Re: June Draft of the DNT compliance spec

Hi Chris,


thanks for raising this concern.

I fully agree that there will be many levels of grey between a privacy
tool and a browser and in some cases, the line will be difficult to draw.


Regards,
matthias




> Hi Matthias,
>
> I'm concerned with:
>
> "this is a very strong expression of a desire for privacy"
>
> It represents a slippery slope, open to personal interpretation, and a
> certain vagueness that's hard to program for-- and thus should not be in a
> tech spec.  It would leave DNT compliance open for rather loose
> interpretation-- and that would be a problem for publishers who are left
> to make sense of this spec for their users.
>
> Here's a tangible and real example/concern, to support my point:
> Microsoft is currently running strong television ads in some jurisdictions
> around privacy.  In some spots, they connect privacy, even 'tracking
> protection,' to their IE10 product offering. Does that make Microsoft's
> IE10 a "privacy browser", and are we now ok allowing them to set/send DNT
> by default and be "compliant" with our spec?  I thought we already agreed,
> no, that's not ok.
>
> But if we allow this to be the case, what will keep any browser company or
> other UA from simply saying that privacy is a key feature of their browser
> and then also setting DNT by default, without any real user
> action/understanding of the setting?  Nothing.  And then DNT:1 will become
> ubiquitous, it will harm industry (especially long-tail small publishers),
> and so on...
>
> Chris
>
>
> On Jun 13, 2013, at 10:49 AM, "Matthias Schunter (Intel Corporation)"
> <mts-std@schunter.org<mailto:mts-std@schunter.org>> wrote:
>
> Hi!
>
> my 2cents:
> - From a user expectation point of view, I would expect that whatever is
> turned on by private browsing (e.g., turning on DNT;1)
> is then undone when I exit this mode (i.e., returning DNT to the prior
> state).
>
> - The original intent (AFAIR) of the language I cited was to allow
> installation of privacy tools (such as the anonymous browsing tool "Tor")
>   and - since this is a very strong expression of a desire for privacy -
> these tools may send DNT;1 by default.
>   Naturally, these tools MUST still need to implement the exception API
> and provide a feature to return from DNT;1 to unset or DNT;0.
>
>
> Matthias
>
>
> On 13/06/2013 16:27, Alan Chapell wrote:
> Thanks Craig -
>
> I probably wasn't being clear enough in my question. As I understand it,
> Safari turns on DNT automatically during a Private Browsing session. I'm
> asking if DNT remains on, or is turned off when the Private Browsing
> session ends.
>
>
> From: Craig Spiezle <craigs@otalliance.org<mailto:craigs@otalliance.org>>
> Date: Thursday, June 13, 2013 10:18 AM
> To: Alan Chapell
> <achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>>,
> 'Justin Brookman' <jbrookman@cdt.org<mailto:jbrookman@cdt.org>>, 'David
> Singer' <singer@apple.com<mailto:singer@apple.com>>
> Cc: 'Shane Wiley' <wileys@yahoo-inc.com<mailto:wileys@yahoo-inc.com>>,
> 'Peter Swire' <peter@peterswire.net<mailto:peter@peterswire.net>>,
> <public-tracking@w3.org<mailto:public-tracking@w3.org>>
> Subject: RE: June Draft of the DNT compliance spec
> Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
> Resent-Date: Thu, 13 Jun 2013 14:19:33 +0000
>
> This is really determined by the browser vendor and or user setting if
> “private browsing” (InPrivate, Incognito…)  is a session based or
> persistent setting.
>
> From: Alan Chapell [mailto:achapell@chapellassociates.com]
> Sent: Thursday, June 13, 2013 7:07 AM
> To: Justin Brookman; Craig Spiezle; David Singer
> Cc: 'Shane Wiley'; 'Peter Swire';
> public-tracking@w3.org<mailto:public-tracking@w3.org>
> Subject: Re: June Draft of the DNT compliance spec
>
> Thanks Justin. I was unaware of the Private Browsing feature.
>
> David, does Private Browsing turn on DNT automatically during a private
> browsing session, and then turn it off automatically once the private
> browsing session is over?
>
>
>
> From: Justin Brookman <jbrookman@cdt.org<mailto:jbrookman@cdt.org>>
> Date: Monday, June 10, 2013 12:37 PM
> To: Craig Spiezle <craigs@otalliance.org<mailto:craigs@otalliance.org>>
> Cc: 'Shane Wiley' <wileys@yahoo-inc.com<mailto:wileys@yahoo-inc.com>>,
> Alan Chapell
> <achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>>,
> 'Peter Swire' <peter@peterswire.net<mailto:peter@peterswire.net>>,
> <public-tracking@w3.org<mailto:public-tracking@w3.org>>
> Subject: Re: June Draft of the DNT compliance spec
>
> Previously, I thought we had agreement that selection of a special
> privacy-protective product or setting could imply consent to send DNT:1
> This agreement is currently reflected in the TPE in Section 3:
> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining.
>  For example, I believe that Safari turns on DNT:1 whenever someone
> engages "Private Browsing" mode, despite no specific language about Do Not
> Track: http://www.apple.com/safari/features.html
>
> However, that language/agreement may have been subsumed by more recent
> discussions.
>
> On Jun 10, 2013, at 11:15 AM, "Craig Spiezle"
> <craigs@otalliance.org<mailto:craigs@otalliance.org>> wrote:
>
>
> I apologize for possibly bringing up a closed issue, but do you see a
> distinction between a browser or a privacy / security enhancing product?
> I agree with what is proposed by a browser, but see there might be other
> scenarios where the consumer is making an implied decision when acquiring
> a third party security / privacy add-on?.
>
> Conceptually let’s call the product Privacy and Data Protector which by
> default out of the box offers “maximized protection of your data
