- From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
- Date: Thu, 13 Jun 2013 22:34:03 +0200
- To: public-tracking@w3.org
- Message-ID: <51BA2CBB.2020802@schunter.org>
Hi Team, while we should not revisit this issue, I believe that it is useful to fine-tune our joint understanding of the words "unless a specific tracking preference is implied by the decision to use that agent." While I do not expect changes to the normative text (unless we discover serious problems), the discussion may enable us to further clarify by adding non-normative text and examples. Even if we do not add text, we will end up with a better joint understanding... That said, we may also spend some effort on the issues that are formally open at this point. ;-) Regards, matthias On 13/06/2013 20:08, John Simpson wrote: > Indeed, there has long been this language in Section 3 of the TPE, > Determining User Preference: > > "A user agent /MUST/ have a default tracking preference of |unset| > (not enabled) unless a specific tracking preference is implied by the > decision to use that agent. For example, use of a general-purpose > browser would not imply a tracking preference when invoked normally as > "SuperFred", but might imply a preference if invoked as > "SuperDoNotTrack" or "UltraPrivacyFred". Likewise, a user agent > extension or add-on /MUST NOT/ alter the tracking preference unless > the act of installing and enabling that extension or add-on is an > explicit choice by the user for that tracking preference. > > Looks to me like it's open season on any text that many of us > understood to represent consensus... > > On Jun 13, 2013, at 7:00 AM, Justin Brookman <jbrookman@cdt.org > <mailto:jbrookman@cdt.org>> wrote: > >> I was just giving the historical context. The idea that a >> privacy-specific user agent could send DNT:1 without more disclosure >> had been agreed to for several months, and then was later revisited. >> Similar to the security language that had been worked out nearly a >> year ago . . . >> >> Please say that no one has an action item to redefine "party." :) >> >> On Jun 13, 2013, at 9:53 AM, Chris Mejia <chris.mejia@iab.net >> <mailto:chris.mejia@iab.net>> wrote: >> >>> Hi Justin, >>> >>> I don't believe we are in full agreement on this. Please see the >>> text that Alan and I submitted yesterday, on requirements for agents >>> sending/altering a user's preference expression. >>> >>> Best, >>> >>> Chris >>> >>> ++++++++++++++++++++++++ >>> Chris Mejia >>> Digital Supply Chain Solutions >>> Ad Technology Group >>> Interactive Advertising Bureau - IAB >>> >>> >>> On Jun 10, 2013, at 11:37 AM, "Justin Brookman" <jbrookman@cdt.org >>> <mailto:jbrookman@cdt.org>> wrote: >>> >>>> Previously, I thought we had agreement that selection of a special >>>> privacy-protective product or setting could imply consent to send >>>> DNT:1 This agreement is currently reflected in the TPE in Section >>>> 3: >>>> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining. >>>> For example, I believe that Safari turns on DNT:1 whenever someone >>>> engages "Private Browsing" mode, despite no specific language about >>>> Do Not Track: http://www.apple.com/safari/features.html >>>> >>>> However, that language/agreement may have been subsumed by more >>>> recent discussions. >>>> >>>> On Jun 10, 2013, at 11:15 AM, "Craig Spiezle" >>>> <craigs@otalliance.org <mailto:craigs@otalliance.org>> wrote: >>>> >>>>> I apologize for possibly bringing up a closed issue, but do you >>>>> see a distinction between a browser or a privacy / security >>>>> enhancing product? I agree with what is proposed by a browser, >>>>> but see there might be other scenarios where the consumer is >>>>> making an implied decision when acquiring a third party security / >>>>> privacy add-on?. >>>>> Conceptually let’s call the product Privacy and Data Protector >>>>> which by default out of the box offers “maximized protection of >>>>> your data collection and privacy”. Could one argue that one who >>>>> purchases such a product in effect is making an implied decision >>>>> to use such functionality. Better yet Ad-Block Plus? >>>>> *From:*Shane Wiley [mailto:wileys@yahoo-inc.com >>>>> <http://yahoo-inc.com/>] >>>>> *Sent:*Monday, June 10, 2013 7:17 AM >>>>> *To:*Alan Chapell; Peter Swire;public-tracking@w3.org >>>>> <mailto:public-tracking@w3.org> >>>>> *Subject:*RE: June Draft of the DNT compliance spec >>>>> Friendly amendment suggestion: >>>>> “…unless they have otherwise obtained consent from the user to do so.” >>>>> - Shane >>>>> *From:*Alan Chapell [mailto:achapell@chapellassociates.com] >>>>> *Sent:*Monday, June 10, 2013 6:31 AM >>>>> *To:*Peter Swire;public-tracking@w3.org >>>>> <mailto:public-tracking@w3.org> >>>>> *Subject:*Re: June Draft of the DNT compliance spec >>>>> Thanks Peter. I'm still generally uncomfortable that DNT doesn't >>>>> place requirements on First Parties. >>>>> One item of particular concern that seems to have fallen off the >>>>> radar is the scenario where a