Re: June Draft of the DNT compliance spec

Hi Alan,

from a TPE perspective, this issue has been closed and Section 3 
contains our normative text at this point.


On 13/06/2013 22:09, Alan Chapell wrote:
> Hi John -
> I'm not sure I agree that there was consensus re: User Preference 
> language. It would more accurate to say that this language remained in 
> the documents for a period of time because those who challenged it 
> were told that any changes were out of scope of our charter.
> As we've made changes to the Compliance doc in this area, it also made 
> sense to revisit corresponding language in the TPE.
> From my perspective, simply implying a tracking preference in the name 
> of the plug-in or extension doesn't come close to ensuring that the 
> User has made an informed decisions with respect to DNT.
> Happy to discuss further if helpful.
> From: John Simpson < 
> <>>
> Date: Thursday, June 13, 2013 2:08 PM
> To: Justin Brookman < <>>
> Cc: Chris Mejia < <>>, 
> " <> Group" 
> < <>>
> Subject: Re: June Draft of the DNT compliance spec
> Resent-From: < <>>
> Resent-Date: Thu, 13 Jun 2013 18:09:00 +0000
>     Indeed, there has long been this language in Section 3 of the TPE,
>     Determining User Preference:
>     "A user agent /MUST/ have a default tracking preference of |unset|
>     (not enabled) unless a specific tracking preference is implied by
>     the decision to use that agent. For example, use of a
>     general-purpose browser would not imply a tracking preference when
>     invoked normally as "SuperFred", but might imply a preference if
>     invoked as "SuperDoNotTrack" or "UltraPrivacyFred". Likewise, a
>     user agent extension or add-on /MUST NOT/ alter the tracking
>     preference unless the act of installing and enabling that
>     extension or add-on is an explicit choice by the user for that
>     tracking preference.
>     Looks to me like it's open season on any text that many of us
>     understood to represent consensus...
>     On Jun 13, 2013, at 7:00 AM, Justin Brookman <
>     <>> wrote:
>>     I was just giving the historical context.  The idea that a
>>     privacy-specific user agent could send DNT:1 without more
>>     disclosure had been agreed to for several months, and then was
>>     later revisited.  Similar to the security language that had been
>>     worked out nearly a year ago . . .
>>     Please say that no one has an action item to redefine "party." :)
>>     On Jun 13, 2013, at 9:53 AM, Chris Mejia <
>>     <>> wrote:
>>>     Hi Justin,
>>>     I don't believe we are in full agreement on this.  Please see
>>>     the text that Alan and I submitted yesterday, on requirements
>>>     for agents sending/altering a user's preference expression.
>>>     Best,
>>>     Chris
>>>     ++++++++++++++++++++++++
>>>     Chris Mejia
>>>     Digital Supply Chain Solutions
>>>     Ad Technology Group
>>>     Interactive Advertising Bureau - IAB
>>>     On Jun 10, 2013, at 11:37 AM, "Justin Brookman"
>>>     < <>> wrote:
>>>>     Previously, I thought we had agreement that selection of a
>>>>     special privacy-protective product or setting could imply
>>>>     consent to send DNT:1  This agreement is currently reflected in
>>>>     the TPE in Section 3:
>>>>      For example, I believe that Safari turns on DNT:1 whenever
>>>>     someone engages "Private Browsing" mode, despite no specific
>>>>     language about Do Not Track:
>>>>     However, that language/agreement may have been subsumed by more
>>>>     recent discussions.
>>>>     On Jun 10, 2013, at 11:15 AM, "Craig Spiezle"
>>>>     < <>> wrote:
>>>>>     I apologize for possibly bringing up a closed issue, but do
>>>>>     you see a distinction between a browser or a privacy /
>>>>>     security enhancing product?   I agree with what is proposed by
>>>>>     a browser, but see there might be other scenarios where the
>>>>>     consumer is making an implied decision when acquiring a third
>>>>>     party security / privacy add-on?.
>>>>>     Conceptually let's call the product Privacy and Data Protector
>>>>>     which by default out of the box offers "maximized protection
>>>>>     of your data collection and privacy".  Could one argue that
>>>>>     one who purchases such a product in effect is making an
>>>>>     implied decision to use such functionality.  Better yet
>>>>>     Ad-Block Plus?
>>>>>     *From:*Shane Wiley [
>>>>>     <>]
>>>>>     *Sent:*Monday, June 10, 2013 7:17 AM
>>>>>     *To:*Alan Chapell; Peter Swire;
>>>>>     <>
>>>>>     *Subject:*RE: June Draft of the DNT compliance spec
>>>>>     Friendly amendment suggestion:
>>>>>     "...unless they have otherwise obtained consent from the user
>>>>>     to do so."
>>>>>     - Shane
>>>>>     *From:*Alan Chapell []
>>>>>     *Sent:*Monday, June 10, 2013 6:31 AM
>>>>>     *To:*Peter Swire;
>>>>>     <>
>>>>>     *Subject:*Re: June Draft of the DNT compliance spec
>>>>>     Thanks Peter. I'm still generally uncomfortable that DNT
>>>>>     doesn't place requirements on First Parties.
>>>>>     One item of particular concern that seems to have fallen off
>>>>>     the radar is the scenario where a party collects data in a
>>>>>     first party context and attempts to use it in a third party
>>>>>     context when DNT is enabled. I thought there was agreement on
