Re: June Draft of the DNT compliance spec from Alan Chapell on 2013-06-13 (public-tracking@w3.org from June 2013)

From: Alan Chapell <achapell@chapellassociates.com>
Date: Thu, 13 Jun 2013 17:05:30 -0400
To: Peter Swire <peter@peterswire.net>, "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <CDDFAC52.332D0%achapell@chapellassociates.com>
Thanks Peter.


From:  Peter Swire <peter@peterswire.net>
Date:  Thursday, June 13, 2013 5:03 PM
To:  "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>,
"public-tracking@w3.org" <public-tracking@w3.org>
Subject:  Re: June Draft of the DNT compliance spec
Resent-From:  <public-tracking@w3.org>
Resent-Date:  Thu, 13 Jun 2013 21:04:11 +0000

> Let me add that the intersection of the TPE and compliance specs does arise
> here, and within W3C we are in the process of trying to sort through what will
> go where.
> 
> Thanks,
> 
> Peter
> 
> 
> 
> Prof. Peter P. Swire
> C. William O'Neill Professor of Law
> Ohio State University
> 240.994.4142
> www.peterswire.net
> 
> Beginning August 2013:
> Nancy J. and Lawrence P. Huang Professor
> Law and Ethics Program
> Scheller College of Business
> Georgia Institute of Technology
> 
> 
> From:  "Matthias Schunter   (Intel Corporation)" <mts-std@schunter.org>
> Date:  Thursday, June 13, 2013 4:34 PM
> To:  "public-tracking@w3.org" <public-tracking@w3.org>
> Subject:  Re: June Draft of the DNT compliance spec
> Resent-From:  <public-tracking@w3.org>
> Resent-Date:  Thursday, June 13, 2013 4:34 PM
> 
> Hi Team,
> 
> 
> while we should not revisit this issue, I believe that it is useful to
> fine-tune our joint understanding of the words "unless a specific tracking
> preference is implied by the decision to use that agent."
> 
> While I do not expect changes to the normative text (unless we discover
> serious problems), the discussion may enable us to further clarify by adding
> non-normative text and examples. Even if we do not add text, we will end up
> with a better joint understanding...
> 
> That said, we may also spend some effort on the issues that are formally open
> at this point. ;-)
> 
> 
> Regards,
> matthias
> 
> 
> On 13/06/2013 20:08, John Simpson wrote:
>> Indeed, there has long been this language in Section 3 of the TPE,
>> Determining User Preference:
>> 
>> "A user agent MUST have a default tracking preference of unset (not enabled)
>> unless a specific tracking preference is implied by the decision to use that
>> agent. For example, use of a general-purpose browser would not imply a
>> tracking preference when invoked normally as SuperFred, but might imply a
>> preference if invoked as SuperDoNotTrack or UltraPrivacyFred. Likewise, a
>> user agent extension or add-on MUST NOT alter the tracking preference unless
>> the act of installing and enabling that extension or add-on is an explicit
>> choice by the user for that tracking preference.
>> 
>> Looks to me like it's open season on any text that many of us understood to
>> represent consensus...
>> 
>> On Jun 13, 2013, at 7:00 AM, Justin Brookman <jbrookman@cdt.org> wrote:
>> 
>>> I was just giving the historical context.  The idea that a privacy-specific
>>> user agent could send DNT:1 without more disclosure had been agreed to for
>>> several months, and then was later revisited.  Similar to the security
>>> language that had been worked out nearly a year ago . . .
>>> 
>>> Please say that no one has an action item to redefine "party." :)
>>> 
>>> On Jun 13, 2013, at 9:53 AM, Chris Mejia <chris.mejia@iab.net> wrote:
>>> 
>>>> Hi Justin,
>>>> 
>>>> I don't believe we are in full agreement on this.  Please see the text that
>>>> Alan and I submitted yesterday, on requirements for agents sending/altering
>>>> a user's preference expression.
