Re: June Draft of the DNT compliance spec

Hi Team,


while we should not revisit this issue, I believe that it is useful to 
fine-tune our joint understanding of the words "unless a specific 
tracking preference is implied by the decision to use that agent."

While I do not expect changes to the normative text (unless we discover 
serious problems), the discussion may enable us to further clarify by 
adding non-normative text and examples. Even if we do not add text, we 
will end up with a better joint understanding...

That said, we may also spend some effort on the issues that are formally 
open at this point. ;-)


Regards,
matthias


On 13/06/2013 20:08, John Simpson wrote:
> Indeed, there has long been this language in Section 3 of the TPE, 
> Determining User Preference:
>
> "A user agent /MUST/ have a default tracking preference of |unset| 
> (not enabled) unless a specific tracking preference is implied by the 
> decision to use that agent. For example, use of a general-purpose 
> browser would not imply a tracking preference when invoked normally as 
> "SuperFred", but might imply a preference if invoked as 
> "SuperDoNotTrack" or "UltraPrivacyFred". Likewise, a user agent 
> extension or add-on /MUST NOT/ alter the tracking preference unless 
> the act of installing and enabling that extension or add-on is an 
> explicit choice by the user for that tracking preference.
>
> Looks to me like it's open season on any text that many of us 
> understood to represent consensus...
>
> On Jun 13, 2013, at 7:00 AM, Justin Brookman <jbrookman@cdt.org 
> <mailto:jbrookman@cdt.org>> wrote:
>
>> I was just giving the historical context.  The idea that a 
>> privacy-specific user agent could send DNT:1 without more disclosure 
>> had been agreed to for several months, and then was later revisited. 
>>  Similar to the security language that had been worked out nearly a 
>> year ago . . .
>>
>> Please say that no one has an action item to redefine "party." :)
>>
>> On Jun 13, 2013, at 9:53 AM, Chris Mejia <chris.mejia@iab.net 
>> <mailto:chris.mejia@iab.net>> wrote:
>>
>>> Hi Justin,
>>>
>>> I don't believe we are in full agreement on this.  Please see the 
>>> text that Alan and I submitted yesterday, on requirements for agents 
>>> sending/altering a user's preference expression.
>>>
>>> Best,
>>>
>>> Chris
>>>
>>> ++++++++++++++++++++++++
>>> Chris Mejia
>>> Digital Supply Chain Solutions
>>> Ad Technology Group
>>> Interactive Advertising Bureau - IAB
>>>
>>>
>>> On Jun 10, 2013, at 11:37 AM, "Justin Brookman" <jbrookman@cdt.org 
>>> <mailto:jbrookman@cdt.org>> wrote:
>>>
>>>> Previously, I thought we had agreement that selection of a special 
>>>> privacy-protective product or setting could imply consent to send 
>>>> DNT:1  This agreement is currently reflected in the TPE in Section 
>>>> 3: 
>>>> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining. 
>>>>  For example, I believe that Safari turns on DNT:1 whenever someone 
>>>> engages "Private Browsing" mode, despite no specific language about 
>>>> Do Not Track: http://www.apple.com/safari/features.html
>>>>
>>>> However, that language/agreement may have been subsumed by more 
>>>> recent discussions.
>>>>
>>>> On Jun 10, 2013, at 11:15 AM, "Craig Spiezle" 
>>>> <craigs@otalliance.org <mailto:craigs@otalliance.org>> wrote:
>>>>
>>>>> I apologize for possibly bringing up a closed issue, but do you 
>>>>> see a distinction between a browser or a privacy / security 
>>>>> enhancing product?   I agree with what is proposed by a browser, 
>>>>> but see there might be other scenarios where the consumer is 
>>>>> making an implied decision when acquiring a third party security / 
>>>>> privacy add-on?.
>>>>> Conceptually let’s call the product Privacy and Data Protector 
>>>>> which by default out of the box offers “maximized protection of 
>>>>> your data collection and privacy”.   Could one argue that one who 
>>>>> purchases such a product in effect is making an implied decision 
>>>>> to use such functionality.  Better yet Ad-Block Plus?
>>>>> *From:*Shane Wiley [mailto:wileys@yahoo-inc.com 
>>>>> <http://yahoo-inc.com/>]
>>>>> *Sent:*Monday, June 10, 2013 7:17 AM
>>>>> *To:*Alan Chapell; Peter Swire;public-tracking@w3.org 
>>>>> <mailto:public-tracking@w3.org>
>>>>> *Subject:*RE: June Draft of the DNT compliance spec
>>>>> Friendly amendment suggestion:
>>>>> “…unless they have otherwise obtained consent from the user to do so.”
>>>>> - Shane
>>>>> *From:*Alan Chapell [mailto:achapell@chapellassociates.com]
>>>>> *Sent:*Monday, June 10, 2013 6:31 AM
>>>>> *To:*Peter Swire;public-tracking@w3.org 
>>>>> <mailto:public-tracking@w3.org>
>>>>> *Subject:*Re: June Draft of the DNT compliance spec
>>>>> Thanks Peter. I'm still generally uncomfortable that DNT doesn't 
>>>>> place requirements on First Parties.
>>>>> One item of particular concern that seems to have fallen off the 
>>>>> radar is the scenario where a party collects data in a first party 
>>>>> context and attempts to use it in a third party context when DNT 
>>>>> is enabled. I thought there was agreement on this issue. However, 
