Hindered by Inactive Congress and Its Structure, DNT Moves Forward in Pieces, Swire Says

Indeed, W3C has continued amid stakeholder defections, delays and open dissatisfaction among those who have remained (WID Oct 11 p1). But since a contentious member poll in October caused the group’s co-chairs to prioritize completing a technical preference expression (TPE) document before moving to a tracking compliance and scope (TCS) document, the process has stayed on track. On Feb. 11, Ninja Marnau, a lawyer and researcher for the Independent Centre For Privacy Protection Schleswig-Holstein, revealed via an email sent to the group’s public listserv (http://bit.ly/P8Sqm3) that “we will take a break from the weekly calls (but not from our work) until March 12 to finalize and review the TPE draft for Last Call.” “After the break, we plan to take up the work on [TCS] again.” Those dates dovetail with the early-to-mid 2014 timeline that Tracking Protection Working Group co-Chairman Justin Brookman -- also director of the Center for Democracy & Technology’s Project on Consumer Privacy -- told us he wanted to meet for the TPE after the group changed its tack in October.

Some members pushed back on the upcoming quick switch to TCS during a Feb. 12 working group call, according to group emails. But working group co-Chairman Carl Cargill, also principal scientist-standards at Adobe Systems, said in a listserv email that he plans to keep things moving (http://bit.ly/NG0XMf). “We believe that the larger community will be better served by moving ahead -- as scheduled -- with the TCS,” he said. The prioritized TPE document cannot move from last call to candidate recommendation -- “a document that W3C believes has been widely reviewed and satisfies the working group’s technical requirement,” according to W3C (http://bit.ly/1oxwHhK) -- until TCS gets a completed draft for last call, Cargill said. “If the TCS is delayed by several months, the further advancement of TPE to Candidate Recommendation will be slowed by the same amount,” Cargill said. He also said the group needs to recognize the calls from “users and stakeholders” to complete the TCS.

"It might not be as big a win,” but it’s “pieces” being slowly put together, Swire said. “There were times I thought I saw a path to making a [big] deal,” he said of his time as working group co-chair with Matthias Schunter, who remains a co-chair as well as chief technologist at Intel. Swire recalled a time in spring 2013 when the browser maker Mozilla threatened to turn off data flow and limit consumer access to online advertisements. “The browsers are in a position of some leverage because consumers only get to the websites and the ads if the browsers allow them,” he said. Mozilla’s move prompted a meeting between browser companies and advertisers, Swire said. “There was about 24 hours where I thought there was that agreement,” he said. “But we couldn’t get it to stick together."

The working group’s problems arise from its structure and a gridlocked U.S. government, Swire said. “The ability to make deals is not very well created within the W3C process,” he said. “It’s really supposed to be consensus that’s more bottom-up.” Swire compared it to Congress, where specific issues fall to committees and a committee chair is deputized with control over an up-or-down vote on the issue before it reaches the floor. “The chair becomes the center and people fight around the edges, and you get an up-and-down vote,” Swire said. That process -- unlike that of the W3C working group -- incentivizes deal making, he said.

"Perhaps,” current working group co-chair Brookman told us in a follow-up interview. “But I think the bigger problem is that a lot of the participants in the room don’t feel enough incentive to compromise,” he said. Brookman pointed out that after Swire’s departure, the group altered its decisionmaking process. “Now, the chairs have authority to make decisions when the group is stalled,” he said. “That means we make progress, and should incentivize folks to come to consensus rather than hope the chairs decide their way."

And Congress’s structure hasn’t led to any deal making on the Hill either, which has hurt the W3C, Swire said. “One of the problem we have in the United States is that it’s not credible to say, ‘Congress will act,'” he said. Historically, when Congress has threatened privacy legislation, industry has responded, he said. Swire worked in the Clinton White House as the Office of Management and Budget’s first chief counselor for privacy. During that time, industry was ignoring the administration’s and the FTC’s request to adopt privacy policies, he said. Congress moved to “the verge of passing an Internet privacy bill” and “industry zoomed up with their privacy policies within 24 months,” Swire said. Congress backed off.

Congress’s threat was real, he said, because in the last few years of the 1990s, Congress passed the Health Insurance Portability and Accountability Act, Children’s Online Privacy Protection Act, Gramm-Leach-Bliley Act and Digital Millennium Copyright Act. Today, Congress can’t pass a budget or raise the debt ceiling, he said. “So are they going to pass a complex privacy bill? Boy, it’s really hard to see that happening."

"This is a big concern,” Brookman said. “Why would ad networks agree to massive, painful changes without a stick?” But he circled back to Swire’s point about browser leverage over advertisers. “There is another stick, though -- the browsers,” he said. “They're increasingly competing on privacy, and they know their users care about tracking.” Browsers have many unused tools available that are far worse than a DNT signal, Brookman said. “They can strip cookies, block JavaScript, limit calls [to third-party networks] or block entirely,” he said. And increasingly, Brookman sees additional “sticks” coming from European regulators and publishers pushing back against ad networks. “So there’s still some incentive to come up with a solution.”

"What’s important is that something ought to be developed, whether it’s industry developing it, or whether it’s W3C,” said the FTC’s Ramirez in her Q-and-A. Industry has pushed forward with its own DNT specifications. The Digital Advertising Alliance (DAA) -- a consortium of ad and marketing trade associations -- split off from the W3C-backed group to launch its own talks focusing on TCS (WID Oct 9 p1, Oct 15 p8). The W3C working group had previously rejected a DAA DNT proposal in July (WID July 17 p1). DAA -- which has not made its talks public -- expects to release its compliance document sometime in early-to-mid 2014 (WID Dec 27 p1). Direct Marketing Association senior Vice President-Government Affairs Peggy Hudson confirmed the timeline, telling us the document was still under review, but would be coming out in “the not-to-distant future.” Swire has heard the same thing: “I'm told that might be coming to fruition.” Half of cookies are about demographics for market research, not about tracking, Swire said. This agreement could create a “self-regulatory agreement that has never existed before,” for this type of data collection, Swire said.

It’s one of the pieces of DNT that Swire thinks will start appearing from various groups, including W3C. These pieces could eventually build into a DNT standard, he said. Brookman has noticed these pieces, too. “I think we'll see iterations on DNT compliance over the next year or so,” he said. Brookman has noticed iOS’s and Android’s “limit tracking” options “are remarkably similar,” he said. When turned on, third parties can collect only data “for fairly narrow categories of usage,” such as ad delivery and security and fraud prevention, “but not broad categories like research or behavioral targeting,” he said.

"I hope [Swire] is right that eventually they converge onto one consensus approach,” Brookman said. Ramirez also has hope. “It remains my hope, that an effective system where consumers are able to exercise choices” is eventually developed, she said.