- From: Edward W. Felten <felten@CS.Princeton.EDU>
- Date: Wed, 6 Mar 2013 08:17:29 -0500
- To: Kathy Joe <kathy@esomar.org>
- Cc: Peter Swire <peter@peterswire.net>, Justin Brookman <justin@cdt.org>, "<public-tracking@w3.org>" <public-tracking@w3.org>
- Message-ID: <CANZBoGjzGTU2LvTPoZzuSeZY4eE-3gJvWJ3cbGErZWDXFvsraw@mail.gmail.com>
Kathy, thanks for providing this language. Echoing Rob, I would find it useful to have a clearer understanding of how your proposal would change what is allowed under the standard. The existing or likely safe harbors for consent, first-party practices, and unlinkable data would apply regardless of whether there is a special permitted use for research. To what extent does your proposal change the normative requirements of the standard relating to collection, retention and use of data? The text as provided seems to mix normative requirements with non-normative descriptions of the current practices of some companies. But I am not always clear on where the boundary lies. For example, I take the 53-week retention as a description of current practices, rather than a requirement that data must be kept for at least 53 weeks. On the other hand, the discussion of de-identification later in the same sentence is probably meant as normative. It would be nice to separate the text into normative and non-normative sections. Finally, if we are going to have a research exemption, I don't see why it should be limited to commercial research. Non-commercial research should be allowed as well, such as independent research on privacy practices and the effects of DNT, as long as the same normative requirements are met. On Wed, Mar 6, 2013 at 7:34 AM, Kathy Joe <kathy@esomar.org> wrote: > Here below is the revised text for issue 25 discussed with Justin and > others in the group with some modifications to take Justin's comments into > account. > > Information may be collected to create statistical measures of the reach > in relation to the total population, and frequency of exposure of the > content to the online audience, including paid components of web pages. One > such method is through using a panel of users who have affirmatively agreed > to have their media consumption and web surfing behavior measured across > sites. > > The panel output is calibrated by counting actual hits on tagged content > and re-adjusting the results in order to ensure data produced from the > panel accurately represents the whole audience. The counts must be > pseudonomised. Counts are retained for sample, quality control, and > auditing purposes during which time contractual measures must be in place > to limit access to, and protect the data from other uses. A 53 week > retention period is necessary so that month over month reports for a one > year period may be re-run for quality checking purposes, after which the > data must be de-identified. The counted data is largely collected on a > first party basis, but to ensure complete representation, some will be > third party placement. This collection tracks the content rather than > involving the collection of a user's browser history. > > The purposes must be limited to: > > facilitating online media valuation, planning and buying via accurate and > reliable audience measurement. > > optimizing content and placement on an individual site. > > Audience measurement data must be reported as aggregated information such > that no recipient is able to build commercial profiles about particular > individuals or devices. > > To clarify a comment from Justin about auditing, note that audience > measurement systems (whether TV, radio, print or online) are usually > managed or monitored by an independent body as > guarantee of accuracy with various stakeholders in a joint industry body > defining what is needed to provide a robust and impartial system. > > MRC handles this in the US whilst the JICWEBs reporting standards of ABC > handles this in the UK and AGMA is the German audit body. Here is > a longer list > http://www.i-jic.org/index.php?PHPSESSID=55143f172846ed39c7958cbeb837a85a > and here is ABC > http://www.abc.org.uk/PageFiles/50/Web%20Traffic%20Audit%20Rules%20and%20Guidance%20Notes%20version2%20March%202013%20master.pdf > > Regards > > Kathy Joe > ESOMAR > > > > -- Edward W. Felten Professor of Computer Science and Public Affairs Director, Center for Information Technology Policy Princeton University 609-258-5906 http://www.cs.princeton.edu/~felten
Received on Wednesday, 6 March 2013 13:18:15 UTC