>>>>> I keep raising it, and it doesn't seem to make it into the drafts. 
>>>>> Perhaps its implied in the language "… customize the content, 
>>>>> services, and advertising in the context of the first party 
>>>>> experience." However, it is not clear enough, IMHO.
>>>>> To address, I offer the following language to Section 4 (First 
>>>>> Party Compliance). The new language is below.
>>>>> First Parties /must not/ use data collected while a First Party 
>>>>> when acting as a Third-Party when DNT = 1.
>>>>> Nick – if I need to open up another issue on this, please let me 
>>>>> know. Thanks!
>>>>> Alan
>>>>> *From:*Peter Swire <peter@peterswire.net 
>>>>> <mailto:peter@peterswire.net>>
>>>>> *Date:*Monday, June 10, 2013 7:47 AM
>>>>> *To:*"public-tracking@w3.org <mailto:public-tracking@w3.org>" 
>>>>> <public-tracking@w3.org <mailto:public-tracking@w3.org>>
>>>>> *Subject:*June Draft of the DNT compliance spec
>>>>> *Resent-From:*<public-tracking@w3.org <mailto:public-tracking@w3.org>>
>>>>> *Resent-Date:*Mon, 10 Jun 2013 11:47:58 +0000
>>>>>
>>>>>     To the Working Group:
>>>>>             Attached please find a June Draft of the compliance
>>>>>     spec.  The spec is also available at:
>>>>>     http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.html
>>>>>     This draft builds directly on the Consensus Action Summary
>>>>>     from the Sunnyvale F2F.  Working closely with W3C staff, and
>>>>>     based on numerous discussions with members of the WG, this
>>>>>     June Draft is my best current estimate of a document that can
>>>>>     be the basis for a consensus document in time for Last Call.
>>>>>             The June Draft includes a number of_grammatical and
>>>>>     stylistic edits_to various provisions of the previous working
>>>>>     drafts. These sorts of edits were done in hopes of adding
>>>>>     clarity and good writing to the provisions.  In the spirit of
>>>>>     humility, W3C staff and I recognize that members of the WG may
>>>>>     spot substantive objections to these stylistic edits – let us
>>>>>     work within a constructive spirit of the working group process
>>>>>     to examine and, where appropriate, make changes to these edits.
>>>>>             The Draft also addresses the_four task areas_included
>>>>>     in the Consensus Action Summary.  In proposing language in the
>>>>>     June Draft, my intent and belief was to make good substantive
>>>>>     judgments about an_overall package_that may achieve consensus,
>>>>>     as well as item-by-item judgments about what is substantively
>>>>>     most defensible within the context of the WG.  Clearly, the
>>>>>     group will need to work through each piece of the text,
>>>>>     members can suggest alternatives, and we will need to
>>>>>     determine where and whether consensus exists.
>>>>>             The June Draft contains_normative text but not
>>>>>     non-normative text_.  In part, this reflects my view that we
>>>>>     have the best chance to work constructively on a relatively
>>>>>     short amount of normative text.  Proposed non-normative text
>>>>>     can be proposed for provisions in time for Last Call.  As a
>>>>>     potentially useful alternative, W3C has various mechanisms for
>>>>>     publishing notes or other documents that illuminate a
>>>>>     standard.  The best time for detailed discussion of most
>>>>>     non-normative text quite possibly will be after Last Call.
>>>>>             The June Draft discusses_only items that the W3C WG
>>>>>     can address_.  Clearly, the actions of others on these issues
>>>>>     may be relevant to the overall outcome.  For instance, the DAA
>>>>>     has discussed changes to its code, including on its market
>>>>>     research and product development exceptions. There has been
>>>>>     discussion of a potentially useful limit on any blocking of 3d
>>>>>     party cookies for sites that comply withDNT.  There may also
>>>>>     be new and useful technical measures that would be important
>>>>>     to the future of advertising in a privacy-protective manner.
>>>>>     The text here, as indicated, addresses what would be within
>>>>>     the compliance spec itself.
>>>>>             W3C staff and I are working on further explanatory
>>>>>     materials that will seek to clarify the changes here, and link
>>>>>     the June Draft to the issues on the WG site.
>>>>>             The regular call this Wednesday will be an opportunity
>>>>>     for the Group to have an initialdiscussion of the June Draft. 
>>>>>     To give everyone a chance to review this material, we will not
>>>>>     be seeking to close compliance issues during this Wednesday’s
>>>>>     calls.
>>>>>             Thank you,
>>>>>             Peter
>>>>>     Prof. Peter P. Swire
>>>>>     C. William O'Neill Professor of Law
>>>>>     Ohio State University
>>>>>     240.994.4142
>>>>>     www.peterswire.net <http://www.peterswire.net/>
>>>>>     Beginning August 2013:
>>>>>     Nancy J. and Lawrence P. Huang Professor
>>>>>     Law and Ethics Program
>>>>>     Scheller College of Business
>>>>>     Georgia Institute of Technology
>>>>>
>>>>
>>
>

Received on Thursday, 13 June 2013 20:34:43 UTC