- From: Kathy Joe <kathy@esomar.org>
- Date: Thu, 17 Oct 2013 14:21:25 +0200
- To: Nicholas Doty <npdoty@w3.org>
- Cc: Rob Sherman <robsherman@fb.com>, Public-tracking Working Group <public-tracking@w3.org>, "Edward W. Felten" <felten@CS.Princeton.EDU>, David Stark <david.stark@gfk.com>, Richard Weaver <rweaver@comscore.com>, Ronan Heffernan <ronan.heffernan@nielsen.com>, Elise Berkower <elise.berkower@nielsen.com>, "George.Pappachen@kantar.com" <George.Pappachen@kantar.com>, Adam Phillips <adam.phillips@realresearch.co.uk>, Susan Israel <Susan_Israel@Comcast.com>, "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
- Message-ID: <CE857104.32199%kathy@esomar.org>
Dear Nick, Many thanks for your notes. We agree with the proposed change on secondary uses. We also agree with moving the text on independent certification to the non-normative section. We suggest substituting Œmustą with Œisą or 'are' and to delete the words 'market research'. This is less specific but still fulfills our aim of providing an additional layer of explanation, transparency and control to users, ie "Parties conducting audience measurement are subject to an independent certification process under the oversight of a generally-accepted industry organization that maintains a web platform providing users with information about audience measurement research. This web platform lists the parties eligible to collect information under DNT standards and the audience measurement research permitted use and it provides users with the means to exclude their data if they so wish. " As we understand it, the non-normative section is intended to explain the requirements of the normative text and therefore we suggest replacing 'must' or similar words with 'is' or 'are' throughout so the language is consistent but does not broaden this permitted use or introduce uncertainty. We attach a draft implementing these changes. Best regards Kathy Joe, ESOMAR. From: Nicholas Doty <npdoty@w3.org> Date: Wednesday, October 16, 2013 5:28 AM To: Rob Sherman <robsherman@fb.com>, Kathy <kathy@esomar.org> Cc: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, Public-tracking Working Group <public-tracking@w3.org>, "Edward W. Felten" <felten@CS.Princeton.EDU>, David Stark <david.stark@gfk.com>, Richard Weaver <rweaver@comscore.com>, Ronan Heffernan <ronan.heffernan@nielsen.com>, Elise Berkower <elise.berkower@nielsen.com>, <George.Pappachen@kantar.com>, Adam Phillips <adam.phillips@realresearch.co.uk>, Susan Israel <Susan_Israel@Comcast.com> Subject: Re: ISSUE-25 on the agenda for the October 02 call Based on Kathy's comments here and on last week's call, I've updated the change proposal to move the independent certification process text into the non-normative subsection. As non-normative sections don't introduce normative requirements (which we note with the terms "MUST", "SHOULD", "MAY" in all caps), I've modified the text to remove the "MUST": > Parties conducting audience measurement might be subject to an independent > certification process under the oversight of a generally-accepted market > research industry organization that maintains a web platform providing user > information about audience measurement research. This web platform lists the > parties eligible to collect information under DNT standards and the audience > measurement research permitted use and it provides users with an opportunity > to exclude their data contribution. I would also suggest that we do that for all of the non-normative section (if that section is indeed not intended to introduce additional requirements on implementers). Thanks, Nick Reminder of the wiki link for this change proposal: http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Audience_Measurement#Aud ience_Measurement_Permitted_Use From: Nicholas Doty [mailto:npdoty@w3.org] To: Rob Sherman [mailto:robsherman@fb.com] Cc: Kathy Joe [mailto:kathy@esomar.org], Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org], (public-tracking@w3.org) [mailto:public-tracking@w3.org], Edward W. Felten [mailto:felten@CS.Princeton.EDU], David Stark [mailto:david.stark@gfk.com], 'Weaver, Richard' [mailto:rweaver@comscore.com], Ronan Heffernan [mailto:ronan.heffernan@nielsen.com], Berkower, Elise [mailto:elise.berkower@nielsen.com], George.Pappachen@kantar.com [mailto:George.Pappachen@kantar.com], 'Adam Phillips' [mailto:adam.phillips@realresearch.co.uk], Israel, Susan [mailto:Susan_Israel@Comcast.com] Sent: Wed, 16 Oct 2013 03:50:37 +0100 Subject: Re: ISSUE-25 on the agenda for the October 02 call Thanks for the message, Rob. We have a similar discussion on the security thread, regarding the phrasing of the proposal (which I believe is accepted by the WG) and a general prohibition on independent uses: http://www.w3.org/mid/9E3CA327-E815-4104-B2E5-F2AD48FCD481@apple.com <http://www.w3.org/mid/9E3CA327-E815-4104-B2E5-F2AD48FCD481@apple.com> I would suggest that Rob's suggestion is a friendly amendment to Kathy's proposal and likely to be unobjectionable, and that for this permitted use text as with security, there is an editorial question about whether we need to repeat prohibitions about other uses in each permitted use or rely on a general requirement stated elsewhere. Kathy or others who worked on this proposal, let me know if you are comfortable or not with Rob's suggested change. Thanks, Nick On October 6, 2013, at 8:59 PM, Rob Sherman <robsherman@fb.com <mailto:robsherman@fb.com> > wrote: I'd like to offer a change proposal to the ISSUE-25 text that Kathy supplied: In the bullet on secondary uses, I would suggest that we specify that the data "Must not be used for any purpose not otherwise permitted under this specification" rather than to say that it can't be used for an independent purpose, including profiling individual browsing behavior for advertising purposes. There are two thoughts behind this: (1) It is generally not permitted to build ad profiles of DNT:1 browsers' individual browsing histories. Saying this here seems to imply that it might be okay under other permitted uses, which I don't think is the intention. (2) I'd imagine that most parties that do audience measurement would also need to use data they collect for other permitted uses ‹ particularly, for technical purposes (making sure the system is working) or for security. Likewise, everyone has to comply with legal obligations, as our draft reflects. I don't think that this permitted use necessarily should be invalidated just because a company might engage in another permitted use or have to comply with legal obligations. I don't think this is a change in the general intention of the draft, but I believe this change is helpful to avoiding any unintended consequences. Rob Sherman On October 6, 2013, at 8:55 PM, Rob Sherman <robsherman@fb.com> wrote: > Kathy, thanks so much for your flexibility on this. It does seem a bit > unusual to call out a specific compliance regime in a W3C spec ‹ particularly > as we're not doing so anywhere else in our draft ‹ but I take your point that > the permitted use you are proposing is narrow and should be taken as such. > > Perhaps the easiest way to approach this would be consistent with what we are > doing with the other issues that are on the table: remove the last bullet of > your normative text as you suggest, and focus right now on normative text, > then consider what if any non-normative text is needed once we've resolved > normative. When we get to non-normative text later, I'd certainly be open to > describing a certification model as one example ‹ but given where we are in > the procedure I don't think we need to reach this question yet. > > Rob Sherman > Facebook | Manager, Privacy and Public Policy > 1299 Pennsylvania Avenue, NW | Suite 800 | Washington, DC 20004 > office 202.370.5147 | mobile 202.257.3901 > > Subject: ISSUE-25 on the agenda for the October 02 call >> Hi Rob, >> >> >> Many thanks for your note. >> >> >> Whilst there might be a range of audience measurement techniques, Issue 25 is >> specifically in connection with calibrating data obtained via opted-in >> panels. >> >> >> The key point is that since Issue 25 requires that only aggregated data be >> provided to clients, and that there is no release of PII collected for AMR >> for other purposes, we believe there needs to be independent oversight to >> check that companies claiming the AMR exemption are complying, with >> consistent application worldwide, also providing consumer information to >> provide an additional level of transparency and education for users. >> >> >> We would be willing to move the paragraph on the Œindependent certification >> processą to the non-normative section, especially as it was pointed out that >> the W3C standards do not include other compliance requirements. We also >> remain open to further discussion as the standard evolves in practice. >> >> Kathy Joe, >> >> Director, International Standards and Public Affairs >> >> >> <https://urldefense.proofpoint.com/v1/url?u=http://www.esomar.org/&k=ZVNjlDMF >> 0FElm4dQtryO4A%3D%3D%0A&r=Z08z%2F0RKK7k0ZWnWkl%2FVHThU6eMXcoJl9ldvo4wGeN0%3D% >> 0A&m=Q6HBWsbihgDbba%2BNHrZDNK92Y0PFBIKKaaKFZWjx1HI%3D%0A&s=98c5c0f473b70d482e >> b8531b4b0729feedaff5f11d7b4c25c73a6913b7e47916> >> Subject: Re: ISSUE-25 on the agenda for the October 02 call >> >> Kathy, >> >> I apologize that I missed the call today and wasn't able to participate in >> the discussion, but I do have a question about the last point that Ed raised >> below: I understand that AMR members have a particular framework in mind, >> but it seems most sensible to develop a permitted use for audience >> measurement that would apply to any party that wanted to engage in that >> practice, regardless of whether it was a member of a particular association >> or had a particular auditor. Would you consider modifications to the >> proposal that would make an association membership/auditing component >> optional but that would enable other parties to comply even if they were not >> eligible to or chose not to join the association? >> >> I think this comes up most significantly in the last bullet of your normative >> text, but there may be aspects of the non-normative text that are helpful for >> explanation within this group as we decide on what is the right path forward >> but that so specifically describe particular companies' business models that >> they're less helpful in a specification. >> >> Thanks. >> >> Rob >> >> Rob Sherman >> Facebook | Manager, Privacy and Public Policy >> 1299 Pennsylvania Avenue, NW | Suite 800 | Washington, DC 20004 >> office 202.370.5147 | mobile 202.257.3901 >>
Attachments
- application/msword attachment: 16_Oct_2013_DNT_W3C_Revised_text_Issue_25_Aggregated_data_collection_and_use_for_audience_measurement_research.doc
Received on Thursday, 17 October 2013 12:22:10 UTC