Re: June Draft of the DNT compliance spec

Hi Matthias - 

The problem is that this language conflicts with language being drafted in
the Compliance document and will ultimately need to be harmonized with the
compliance document language.

That said, I'm a bit confused. Two weeks ago, I accepted the assignment
(Action-231, issue-153 requirement) to edit language in this section of the
TPE. That would indicate that there WAS an open issue, correct?


Cheers,

Alan Chapell
Chapell & Associates
917 318 8440


From:  "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
Date:  Thursday, June 13, 2013 4:41 PM
To:  <public-tracking@w3.org>
Subject:  Re: June Draft of the DNT compliance spec
Resent-From:  <public-tracking@w3.org>
Resent-Date:  Thu, 13 Jun 2013 20:53:14 +0000

>     
>  Hi Alan,
>  
>  from a TPE perspective, this issue has been closed and Section 3 contains our
> normative text at this point.
>  
>  Regards,
>  matthias
>  
>  
> On 13/06/2013 22:09, Alan Chapell wrote:
>  
>  
>>  
>>  
>>  
>> Hi John - 
>>  
>>  
>>  
>> 
>>  
>>  
>> I'm not sure I agree that there was consensus re: User Preference language.
>> It would more accurate to say that this language remained in the documents
>> for a period of time because those who challenged it were told that any
>> changes were out of scope of our charter.
>>  
>> 
>>  
>>  
>> As we've made changes to the Compliance doc in this area, it also made sense
>> to revisit corresponding language in the TPE.
>>  
>> 
>>  
>>  
>> From my perspective, simply implying a tracking preference in the name of the
>> plug-in or extension doesn't come close to ensuring that the User has made an
>> informed decisions with respect to DNT.
>>  
>> 
>>  
>>  
>> Happy to discuss further if helpful.
>>  
>> 
>>  
>>  
>> 
>>  
>>  
>> 
>>  
>>  
>> 
>>  
>>   
>> From:  John Simpson <john@consumerwatchdog.org>
>>  Date:  Thursday, June 13, 2013 2:08 PM
>>  To:  Justin Brookman <jbrookman@cdt.org>
>>  Cc:  Chris Mejia <chris.mejia@iab.net>, "public-tracking@w3.org Group"
>> <public-tracking@w3.org>
>>  Subject:  Re: June Draft of the DNT compliance spec
>>  Resent-From:  <public-tracking@w3.org>
>>  Resent-Date:  Thu, 13 Jun 2013 18:09:00 +0000
>>  
>>  
>> 
>>  
>>  
>>>  
>>>   
>>> Indeed, there has long been this language in Section 3 of the TPE,
>>> Determining User Preference:
>>> 
>>>  
>>>  
>>> "A user agent MUST have a default tracking preference of unset (not enabled)
>>> unless a specific tracking preference is implied by the decision to use that
>>> agent. For example, use of a general-purpose browser would not imply a
>>> tracking preference when invoked normally as SuperFred, but might imply a
>>> preference if invoked as SuperDoNotTrack or UltraPrivacyFred. Likewise, a
>>> user agent extension or add-on MUST NOT alter the tracking preference unless
>>> the act of installing and enabling that extension or add-on is an explicit
>>> choice by the user for that tracking preference.
>>>  
>>> 
>>>  
>>>  
>>> Looks to me like it's open season on any text that many of us understood to
>>> represent consensus...
>>>  
>>> 
>>>  
>>>  
>>> On Jun 13, 2013, at 7:00 AM, Justin Brookman <jbrookman@cdt.org> wrote:
>>> 
>>>  
>>>>   
>>>> I was just giving the historical context.  The idea that a privacy-specific
>>>> user agent could send DNT:1 without more disclosure had been agreed to for
>>>> several months, and then was later revisited.  Similar to the security
>>>> language that had been worked out nearly a year ago . . .
>>>> 
>>>>  
>>>>  
>>>> Please say that no one has an action item to redefine "party." :)
>>>>  
>>>> 
>>>>  
>>>>  
>>>> On Jun 13, 2013, at 9:53 AM, Chris Mejia <chris.mejia@iab.net> wrote:
>>>>  
>>>>  
>>>>>   
>>>>>  
>>>>> Hi Justin,
>>>>>  
>>>>> 
>>>>>  
>>>>>  
>>>>> I don't believe we are in full agreement on this.  Please see the text
>>>>> that Alan and I submitted yesterday, on requirements for agents
>>>>> sending/altering a user's preference expression.
>>>>>  
>>>>> 
>>>>>  
>>>>>  
>>>>> Best,
>>>>>  
>>>>> 
>>>>>  
>>>>>  
>>>>> Chris
>>>>>  
>>>>>  
>>>>> ++++++++++++++++++++++++
>>>>>  
>>>>> Chris Mejia
>>>>>  
>>>>> Digital Supply Chain Solutions
>>>>>  
>>>>> Ad Technology Group
>>>>>  
>>>>> Interactive Advertising Bureau - IAB
>>>>>  
>>>>> 
>>>>>  
>>>>>  
>>>>>  
>>>>> 
>>>>>  On Jun 10, 2013, at 11:37 AM, "Justin Brookman" <jbrookman@cdt.org>
>>>>> wrote:
>>>>>  
>>>>>  
>>>>>  
>>>>>>  
>>>>>>  
>>>>>> Previously, I thought we had agreement that selection of a special
