Present: Don, Dan, Jeffrey, Pete, Wendy, Sam, Christine Regrets: Nick
J: feedback I got is that it's just after GPC but doesn't explain GPC... So just adding the preference about data sale to this list would fix it.
Dan: can we do that and ask Robin to review?
Don: i like removing GDPR as mention of a specific law... people mistake the current state of GDPR semienforcement for what is actually required by GDPR... not future proofed... (document should not refer to one particular level of enforcement of a particular law at one specific time)
Don: i feel we can imply that's likely GPC will be recognized as objection to processing (in places that have such a thing) without mentioning specific jurisdiction or the state of enforcement at any time
Pete: move GPC to an example section?
J: it's an example - we have GPC as an example ... but we have list of things GPC might do doesn't overlap. They are in different paragraphs... might break the flow to move it to another section.
J: can be read to imply that the next paragraph describes GPC. But adding something about sale to this list woulf fix the problem.
Don: realistically it's more likely that regulators that enforce GDPR will enforce GPC as an Art. 21 objection than that they'lll continue to allow you to ignore it -- we want this to be useful for many years, so cover principles and not what you can get away with in a particular country at the present time.
Jeffrey: Wendy suggested one... I think it needs a PR...
Wendy: the piece of literature (Jack Balkin) that started the conversation about information fiduciaries. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3700087 Seems to satisfy the need we're addressing. It has started a bunch of debate over concept of fiduciary ... we're far from saying "this is the solution" - but it's useful and generally acknowledged as a good branch...
Jeffrey: I will swap it in.
Jeffrey: discussion on issue - a lot of it is yes... We're requiring things of the web that print doesn't do but not acknolwedging it - are we holding the web to a higher standard? I think saying "offline ads violates these principles sometimes" might fix.
Don: I'm not convinced. You can go to a newsstand and pay cash for a magazine and do research... The area where the web is substantially different from print is in the terms of service as contracts and the effect of most website ToS is to prohibit the kind of investigation that would make it easier to discover deceptive ads.
J: Enforceable?
Don: depends on jurisdiction (CFAA enforcement seems to be in flux in the USA, not sure about elsewhere?)
J: seems like the kind of research you'd do in print vs the web ... those seem similarly difficult...
Wendy: i agree with Don - the ToS and degrees of individualized targetting and lack of an easily closed loop on print adv. make it different in terms of the user's relation to it.
J: in print only targeting you get is by demographic of readers of the magazine... On the web you have another option...
Dan: maybe we do need to hold to a higher standard
Don: much of the way web adv is designed is optimized for delivering scam ads -- if you're doing a precious metal scam ad in print - it's more likely that other members of the household would see it, but it's extremely easy to target senior citizens on the web
Wendy: I'll try to add to the PR commentary. I think we might be getting beyond privacy per se - sure print can collectively discriminate but it may not be as tied to our privacy as other societal goals...
Jeffrey: might be something - a change to the section about discoverability mitigates these group harms... if people outside the group can easily seen what is being targetted towards the group that might be good... and that could inform the design of web apis...
Don: brings it back to ToS - ToS on large platforms designed to forbid practices to research which deceptive ads are delivered to you (NYU/Facebook drama)
Don: a publisher tried to put a ToS in a printed book - however that was ruled invalid by a court (see First Sale Doctrine in the USA)
Jeffrey: will come up something about discoverability.
J: some experts don't like us using this word... removing would improve compliance with TAG styleguide...
Dan: I'm sympathetic to removing it ... someone else interested in re-wording these 3 spots...
Dan: to make PR
J: Michael's last comment in the issue is useful. We talk about "vivid" and "explciit and deliberate specfic action". Robin is saying that to authorize some kind of data use you should click something that approves.. just clicking on a link is not that. We're overstating or being vague.
Pete: He gives the option of prompting for cookies as a bad example... but it leads to browsers having more controls and users having more controls which is a good thing. Cookie notifications... have given user's controls...
J: we want more systematic controls... our text says "a deliberate specific action"
Pete: depends on what you mean by specific...
J: it doesn't refer to the particular use... seems more general than a cookie banner..
J: might convince michael to suggest text for this...
Dan: can this simplify language?
J: I suspect so...
Don: I think we're confused about indicators and cookie banners... people are assuming that a banner is a dialog that requires some action from a user... I added another example of animated characters that remind people of govt. surveillance... An easy way to show the user that there's a data collection practice... there's got to be a clear distinction between an indicator and requiring clicking through on a dialog.
agreed to close
J: i think we can close. don wrote something explaining why
Dan: Happy to close on that basis.