>>>>>     this issue. However, I keep raising it, and it doesn't seem to
>>>>>     make it into the drafts. Perhaps its implied in the language
>>>>>     "... customize the content, services, and advertising in the
>>>>>     context of the first party experience." However, it is not
>>>>>     clear enough, IMHO.
>>>>>     To address, I offer the following language to Section 4 (First
>>>>>     Party Compliance). The new language is below.
>>>>>     First Parties /must not/ use data collected while a First
>>>>>     Party when acting as a Third-Party when DNT = 1.
>>>>>     Nick -- if I need to open up another issue on this, please let
>>>>>     me know. Thanks!
>>>>>     Alan
>>>>>     *From:*Peter Swire <
>>>>>     <>>
>>>>>     *Date:*Monday, June 10, 2013 7:47 AM
>>>>>     *To:*" <>"
>>>>>     < <>>
>>>>>     *Subject:*June Draft of the DNT compliance spec
>>>>>     *Resent-From:*<
>>>>>     <>>
>>>>>     *Resent-Date:*Mon, 10 Jun 2013 11:47:58 +0000
>>>>>         To the Working Group:
>>>>>         Attached please find a June Draft of the compliance spec. 
>>>>>         The spec is also available at:
>>>>>         This draft builds directly on the Consensus Action Summary
>>>>>         from the Sunnyvale F2F. Working closely with W3C staff,
>>>>>         and based on numerous discussions with members of the WG,
>>>>>         this June Draft is my best current estimate of a document
>>>>>         that can be the basis for a consensus document in time for
>>>>>         Last Call.
>>>>>                 The June Draft includes a number of_grammatical
>>>>>         and stylistic edits_to various provisions of the previous
>>>>>         working drafts.  These sorts of edits were done in hopes
>>>>>         of adding clarity and good writing to the provisions.  In
>>>>>         the spirit of humility, W3C staff and I recognize that
>>>>>         members of the WG may spot substantive objections to these
>>>>>         stylistic edits -- let us work within a constructive
>>>>>         spirit of the working group process to examine and, where
>>>>>         appropriate, make changes to these edits.
>>>>>                 The Draft also addresses the_four task
>>>>>         areas_included in the Consensus Action Summary.  In
>>>>>         proposing language in the June Draft, my intent and belief
>>>>>         was to make good substantive judgments about an_overall
>>>>>         package_that may achieve consensus, as well as
>>>>>         item-by-item judgments about what is substantively most
>>>>>         defensible within the context of the WG. Clearly, the
>>>>>         group will need to work through each piece of the text,
>>>>>         members can suggest alternatives, and we will need to
>>>>>         determine where and whether consensus exists.
>>>>>                 The June Draft contains_normative text but not
>>>>>         non-normative text_. In part, this reflects my view that
>>>>>         we have the best chance to work constructively on a
>>>>>         relatively short amount of normative text.  Proposed
>>>>>         non-normative text can be proposed for provisions in time
>>>>>         for Last Call.  As a potentially useful alternative, W3C
>>>>>         has various mechanisms for publishing notes or other
>>>>>         documents that illuminate a standard.  The best time for
>>>>>         detailed discussion of most non-normative text quite
>>>>>         possibly will be after Last Call.
>>>>>                 The June Draft discusses_only items that the W3C
>>>>>         WG can address_. Clearly, the actions of others on these
>>>>>         issues may be relevant to the overall outcome.  For
>>>>>         instance, the DAA has discussed changes to its code,
>>>>>         including on its market research and product development
>>>>>         exceptions.   There has been discussion of a potentially
>>>>>         useful limit on any blocking of 3d party cookies for sites
>>>>>         that comply withDNT.  There may also be new and useful
>>>>>         technical measures that would be important to the future
>>>>>         of advertising in a privacy-protective manner.  The text
>>>>>         here, as indicated, addresses what would be within the
>>>>>         compliance spec itself.
>>>>>                 W3C staff and I are working on further explanatory
>>>>>         materials that will seek to clarify the changes here, and
>>>>>         link the June Draft to the issues on the WG site.
>>>>>                 The regular call this Wednesday will be an
>>>>>         opportunity for the Group to have an initialdiscussion of
>>>>>         the June Draft.  To give everyone a chance to review this
>>>>>         material, we will not be seeking to close compliance
>>>>>         issues during this Wednesday's calls.
>>>>>                 Thank you,
>>>>>                 Peter
>>>>>         Prof. Peter P. Swire
>>>>>         C. William O'Neill Professor of Law
>>>>>         Ohio State University
>>>>>         240.994.4142
>>>>> <>
>>>>>         Beginning August 2013:
>>>>>         Nancy J. and Lawrence P. Huang Professor
>>>>>         Law and Ethics Program
>>>>>         Scheller College of Business
>>>>>         Georgia Institute of Technology

Received on Thursday, 13 June 2013 20:53:05 UTC