DNT, it would be helpful for browsers to educate users about
> how to check the response header and/or tokens to see if a server is
> responding with a “public commitment” of compliance.****
>
>  ****
>
> Finally, recognizing that DNT settings may be set by non-browser User
> Agents acting in violation of the user interface guidelines, the browsers
> should take reasonable steps to ensure that DNT settings are valid.****
>
>  ****
>
> *4. ACTION-373: Append.*  Text proposed by John Simpson and Alan Chapell,
> with concurrence by Jeff Chester. Clarifications to list in emails by John
> Simpson April 8 and Peter Swire April 9.  Peter Swire circulated a
> background memo on April 9.****
>
> ** **
>
> *Normative: *****
>
> *When DNT:1 is received:*****
>
> *-- A 1st Party MUST NOT combine or otherwise use identifiable data
> received from another party with data it has collected while a 1st Party.*
> ****
>
> *-- A 1st Party MUST NOT shareidentifiable data with another party unless
> the data was provided voluntarily by the user and is necessary to complete
> a business transaction with the user.*****
>
> *-- A Party MUST NOT usedata gathered while a 1st Party when operating as
> a 3rd Party.*****
>
> *Non-Normative: *****
>
> When DNT:1 is received, a 1st Party retains the ability to customize
> content, services, and advertising only within thecontext of the first
> party experience. A 1st party takes the user interaction outside of the 1st
> party experience if it receives identifiabledata from another party and
> uses that data for customization of content, services, oradvertising. ****
>
> When DNT:1 is received the 1st Party maycontinue to utilize user provided
> data in order to complete or fulfill a user initiated business transaction
> such as fulfilling an order for goods or a subscription.****
>
> When DNT:1 is received and a Party has become a 3rd Party it is
> interacting with the user outside of the 1st Party experience.  Using data
> gathered while a 1st party is incompatible with interaction as a third
> party.****
>
>  ****
>
> Chris Pedigo gave five examples on data append in September, 2012, which
> are useful to consider in light of the proposed language:****
>
> http://www.w3.org/2011/tracking-protection/track/actions/229****
>
> ** **
>
> ---------------------------****
>
> TPE Spec – Matthias Schunter****
>
> ---------------------------****
>
> *5. Restructuring the response indicators.* We currently discuss
> thefollowing three fields:****
>
> ** **
>
> - Optional Prefix "!" (I do not conform and I do not claim that whatever
> letters follow this sign are correct)****
>
> - Tracking Status****
>
>    1, 3, ...****
>
> - Permitted uses:****
>
>    C(onsent), ...****
>
> ** **
>
> *6.  ISSUE-187 Discuss Site Requirements Consent*
>
> One general concern related to exceptions in general was that sites
> register exceptions while neither the browser (in the old model) nor the
> site (in the new model) gather consent in a reliable way. Our current TPE
> spec states in Section 6.3.1:****
>
> The call to store an exception *MUST* reflect the user's intention to
> grant an exception, at the time of the call. This intention *MUST* be
> determined by the site prior to each call to store an exception, at the
> time of the call. (This allows the user to change their mind, and delete a
> stored exception, which might then trigger the site to explain, and ask
> for, the exception again). It is the responsibility solely of the site
> making the call to determine that a call to record an exception reflects
> the user's informed consent at the time of the call.****
>
> ** **
>
> Jonathan proposed these three requirements that refine this language and
> that I would like to gather feedback on:****
>
> 1) Actual presentation: The choice mechanism MUST be actually presented to
> the user.  It MUST NOT be on a linked page, such as a terms of service or
> privacy policy.****
>
> ** **
>
> 2) Independent choice: The choice mechanism MUST be presented independent
> of other choices.  It MUST NOT be bundled with other user preferences.****
>
> ** **
>
> 3) No default permission: The choice mechanism MUST NOT have the user
> permission preference selected by default.****
>
> ** **
>
> (Fromhttp://lists.w3.org/Archives/Public/public-tracking/2012Apr/0004.html)
> ****
>
> ** **
>
> *7. Steps towards the next working draft.*
>
> ** **
>
> Discuss what needs to be updated before publishing our next TPE working
> draft.****
>
> ** **
>
> I have previously preferred distinguishing "who I am" from "how I am
> operating", and I feel that have C and ! as 'status' indicators rather than
> qualifiers means that I can no longer tell whether I am interacting with
> someone who adheres to 1st or 3rdparty constraints.  So I agree, rather
> than C or ! as the first character, I think that****
>
> ** **
>
> 1C -- content produced under first party rules with consent****
>
> 3C -- third party under 3rd party rules with consent****
>
>  ****
>
> *8. Announce next meeting & adjourn*
>
>  ****
>
>  ****
>
> ================ Infrastructure =================****
>
>  ****
>
> Zakim teleconference bridge:****
>
> VoIP:    sip:zakim@voip.w3.org****
>
> Phone +1.617.761.6200 passcode TRACK (87225)****
>
> IRC Chat: irc.w3.org, port 6665, #dnt****
>
>  ****
>
> *********
>
>
> Professor Peter P. Swire
> C. William O'Neill Professor of Law
>     Ohio State University
> 240.994.4142
> www.peterswire.net
>



-- 
Berin Szoka | President, TechFreedom | @TechFreedom
bszoka@techfreedom.org | @BerinSzoka
Received on Tuesday, 9 April 2013 21:02:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:09 UTC