> collection and privacy”.   Could one argue that one who purchases such a
> product in effect is making an implied decision to use such functionality.
>  Better yet Ad-Block Plus?
>
>
>
>
>
> From: Shane Wiley [mailto:wileys@yahoo-inc.com<http://yahoo-inc.com>]
> Sent: Monday, June 10, 2013 7:17 AM
> To: Alan Chapell; Peter Swire;
> public-tracking@w3.org<mailto:public-tracking@w3.org>
> Subject: RE: June Draft of the DNT compliance spec
>
> Friendly amendment suggestion:
>
> “…unless they have otherwise obtained consent from the user to do so.”
>
> - Shane
>
> From: Alan Chapell [mailto:achapell@chapellassociates.com]
> Sent: Monday, June 10, 2013 6:31 AM
> To: Peter Swire; public-tracking@w3.org<mailto:public-tracking@w3.org>
> Subject: Re: June Draft of the DNT compliance spec
>
> Thanks Peter. I'm still generally uncomfortable that DNT doesn't place
> requirements on First Parties.
>
> One item of particular concern that seems to have fallen off the radar is
> the scenario where a party collects data in a first party context and
> attempts to use it in a third party context when DNT is enabled. I thought
> there was agreement on this issue. However, I keep raising it, and it
> doesn't seem to make it into the drafts. Perhaps its implied in the
> language "… customize the content, services, and advertising in the
> context of the first party experience." However, it is not clear enough,
> IMHO.
>
> To address, I offer the following language to Section 4 (First Party
> Compliance). The new language is below.
>
> First Parties must not use data collected while a First Party when acting
> as a Third-Party when DNT = 1.
>
>
> Nick – if I need to open up another issue on this, please let me know.
> Thanks!
>
> Alan
> From: Peter Swire <peter@peterswire.net<mailto:peter@peterswire.net>>
> Date: Monday, June 10, 2013 7:47 AM
> To: "public-tracking@w3.org<mailto:public-tracking@w3.org>"
> <public-tracking@w3.org<mailto:public-tracking@w3.org>>
> Subject: June Draft of the DNT compliance spec
> Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
> Resent-Date: Mon, 10 Jun 2013 11:47:58 +0000
>
> To the Working Group:
>
>         Attached please find a June Draft of the compliance spec.  The
> spec is also available at:
>
> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.html
>
> This draft builds directly on the Consensus Action Summary from the
> Sunnyvale F2F.  Working closely with W3C staff, and based on numerous
> discussions with members of the WG, this June Draft is my best current
> estimate of a document that can be the basis for a consensus document in
> time for Last Call.
>
>         The June Draft includes a number of grammatical and stylistic
> edits to various provisions of the previous working drafts.  These
> sorts of edits were done in hopes of adding clarity and good
> writing to the provisions.  In the spirit of humility, W3C staff
> and I recognize that members of the WG may spot substantive
> objections to these stylistic edits – let us work within a
> constructive spirit of the working group process to examine and,
> where appropriate, make changes to these edits.
>
>         The Draft also addresses the four task areas included in the
> Consensus Action Summary.  In proposing language in the June
> Draft, my intent and belief was to make good substantive judgments
> about an overall package that may achieve consensus, as well as
> item-by-item judgments about what is substantively most defensible
> within the context of the WG.  Clearly, the group will need to
> work through each piece of the text, members can suggest
> alternatives, and we will need to determine where and whether
> consensus exists.
>
>         The June Draft contains normative text but not non-normative text.
>  In part, this reflects my view that we have the best chance to
> work constructively on a relatively short amount of normative
> text.  Proposed non-normative text can be proposed for provisions
> in time for Last Call.  As a potentially useful alternative, W3C
> has various mechanisms for publishing notes or other documents
> that illuminate a standard.  The best time for detailed discussion
> of most non-normative text quite possibly will be after Last Call.
>
>         The June Draft discusses only items that the W3C WG can address.
> Clearly, the actions of others on these issues may be relevant to
> the overall outcome.  For instance, the DAA has discussed changes
> to its code, including on its market research and product
> development exceptions.   There has been discussion of a
> potentially useful limit on any blocking of 3d party cookies for
> sites that comply withDNT.  There may also be new and useful
> technical measures that would be important to the future of
> advertising in a privacy-protective manner.  The text here, as
> indicated, addresses what would be within the compliance spec
> itself.
>
>         W3C staff and I are working on further explanatory materials that
> will seek to clarify the changes here, and link the June Draft to
> the issues on the WG site.
>
>         The regular call this Wednesday will be an opportunity for the
> Group to have an initialdiscussion of the June Draft.  To give
> everyone a chance to review this material, we will not be seeking
> to close compliance issues during this Wednesday’s calls.
>
>         Thank you,
>
>         Peter
>
>
>
> Prof. Peter P. Swire
> C. William O'Neill Professor of Law
>            Ohio State University
> 240.994.4142
> www.peterswire.net<http://www.peterswire.net>
>
> Beginning August 2013:
> Nancy J. and Lawrence P. Huang Professor
> Law and Ethics Program
> Scheller College of Business
> Georgia Institute of Technology
>
>
>
>

Received on Thursday, 13 June 2013 17:07:05 UTC