>>>> 
>>>> Best,
>>>> 
>>>> Chris
>>>> 
>>>> ++++++++++++++++++++++++
>>>> Chris Mejia
>>>> Digital Supply Chain Solutions
>>>> Ad Technology Group
>>>> Interactive Advertising Bureau - IAB
>>>> 
>>>> 
>>>> On Jun 10, 2013, at 11:37 AM, "Justin Brookman" <jbrookman@cdt.org> wrote:
>>>> 
>>>>> Previously, I thought we had agreement that selection of a special
>>>>> privacy-protective product or setting could imply consent to send DNT:1
>>>>> This agreement is currently reflected in the TPE in Section 3:
>>>>> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determ
>>>>> ining.  For example, I believe that Safari turns on DNT:1 whenever someone
>>>>> engages "Private Browsing" mode, despite no specific language about Do Not
>>>>> Track: http://www.apple.com/safari/features.html
>>>>> 
>>>>> However, that language/agreement may have been subsumed by more recent
>>>>> discussions.
>>>>> 
>>>>> On Jun 10, 2013, at 11:15 AM, "Craig Spiezle" <craigs@otalliance.org>
>>>>> wrote:
>>>>> 
>>>>>> I apologize for possibly bringing up a closed issue, but do you see a
>>>>>> distinction between a browser or a privacy / security enhancing product?
>>>>>> I agree with what is proposed by a browser, but see there might be other
>>>>>> scenarios where the consumer is making an implied decision when acquiring
>>>>>> a third party security / privacy add-on?.
>>>>>>  
>>>>>> Conceptually let¹s call the product Privacy and Data Protector which by
>>>>>> default out of the box offers ³maximized protection of your data
>>>>>> collection and privacy².   Could one argue that one who purchases such a
>>>>>> product in effect is making an implied decision to use such
>>>>>> functionality.  Better yet Ad-Block Plus?
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>> From: Shane Wiley [mailto:wileys@yahoo-inc.com <http://yahoo-inc.com/> ]
>>>>>> Sent: Monday, June 10, 2013 7:17 AM
>>>>>> To: Alan Chapell; Peter Swire; public-tracking@w3.org
>>>>>> Subject: RE: June Draft of the DNT compliance spec
>>>>>>  
>>>>>> Friendly amendment suggestion:
>>>>>>  
>>>>>> ³Šunless they have otherwise obtained consent from the user to do so.²
>>>>>>  
>>>>>> - Shane
>>>>>>  
>>>>>> From: Alan Chapell [mailto:achapell@chapellassociates.com]
>>>>>> Sent: Monday, June 10, 2013 6:31 AM
>>>>>> To: Peter Swire; public-tracking@w3.org
>>>>>> Subject: Re: June Draft of the DNT compliance spec
>>>>>>  
>>>>>> Thanks Peter. I'm still generally uncomfortable that DNT doesn't place
>>>>>> requirements on First Parties.
>>>>>>  
>>>>>> One item of particular concern that seems to have fallen off the radar is
>>>>>> the scenario where a party collects data in a first party context and
>>>>>> attempts to use it in a third party context when DNT is enabled. I
>>>>>> thought there was agreement on this issue. However, I keep raising it,
>>>>>> and it doesn't seem to make it into the drafts. Perhaps its implied in
>>>>>> the language "Š customize the content, services, and advertising in the
>>>>>> context of the first party experience." However, it is not clear enough,
>>>>>> IMHO.
>>>>>>  
>>>>>> To address, I offer the following language to Section 4 (First Party
>>>>>> Compliance). The new language is below.
>>>>>>  
>>>>>> First Parties must not use data collected while a First Party when acting
>>>>>> as a Third-Party when DNT = 1.
>>>>>>  
>>>>>>  
>>>>>> Nick  if I need to open up another issue on this, please let me know.
>>>>>> Thanks!
>>>>>>  
>>>>>> Alan
>>>>>> From: Peter Swire <peter@peterswire.net>
>>>>>> Date: Monday, June 10, 2013 7:47 AM
>>>>>> To: "public-tracking@w3.org" <public-tracking@w3.org>
>>>>>> Subject: June Draft of the DNT compliance spec
>>>>>> Resent-From: <public-tracking@w3.org>
>>>>>> Resent-Date: Mon, 10 Jun 2013 11:47:58 +0000
>>>>>>  
>>>>>>> To the Working Group:
>>>>>>>  
>>>>>>>         Attached please find a June Draft of the compliance spec.  The
>>>>>>> spec is also available at:
>>>>>>>  
>>>>>>> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-ju
>>>>>>> ne.html
>>>>>>>  
>>>>>>> This draft builds directly on the Consensus Action Summary from the
>>>>>>> Sunnyvale F2F.  Working closely with W3C staff, and based on numerous
>>>>>>> discussions with members of the WG, this June Draft is my best current
>>>>>>> estimate of a document that can be the basis for a consensus document in
>>>>>>> time for Last Call.