>>>>>> privacy-protective product or setting could imply consent to send DNT:1
>>>>>> This agreement is currently reflected in the TPE in Section 3:
>>>>>> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#deter
>>>>>> mining.  For example, I believe that Safari turns on DNT:1 whenever
>>>>>> someone engages "Private Browsing" mode, despite no specific language
>>>>>> about Do Not Track: http://www.apple.com/safari/features.html
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>>  
>>>>>> However, that language/agreement may have been subsumed by more recent
>>>>>> discussions.
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>> On Jun 10, 2013, at 11:15 AM, "Craig Spiezle" <craigs@otalliance.org>
>>>>>> wrote:
>>>>>>  
>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> I apologize for possibly bringing up a closed issue, but do you see a
>>>>>>> distinction between a browser or a privacy / security enhancing product?
>>>>>>> I agree with what is proposed by a browser, but see there might be other
>>>>>>> scenarios where the consumer is making an implied decision when
>>>>>>> acquiring a third party security / privacy add-on?.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Conceptually let¹s call the product Privacy and Data Protector which by
>>>>>>> default out of the box offers ³maximized protection of your data
>>>>>>> collection and privacy².   Could one argue that one who purchases such a
>>>>>>> product in effect is making an implied decision to use such
>>>>>>> functionality.  Better yet Ad-Block Plus?
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> From: Shane Wiley [mailto:wileys@yahoo-inc.com <http://yahoo-inc.com/> ]
>>>>>>>  Sent: Monday, June 10, 2013 7:17 AM
>>>>>>>  To: Alan Chapell; Peter Swire; public-tracking@w3.org
>>>>>>>  Subject: RE: June Draft of the DNT compliance spec
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Friendly amendment suggestion:
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> ³Šunless they have otherwise obtained consent from the user to do so.²
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> - Shane
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> From: Alan Chapell [mailto:achapell@chapellassociates.com]
>>>>>>>  Sent: Monday, June 10, 2013 6:31 AM
>>>>>>>  To: Peter Swire; public-tracking@w3.org
>>>>>>>  Subject: Re: June Draft of the DNT compliance spec
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Thanks Peter. I'm still generally uncomfortable that DNT doesn't place
>>>>>>> requirements on First Parties.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> One item of particular concern that seems to have fallen off the radar
>>>>>>> is the scenario where a party collects data in a first party context and
>>>>>>> attempts to use it in a third party context when DNT is enabled. I
>>>>>>> thought there was agreement on this issue. However, I keep raising it,
>>>>>>> and it doesn't seem to make it into the drafts. Perhaps its implied in
>>>>>>> the language "Š customize the content, services, and advertising in the
>>>>>>> context of the first party experience." However, it is not clear enough,
>>>>>>> IMHO.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> To address, I offer the following language to Section 4 (First Party
>>>>>>> Compliance). The new language is below.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> First Parties must  not use data collected while a First Party when
>>>>>>> acting as a Third-Party when DNT = 1.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Nick ­ if I need to open up another issue on this, please let me know.
>>>>>>> Thanks!
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Alan
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> From: Peter Swire <peter@peterswire.net>
>>>>>>>  Date: Monday, June 10, 2013 7:47 AM
>>>>>>>  To: "public-tracking@w3.org" <public-tracking@w3.org>
>>>>>>>  Subject: June Draft of the DNT compliance spec
>>>>>>>  Resent-From: <public-tracking@w3.org>
>>>>>>>  Resent-Date: Mon, 10 Jun 2013 11:47:58 +0000
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> To the Working Group:
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         Attached please find a June Draft of the compliance spec.  The
>>>>>>> spec is also available at:
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-ju
>>>>>>> ne.html
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> This draft builds directly on the Consensus Action Summary from the
>>>>>>> Sunnyvale F2F.  Working closely with W3C staff, and based on numerous