party collects data in a first party >>>>> context and attempts to use it in a third party context when DNT >>>>> is enabled. I thought there was agreement on this issue. However, >>>>> I keep raising it, and it doesn't seem to make it into the drafts. >>>>> Perhaps its implied in the language "… customize the content, >>>>> services, and advertising in the context of the first party >>>>> experience." However, it is not clear enough, IMHO. >>>>> To address, I offer the following language to Section 4 (First >>>>> Party Compliance). The new language is below. >>>>> First Parties /must not/ use data collected while a First Party >>>>> when acting as a Third-Party when DNT = 1. >>>>> Nick – if I need to open up another issue on this, please let me >>>>> know. Thanks! >>>>> Alan >>>>> *From:*Peter Swire <peter@peterswire.net >>>>> <mailto:peter@peterswire.net>> >>>>> *Date:*Monday, June 10, 2013 7:47 AM >>>>> *To:*"public-tracking@w3.org <mailto:public-tracking@w3.org>" >>>>> <public-tracking@w3.org <mailto:public-tracking@w3.org>> >>>>> *Subject:*June Draft of the DNT compliance spec >>>>> *Resent-From:*<public-tracking@w3.org <mailto:public-tracking@w3.org>> >>>>> *Resent-Date:*Mon, 10 Jun 2013 11:47:58 +0000 >>>>> >>>>> To the Working Group: >>>>> Attached please find a June Draft of the compliance >>>>> spec. The spec is also available at: >>>>> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.html >>>>> This draft builds directly on the Consensus Action Summary >>>>> from the Sunnyvale F2F. Working closely with W3C staff, and >>>>> based on numerous discussions with members of the WG, this >>>>> June Draft is my best current estimate of a document that can >>>>> be the basis for a consensus document in time for Last Call. >>>>> The June Draft includes a number of_grammatical and >>>>> stylistic edits_to various provisions of the previous working >>>>> drafts. These sorts of edits were done in hopes of adding >>>>> clarity and good writing to the provisions. In the spirit of >>>>> humility, W3C staff and I recognize that members of the WG may >>>>> spot substantive objections to these stylistic edits – let us >>>>> work within a constructive spirit of the working group process >>>>> to examine and, where appropriate, make changes to these edits. >>>>> The Draft also addresses the_four task areas_included >>>>> in the Consensus Action Summary. In proposing language in the >>>>> June Draft, my intent and belief was to make good substantive >>>>> judgments about an_overall package_that may achieve consensus, >>>>> as well as item-by-item judgments about what is substantively >>>>> most defensible within the context of the WG. Clearly, the >>>>> group will need to work through each piece of the text, >>>>> members can suggest alternatives, and we will need to >>>>> determine where and whether consensus exists. >>>>> The June Draft contains_normative text but not >>>>> non-normative text_. In part, this reflects my view that we >>>>> have the best chance to work constructively on a relatively >>>>> short amount of normative text. Proposed non-normative text >>>>> can be proposed for provisions in time for Last Call. As a >>>>> potentially useful alternative, W3C has various mechanisms for >>>>> publishing notes or other documents that illuminate a >>>>> standard. The best time for detailed discussion of most >>>>> non-normative text quite possibly will be after Last Call. >>>>> The June Draft discusses_only items that the W3C WG >>>>> can address_. Clearly, the actions of others on these issues >>>>> may be relevant to the overall outcome. For instance, the DAA >>>>> has discussed changes to its code, including on its market >>>>> research and product development exceptions. There has been >>>>> discussion of a potentially useful limit on any blocking of 3d >>>>> party cookies for sites that comply withDNT. There may also >>>>> be new and useful technical measures that would be important >>>>> to the future of advertising in a privacy-protective manner. >>>>> The text here, as indicated, addresses what would be within >>>>> the compliance spec itself. >>>>> W3C staff and I are working on further explanatory >>>>> materials that will seek to clarify the changes here, and link >>>>> the June Draft to the issues on the WG site. >>>>> The regular call this Wednesday will be an opportunity >>>>> for the Group to have an initialdiscussion of the June Draft. >>>>> To give everyone a chance to review this material, we will not >>>>> be seeking to close compliance issues during this Wednesday’s >>>>> calls. >>>>> Thank you, >>>>> Peter >>>>> Prof. Peter P. Swire >>>>> C. William O'Neill Professor of Law >>>>> Ohio State University >>>>> 240.994.4142 >>>>> www.peterswire.net <http://www.peterswire.net/> >>>>> Beginning August 2013: >>>>> Nancy J. and Lawrence P. Huang Professor >>>>> Law and Ethics Program >>>>> Scheller College of Business >>>>> Georgia Institute of Technology >>>>> >>>> >> >
Received on Thursday, 13 June 2013 20:34:43 UTC