>>>>>>>  
>>>>>>>         The June Draft includes a number of grammatical and stylistic
>>>>>>> edits to various provisions of the previous working drafts.  These sorts
>>>>>>> of edits were done in hopes of adding clarity and good writing to the
>>>>>>> provisions.  In the spirit of humility, W3C staff and I recognize that
>>>>>>> members of the WG may spot substantive objections to these stylistic
>>>>>>> edits  let us work within a constructive spirit of the working group
>>>>>>> process to examine and, where appropriate, make changes to these edits.
>>>>>>>  
>>>>>>>         The Draft also addresses the four task areas included in the
>>>>>>> Consensus Action Summary.  In proposing language in the June Draft, my
>>>>>>> intent and belief was to make good substantive judgments about an
>>>>>>> overall package that may achieve consensus, as well as item-by-item
>>>>>>> judgments about what is substantively most defensible within the context
>>>>>>> of the WG.  Clearly, the group will need to work through each piece of
>>>>>>> the text, members can suggest alternatives, and we will need to
>>>>>>> determine where and whether consensus exists.
>>>>>>>  
>>>>>>>         The June Draft contains normative text but not non-normative
>>>>>>> text.  In part, this reflects my view that we have the best chance to
>>>>>>> work constructively on a relatively short amount of normative text.
>>>>>>> Proposed non-normative text can be proposed for provisions in time for
>>>>>>> Last Call.  As a potentially useful alternative, W3C has various
>>>>>>> mechanisms for publishing notes or other documents that illuminate a
>>>>>>> standard.  The best time for detailed discussion of most non-normative
>>>>>>> text quite possibly will be after Last Call.
>>>>>>>  
>>>>>>>         The June Draft discusses only items that the W3C WG can address.
>>>>>>> Clearly, the actions of others on these issues may be relevant to the
>>>>>>> overall outcome.  For instance, the DAA has discussed changes to its
>>>>>>> code, including on its market research and product development
>>>>>>> exceptions.   There has been discussion of a potentially useful limit on
>>>>>>> any blocking of 3d party cookies for sites that comply withDNT.  There
>>>>>>> may also be new and useful technical measures that would be important to
>>>>>>> the future of advertising in a privacy-protective manner.  The text
>>>>>>> here, as indicated, addresses what would be within the compliance spec
>>>>>>> itself.
>>>>>>>  
>>>>>>>         W3C staff and I are working on further explanatory materials
>>>>>>> that will seek to clarify the changes here, and link the June Draft to
>>>>>>> the issues on the WG site.
>>>>>>>  
>>>>>>>         The regular call this Wednesday will be an opportunity for the
>>>>>>> Group to have an initialdiscussion of the June Draft.  To give everyone
>>>>>>> a chance to review this material, we will not be seeking to close
>>>>>>> compliance issues during this Wednesday¹s calls.
>>>>>>>  
>>>>>>>         Thank you,
>>>>>>>  
>>>>>>>         Peter
>>>>>>>  
>>>>>>>  
>>>>>>>  
>>>>>>> Prof. Peter P. Swire
>>>>>>> C. William O'Neill Professor of Law
>>>>>>>            Ohio State University
>>>>>>> 240.994.4142
>>>>>>> www.peterswire.net <http://www.peterswire.net/>
>>>>>>>  
>>>>>>> Beginning August 2013:
>>>>>>> Nancy J. and Lawrence P. Huang Professor
>>>>>>> Law and Ethics Program
>>>>>>> Scheller College of Business
>>>>>>> Georgia Institute of Technology
>>>>>>>  
>>>>> 
>>> 
>> 
>
Received on Thursday, 13 June 2013 21:06:05 UTC