>>>>>>> discussions with members of the WG, this June Draft is my best current
>>>>>>> estimate of a document that can be the basis for a consensus document in
>>>>>>> time for Last Call.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         The June Draft includes a number of grammatical and stylistic
>>>>>>> edits to various provisions of the previous working drafts.  These sorts
>>>>>>> of edits were done in hopes of adding clarity and good writing to the
>>>>>>> provisions.  In the spirit of humility, W3C staff and I recognize that
>>>>>>> members of the WG may spot substantive objections to these stylistic
>>>>>>> edits ­ let us work within a constructive spirit of the working group
>>>>>>> process to examine and, where appropriate, make changes to these edits.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         The Draft also addresses the four task areas included in the
>>>>>>> Consensus Action Summary.  In proposing language in the June Draft, my
>>>>>>> intent and belief was to make good substantive judgments about an
>>>>>>> overall package that may achieve consensus, as well as item-by-item
>>>>>>> judgments about what is substantively most defensible within the context
>>>>>>> of the WG.  Clearly, the group will need to work through each piece of
>>>>>>> the text, members can suggest alternatives, and we will need to
>>>>>>> determine where and whether consensus exists.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         The June Draft contains normative text but not non-normative
>>>>>>> text.  In part, this reflects my view that we have the best chance to
>>>>>>> work constructively on a relatively short amount of normative text.
>>>>>>> Proposed non-normative text can be proposed for provisions in time for
>>>>>>> Last Call.  As a potentially useful alternative, W3C has various
>>>>>>> mechanisms for publishing notes or other documents that illuminate a
>>>>>>> standard.  The best time for detailed discussion of most non-normative
>>>>>>> text quite possibly will be after Last Call.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         The June Draft discusses only items that the W3C WG can address.
>>>>>>> Clearly, the actions of others on these issues may be relevant to the
>>>>>>> overall outcome.  For instance, the DAA has discussed changes to its
>>>>>>> code, including on its market research and product development
>>>>>>> exceptions.   There has been discussion of a potentially useful limit on
>>>>>>> any blocking of 3d party cookies for sites that comply withDNT.  There
>>>>>>> may also be new and useful technical measures that would be important to
>>>>>>> the future of advertising in a privacy-protective manner.  The text
>>>>>>> here, as indicated, addresses what would be within the compliance spec
>>>>>>> itself.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         W3C staff and I are working on further explanatory materials
>>>>>>> that will seek to clarify the changes here, and link the June Draft to
>>>>>>> the issues on the WG site.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         The regular call this Wednesday will be an opportunity for the
>>>>>>> Group to have an initialdiscussion of the June Draft.  To give everyone
>>>>>>> a chance to review this material, we will not be seeking to close
>>>>>>> compliance issues during this Wednesday¹s calls.
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         Thank you,
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>         Peter
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Prof. Peter P. Swire
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> C. William O'Neill Professor of Law
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>            Ohio State University
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> 240.994.4142
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> www.peterswire.net <http://www.peterswire.net/>
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Beginning August 2013:
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Nancy J. and Lawrence P. Huang Professor
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Law and Ethics Program
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Scheller College of Business
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Georgia Institute of Technology
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>  
>>>>>  
>>>>  
>>>>  
>>>>  
>>>>  
>>>>  
>>>  
>>>  
>>>  
>>>  
>>>  
>>>  
>>   
>  
>  

Received on Thursday, 13 June 2013 20:58:24 UTC