Eprivacy Issues and

1
Eprivacy Issues and Their Potential Effect on
Online Data Collection
Anna Long Founder and Principal Analyst Web
AnalyticaSM
2
Agenda

• ePrivacy Whats the Problem?
• Three Attempts to Address ePrivacy Issues
• EU ePrivacy Directive
• W3C Tracking Protection Working Group
• W3C Customer Experience Digital Data Community
  Group

1 - 2
3
Online Privacy Whats the Problem?

• The landscape
• The Wall Street Journal, The New York Times, Time
  Magazine, and other news organizations have
  written articles raising concerns about abuse of
  privacy online.
• The Privacy Rights Clearinghouse, Consumer
  Watchdog, Consumer Action, and the Center for
  Digital Democracy have voice concerns about
  online privacy.
• Politicians and regulators in the US and other
  regions have conducted studies, held hearings,
  and introduced legislation attempting to address
  online privacy violations.

4
Technologys Impact on Privacy
Concerns about technologys impact on privacy
pre-date the commercialization of the World Wide
Web.
4
5
Technologys Impact on Privacy
A new protocol being developed by the Internet
Engineering Task Force (IETF) has raised privacy
concerns. Internet Protocol Version 6 (IPv6) is
the "next generation" protocol designed by the
IETF to replace the current version Internet
Protocol (IPv4)... The new addressing
structure, however, may mean that every packet
can be traced back to each user's unique network
interface card ID That information... forms the
basis of the privacy concerns raised by some
observers of the IETF process.
Concerns about the Internets effect on privacy
go back to the last century.
5
6
Online Privacy Is This The Problem?
6
7
Whats to Be Done about ePrivacy Issues?

• Three major initiatives are underway
• European Unions ePrivacy Directive applies
  regulation to cookie storage
• World Wide Web Consortium (W3C) Tracking
  Protection Working Group developing standards to
  put tracking control in the hands of individual
  website users
• W3C Customer Experience Digital Data Community
  Group creating standards that put control in
  the hands of website owners

7
8
Europe Union ePrivacy Directive

• The European Commission has had an online privacy
  directive (Directive 2002/058 on Privacy and
  Electronic Communications) in place for over a
  decade.
• 2002 version required website owners to inform
  visitors about cookie placement and offer a
  method of refusing cookies (opt-out)
• 2009 version requires website owners to gain
  permission from visitors before storing any
  cookies not essential to basic site operation
  (opt-in)
• The opt-in requirement of the 2009 revision
  caused an uproar in the European online
  community. Many feared it would severely disrupt
  visitors website experiences and put European
  online commerce at a severe competitive
  disadvantage.

8
9
EU ePrivacy Directive 2009 Revision
"Member States shall ensure that the storing of
information, or the gaining of access to
information already stored, in the terminal
equipment of a subscriber or user is only allowed
on condition that the subscriber or user
concerned has given his or her consent, having
been provided with clear and comprehensive
information, in accordance with Directive
95/46/EC, inter alia, about the purposes of the
processing.... From 2009 Revision of
Article 5(3) of Directive 2002/58/EC, emphasis
added
10
European Union Legislative ActivityThe Cookie
Laws

• European Commission directed all EU members to
  incorporate the amended ePrivacy Directive into
  their national laws by 25 May 2011.
• Many members did not meet that deadline and
  still have not put regulation in place.
• UK enacted regulations requiring opt-in checks
  as of 26 May 2011 and immediately postponed
  enforcement for a year.
• When the UK regulation took effect, the UK
  Information Commissioners Office (ICO) urged
  quick action, but the law was quickly derided as
  anti-competitive, confusing, and harmful.
  Eventually, even the ICO took down its cookie
  opt-in pop-up.

10
11
BBC Food An Example of a Cookie Opt-In (Almost)
12
David Naylor An Example of a Cookie Opt-In
(Parody)
13
How the UK Cookie Law has Played Out One View
From http//blog.silktide.com/2013/01/the-stupid-c
ookie-law-is-dead-at-last/more-2942
14
What the UK Cookie Law Has Achieved One Opinion
From http//blog.silktide.com/2013/01/the-stupid-c
ookie-law-is-dead-at-last/more-2942
15
W3C Tracking Protection Working GroupBackground

• In Spring 2011, the World Wide Web Consortium
  (W3C) created its Tracking Protection Working
  Group to deliver standards for communicating and
  conforming to website visitors privacy
  preferences.
• From the beginning, this was a high-profile group
  with members from technical fields, governments,
  and industry associations, but dominated by
  privacy advocates and advertising industry
  groups.

15
16
W3C Tracking Protection Working GroupThe Twists
and Turns

• Between September 2011 and April 2014, the
  groups work has included
• Multiple drafts of two specifications
• Tracking preference expression (the Do Not Track
  (DNT) flag)
• Website compliance
• 9 face-to-face meetings in Europe and US
• 111 teleconferences
• 242 issues raised
• 447 actions assigned
• 5 co-chairs
• 2 charter extensions

16
17
W3C Tracking Protection Working GroupWhere Does
The Project Stand?

• The latest
• Summer 2013 Digital Advertising Alliance
  stand-off forced co-chairs to choose sides.
  Result several resignations and group went on
  hiatus.
• W3C surveyed the remaining working group members
  to determine how to proceed. Chose to proceed,
  but losing members and shrinking scope.
• One spec (tracking preference expression)
  approaching release for public comment
• Meanwhile, all major browsers as well as some
  software operating systems and utilities are
  offering the DNT flag as an option or a default.
  Most websites are ignoring the flag.

17
18
W3C Customer Experience Digital Data Community
GroupBackground

• This W3C Project was formed by the merger of two
  standardization initiatives, one led by Google
  and Qubit, the other by IBM
• It is being driven primarily by technologists and
  analysts
• The Groups mission is to identify a standard
  framework for analytics data, both for efficiency
  and to enhance analytics capabilities
• Because much of this data is of a sensitive or
  private nature, privacy must be addressed along
  with other standardization issues

18
19
W3C Customer Experience Digital Data Community
GroupStandard Analytics Data Object (Current as
of Spec. 1)
19
20
W3C Customer Experience Digital Data Community
GroupPermissions Mapping
Example of a mapping table
www.calc.com analytics www.adsRus.com
advertising www.audit.com financial www.oursi
te.com personalization
21
W3C Customer Experience Digital Data Community
GroupArchitecture (Current Vision)
www.BigAds.com
Access Permissions Table
Data
Request
Request
www.calc.com analytics www.adsRus.com
advertising www.audit.com - financial
Access Control Layer
21
22
W3C Customer Experience Digital Data Community
GroupBenefits

• In developing the specification with these
  features, the Group is attempting to set up an
  analytics data architecture that
• Provides standardized data to be used by all
  analytics products
• Is flexible, extensible, and customizable for
  regions, industries, and organizations
• Offers the potential for more analytics
  integration (such as web application
  performance monitoring)

If you are interested in participating in this
effort as it moves to the next stage of
standardization, contact me.
23
Anna LongFounder and Principal AnalystWeb
AnalyticaSM

• Email anna.m.long_at_webanalytica.net
• LinkedIn linkedin.com/in/annamlong
• Twitter _at_webbylytical
• Cary, NC
• Washington, DC
• 919 349-5725