W3C DNT Working Group Moves to Close Out TPE Definitions as Member Dissention Continues
The World Wide Web Consortium-backed Do Not Track talks moved toward the first deadline for closing out definitions -- “tracking” and “party” -- since creating a new timeline last week, according to interviews with participants and a public email forum. The new tracking preference expression-focused path forward has caused in-group tension, prompting the chairs to clarify their new strategy. But in the group’s weekly Wednesday call, dissention remained over the group’s new direction -- even over the decision to first close out a definition for “tracking,” which is supposed to be wrapped up by Nov. 20, said co-chairman Justin Brookman, director of Center for Democracy and Technology’s Project on Consumer Privacy.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Participants worried after the call that the group is ignoring obvious issues with its strategy to simply close out issues. “It becomes pretty telling of what the problems are when the chair says, ‘Good point,’ and you have to interpret that as, ‘We completely see the obvious logic in your argument, but in the name of closing issues we choose cognitive dissonance,'” said KBM Group Chief Privacy Officer Brooks Dobbs after the meeting.
"I don’t think that’s a fair assessment,” Brookman said. “It’s more an issue of not letting the perfect be the enemy of the good.” He recalled a comment in Wednesday’s call where a group member said “we need to define ‘collect’ first.” That argument has merit, “but we can’t just back up and restart every process whenever someone suggests a new direction,” Brookman said. “People have said for years that we need to define ’tracking’ first.” The group will define “both in parallel,” he said.
The DNT group recently reoriented its focus to marching through TPE issues while temporarily pausing its compliance discussions. The chairs said they hoped to complete the TPE specification in 14 meetings, closing up all issues by February and then deciding how, or if, to proceed with a compliance specification. The shift was in response a group survey in which many respondents expressed discontent with the talks’ direction, pushing for either abandonment or an increased TPE focus. Several participants dismissed the utility of the new strategy after the chairs announced they would port over several definitions from compliance -- parties, first parties, third parties, network transaction, collect/retain/use/share, user, user agent and service provider -- in completing TPE. Chris Mejia of the Interactive Advertising Bureau in an email called it “an obvious merger” of TPE and compliance.
The chairs responded Monday. “The goal is to make the TPE specification self-contained such that the TPE can be understood on its own and no dependencies on the compliance spec remain,” they wrote in an email to the group. “To minimize our work, if a definition is required for both documents, we will define it in the TPE once and for both documents.” The email was an attempt to clarify the group’s goal and “follow the general will of the group,” Brookman told us. “The first thing to do is standardize how to say to the world I don’t want to be tracked.” The chairs’ email made the analogy of building the foundation of a house first that “later seamlessly integrate[s] with the emerging compliance spec."
"A standard TPE doesn’t have much meaning,” Dobbs said: To have any utility, a tech piece has to be defined to fit the compliance specification. Brookman told us the group is open to having its TPE work with multiple compliance specifications. “Maybe it should be the case that the signal is set and then there can be different responses,” he said. The Network Advertising Initiative has an Internet-based advertising code of conduct (http://bit.ly/HKdRVD), the Digital Advertising Alliance has developed regulations for online behavioral ads (http://bit.ly/1a8izqt) and Europe is considering more stringent privacy standards (CD Oct 30 p12). But a TPE specification that can work with any compliance document is too general to be useful, Dobbs said. “What I worry about if you railroad through a foundation that only fits one house above it and say, ‘We might discuss having any house above it’ -- you're not leaving yourself open to it."
Brookman said he’s confident the group will meet the Nov. 20 deadline to close out the definitions of “tracking” and “party,” which also includes related terms including “first party” and “third party.” The group is “pretty close on a lot of these things,” Brookman said. It was necessary to port over these definitions from the compliance specification, he said. That’s because leaving them to be defined in myriad hypothetical compliance documents might leave the landscape back where it started -- fractured and without agreement, he said. “That is a concern we have."
Meeting the Nov. 20 deadline would mean agreeing on “obfuscated” definitions, Dobbs said. While the group might settle on a definition for “track,” for instance, it still wouldn’t agree on words within that definition such as “collect” and “share,” said Dobbs. That may be true, Brookman said, but the group has gone to great lengths to be “sensitive” to these concerns and it needs to start producing. After “tracking” and “party,” the group will address the definition for “share,” he said, as well as “network transactions.” People will protest “no matter what,” he said. “We're still sorting it out trying to find a way forward.” -- Cory Bennett (cbennett@warren-news.com)