Re: GCTF: Conclusions and minutes

Big thanks to Rigo for leading the efforts on the Global Considerations
Task Force.

For ease of reading, here is the outcome of the meeting, with this text
agreed upon by the group in Berlin:

1. The group had a constructive discussion, with civil and detailed
analysis of the relevant issues.

2. Task Force should proceed. There was consensus that the Global
Considerations Task Force (GCTF) should continue to work on issues
relating to DNT:0 setting. Members of the working group are welcome to
join the GCTF mailing list by writing to rigo@w3.org.See also the Archives
of public-tracking-international at. w3.org
<http://lists.w3.org/Archives/Public/public-tracking-international/>

3. Gap analysis. The first task for the GCTF is to assess the delta
between the current DNT draft specification and what is legally required
under current EU law. Also, assess the delta between the DNT draft
specification and the EDAA approach. There may be a similar gap analysis
with respect to Canadian law, pursuant to the opinion of the Office of the
Federal Privacy Commissioner concerning OBA. The Group will explore also
other jurisdictions (Australia, Hongkong, Japan)

4. Standard contract. Once gap analysis is concluded, there will be
discussion, including DPAs, industry, and other stakeholders, of the
meaning of DNT:0 compliance. The group discussed the possible usefulness
of a ³standard contract² that could be understood in the EU as authorizing
a number of actions by the server. The standard contract would not have to
address all possible uses; for instance, it likely would not authorize
collection and use of ³sensitive² data such as the categories in Article 8
of the EU Data Protection Directive.

5. After the gap analysis. One gap analysis is concluded, there will be a
go/no-go discussion about how and whether the GCTF will proceed. That
discussion will include consideration of the practicality and
implementability of any normative text. One path may be drafting of a
³standard contract² that could be understood in the EU as authorizing a
number of actions by the server. Another path might recognize that meeting
the DNT:0 standard will not be sufficient to reach the level of legal
requirements in the EU (and possibly elsewhere). In that case, an option
might be to explore if DNT:0 could be a mechanism for providing a specific
grant of permission by a user to an action by a server.

Suggested wording for the second path from Justin Brookman: There was some
recognition at the meeting that the DNT standard we're negotiating will in
any event not be sufficient to reach the level of legal requirements in
the European Union (and quite possibly elsewhere). Instead of repurposing
DNT:0 as web-wide (or more granular) agreement to a set of less
controversial uses (such as first-party analytics, first-party
personalization, or audience measurement), we could edit the TPE (and to a
lesser extend to allow for *any* party (first or third) to take advantage
of the exception-API mechanism to ask for consent if that party believes
that adhering to the DNT standard alone will not be sufficient for legal
compliance in a particular jurisdiction. Thus, if a first party believes
it needs consent to do first-party analytics despite the TCS exemption of
first parties from compliance obligations, that first party could call the
exception-API to get permission to engage in tracking on its own domain.
Or if market research was deemed a permitted use, an audience measurement
company could still trigger a call to the API for consent to track around
the web even if the TCS allowed for market research.

6. Time line. The GCTF plans to work intensively to determine if normative
text is appropriate concerning DNT:0. The GCTF understands that normative
text is subject to the Working Groupıs July, 2013 deadline for Last Call.
It also understands that any such normative text would be included in the
compliance spec only if consensus is reached in the Working Group.

7. Possible non-normative text. In addition to determining whether and
what to propose as normative text, the GCTF may work on non-normative
text. Specifically, the group discussed the possibility of drafting a
Note, which would be subject to discussion and review in the full Working
Group. Topics of the non-normative text may include a guide about
compliance with the compliance spec, with citations and assistance to
organizations in different regions about local requirements and
implementation.





Professor Peter P. Swire
C. William O'Neill Professor of Law
    Ohio State University
240.994.4142
www.peterswire.net





-----Original Message-----
From: Rigo Wenning <rigo@w3.org>
Organization: W3C
Date: Friday, March 15, 2013 12:49 PM
To: Tracking Protection Working Group WG <public-tracking@w3.org>
Subject: GCTF: Conclusions and minutes
Resent-From: <public-tracking@w3.org>
Resent-Date: Friday, March 15, 2013 12:50 PM

>Dear all;
>
>The Global Considerations Task Force had a very fruitful meeting in
>Berlin on 11-12 March. We had really deep and complex discussions. This
>was the kick-off of the further work. I have put minutes, issues and
>conclusions on the web:
>
>We have the Global considerations homepage:
>http://www.w3.org/2011/tracking-protection/international.html
>
>We have the page for the Berlin event with Minutes:
>http://www.w3.org/2011/tracking-protection/130311-gloco.html
>
>And we have an interim page for conclusions and issues until I get
>things into tracker:
>http://www.w3.org/2011/tracki
><http://www.w3.org/2011/tracking-protection/130311-gloco-list.html>



>ng-protection/130311-gloco-list.html
><http://www.w3.org/2011/tracking-protection/130311-gloco-list.html>
>
>The last URI contains also the conclusions as worked out with Peter in
>the "next steps" session at the end of the meeting.
>
>
> --Rigo
>
>
>

Received on Friday, 15 March 2013 17:34:25 UTC