Re: June Change Proposal, raw data, contextual ads

On Jul 1, 2013, at 14:56 , David Wainberg <david@appnexus.com> wrote:

> Hi David-
> 
> Is this also related to ISSUE-142?

Yes, though that's marked closed.

> I thought there'd been some agreement previously on a grace period for data retained only for a short period, and that such grace period would include more than merely processing it into an unregulated state.

What other uses do you envisage?  I thought the rationale for the raw data exception was (a) that no-one can process the data in real time, there needs to be some holding period and (b) some people hold the raw data for a while 'just in case' (e.g. of a debugging need) but can process into what they need at that time and discard the rest.

In neither case do I see a need to allow 'other use' than the ability to process, but if there is a (closed, non-leaky) one, it would be good to hear.

> But why do we need to say that raw data can be processed?

I think I am saying that that is the 'purpose' of the raw data for the 'permission' -- the only 'purpose' one has in it, is to process it.

> Isn't permission to process data into an unregulated state inherent in the spec?

Not that I see, and I think it's worth making explicit.

> I'm not seeing the need for this explicit statement about "raw data". In any case, don't we mean to say something like "under DNT:1 tracking information may be used but must be deidentified/delinked within N days" as in ISSUE-142?

Do you happen to know what text resulted from 142?  It might help me to review it.

Thanks

> 
> -David
> 
> On 7/1/13 2:27 PM, David Singer wrote:
>> On Jul 1, 2013, at 11:00 , Jeffrey Chester <jeff@democraticmedia.org> wrote:
>> 
>>> Raw data.   What data can be collected and use gathered via contextual targeting, given its expanded range.
>> OK, then I think you are missing something.  The raw data permission needs to be just that:  we need to say that you are allowed to collect raw data *solely for the purposes of processing it* and no other use.  That processing must result in data that is one of
>> 
>> * out of scope, not tracking data
>> * tracking data permitted under a permitted use
>> * tracking data for which the party has consent
>> * discarded
>> 
>> Under these circumstances, there is no 'use' of the raw data to do anything.
>> 
>> But contextual advertising is also completely orthogonal, I think.  That uses real-time data -- transaction data -- to decide what to show you.  If an advertiser can work out, at the time of the load request, that I am in california, where it's 6pm, and knows I am loading a restaurant review site, and shows me an ad for a restaurant, that doesn't worry me.  I think it may be *imprudent* to show heavily contextual ads to a DNT:1 user, in that they may freak, but if the site doesn't remember anything about 'me' after it's shown the ad, I don't see it as problematic from a spec. point of view.
>> 
>> And I still don't get the link to 'raw data'…
>> 
>>> 
>>> 
>>> 
>>> Jeffrey Chester
>>> Center for Digital Democracy
>>> 1621 Connecticut Ave, NW, Suite 550
>>> Washington, DC 20009
>>> www.democraticmedia.org
>>> www.digitalads.org
>>> 202-986-2220
>>> 
>>> On Jul 1, 2013, at 1:56 PM, David Singer wrote:
>>> 
>>>> Jeff
>>>> 
>>>> was this a follow-on to raw data handling, or a separate question?  If the former, I am missing the connection…
>>>> 
>>>> On Jun 30, 2013, at 5:09 , Jeffrey Chester <jeff@democraticmedia.org> wrote:
>>>> 
>>>>> Am I correct that no interaction (profiling and targeting) data from a DNT:1 user can be collected from their interactions with contextual ads?  As contextual advertising has grown more sophisticated, including user-intensive semantic and emotional analysis and delivered via RTB, they raise DNT concerns.  For example, one semantic targeter explains that marketers can "Leverage the accuracy of semantic technology, by selecting
>>>>> between 900+ IAB categories, emotions, buyer intentions and entities, to create limitless custom segments on-the-fly and unique to each campaign"   http://www.admantx.com/wordpress/#admantx;  video: http://www.youtube.com/watch?feature=player_embedded&v=s64I2Ft824g#at=51
>>>>> 
>>>>> The contextual targeting frame should not be permitted to be a serious privacy loophole.  Perhaps the text needs clarification?
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>> Jeff
>>>>> 
>>>>> 
>>>>> Jeffrey Chester
>>>>> Center for Digital Democracy
>>>>> 1621 Connecticut Ave, NW, Suite 550
>>>>> Washington, DC 20009
>>>>> www.democraticmedia.org
>>>>> www.digitalads.org
>>>>> 202-986-2220
>>>>> 
>>>>> On Jun 30, 2013, at 7:08 AM, Thomas Roessler wrote:
>>>>> 
>>>>>> Thanks, David.
>>>>>> 
>>>>>> This is now incorporated into this wiki page:
>>>>>> 	http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Short_Term
>>>>>> 
>>>>>> Regards,
>>>>>> 
>>>>>> Thomas Roessler, W3C <tlr@w3.org> (@roessler)
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 2013-06-26, at 19:21 +0200, David Singer <singer@apple.com> wrote:
>>>>>> 
>>>>>>> On Jun 20, 2013, at 15:19 , David Singer <singer@apple.com> wrote:
>>>>>>> 
>>>>>>>> Problem
>>>>>>>> 
>>>>>>>> "It is outside the scope of this specification to control short-term, transient collection and use of data, so long as the information is not transmitted to a third party and is not used to build a profile about a user or otherwise alter an individual user’s user experience outside the current network interaction. For example, the contextual customization of ads shown as part of the same network interaction is not restricted by DNT: 1."
>>>>>>>> 
>>>>>>>> 1) It's not just altering an experience that we care about. We've heard "making available to governments", for example.
>>>>>>>> 2) This was previously a permitted use, which meant that the general restrictions on permitted uses applied (you have to justify what you keep and how long you keep it).  Moving it "out of scope" lifts those restrictions.
>>>>>>>> 3) Contextual customization is a completely different question, nothing to do with raw data retention.
>>>>>>>> 
>>>>>>>> I note Issue-134 is linked to this text.
>>>>>>>> 
>>>>>>>> Proposals
>>>>>>>> 
>>>>>>>> 1) Make it a 'permitted use'
>>>>>>>> 2) define it as 'Raw data may be collected and retained solely for the purpose of processing that data into data allowed by other claimed permitted uses.'
>>>>>>>> 3) Retain a short paragraph in the out=of-scope section that says "The use of data present in the transaction, as part of the processing of that transaction, is out of scope: for example, the contextual customization of ads shown as part of the same network interaction is not restricted by DNT: 1."
>>>>>>>> 
>>>>>>> Specific proposal for the permitted use language:
>>>>>>> 
>>>>>>> * * * * * *
>>>>>>> 
>>>>>>> Raw data may be collected and retained solely for the purposes of processing that data into one of:
>>>>>>> 1) Data that is not tracking data, and is thus out of scope;
>>>>>>> 2) Data that is tracking data, but for which consent was in effect at the time of collection;
>>>>>>> 3) Data that is tracking data, but which is being retained under another permitted use that was claimed at the time of collection.
>>>>>>> 
>>>>>>> All other data MUST BE discarded at the time of processing.
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> David Singer
>>>>>>> Multimedia and Software Standards, Apple Inc.
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>> 
>>>> David Singer
>>>> Multimedia and Software Standards, Apple Inc.
>>>> 
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>> 
>> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Monday, 1 July 2013 22:59:20 UTC