Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1
Eprivacy Issues and
Their Potential Effect on
Online Data Collection
Anna Long
Founder and Principal Analyst
Web Analyti...
2
1 - 2
Agenda
• ePrivacy – What’s the Problem?
• Three Attempts to Address ePrivacy
Issues
– EU ePrivacy Directive
– W3C ...
3
Online Privacy – What’s the Problem?
The landscape:
•The Wall Street Journal, The New York Times, Time Magazine,
and oth...
4
Technology’s Impact on Privacy
Concerns about
technology’s impact
on privacy pre-date
the commercialization
of the World...
5
Technology’s Impact on Privacy
“A new protocol being developed by the Internet
Engineering Task Force (IETF) has raised ...
6
Online Privacy – Is This The Problem?
7
What’s to Be Done about ePrivacy Issues?
Three major initiatives are underway:
• European Union’s ePrivacy Directive: ap...
8
Europe Union ePrivacy Directive
The European Commission has had an online privacy directive
(Directive 2002/058 on Priva...
9
"Member States shall ensure that the storing of information,
or the gaining of access to information already stored, in ...
10
European Union Legislative Activity
The “Cookie” Laws
European Commission directed all EU members to incorporate the am...
11
BBC Food: An Example of a Cookie Opt-In (Almost)
12
David Naylor: An Example of a Cookie Opt-In (Parody)
13
From http://blog.silktide.com/2013/01/the-stupid-cookie-law-is-dead-at-last/#more-2942
How the UK Cookie Law has Played...
14From http://blog.silktide.com/2013/01/the-stupid-cookie-law-is-dead-at-last/#more-2942
What the UK Cookie Law Has Achiev...
15
W3C Tracking Protection Working Group
Background
In Spring 2011, the World Wide Web Consortium (W3C) created
its Tracki...
16
W3C Tracking Protection Working Group
The Twists and Turns
Between September 2011 and April 2014, the group’s work has
...
17
W3C Tracking Protection Working Group
Where Does The Project Stand?
The latest:
• Summer 2013 – Digital Advertising All...
18
W3C Customer Experience
Digital Data Community Group
Background
This W3C Project was formed by the merger of two
standa...
19
W3C Customer Experience Digital Data Community Group
Standard Analytics Data Object (Current as of Spec. 1)
digitalData...
W3C Customer Experience
Digital Data Community Group
Permissions Mapping
www.calc.com – analytics;
www.adsRus.com – advert...
21
W3C Customer Experience
Digital Data Community Group
Architecture (Current Vision)
Access Control Layer
www.calc.com – ...
W3C Customer Experience
Digital Data Community Group
Benefits
In developing the specification with these features, the
Gro...
23
Anna Long
Founder and Principal Analyst
Web AnalyticaSM
Email: anna.m.long@webanalytica.net
LinkedIn: linkedin.com/in/a...
Upcoming SlideShare
Loading in …5
×

Eprivacy issues and standards -- where do we stand?

6,859 views

Published on

Description of several projects attempting to address eprivacy issues

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

Eprivacy issues and standards -- where do we stand?

  1. 1. 1 Eprivacy Issues and Their Potential Effect on Online Data Collection Anna Long Founder and Principal Analyst Web AnalyticaSM
  2. 2. 2 1 - 2 Agenda • ePrivacy – What’s the Problem? • Three Attempts to Address ePrivacy Issues – EU ePrivacy Directive – W3C Tracking Protection Working Group – W3C Customer Experience Digital Data Community Group
  3. 3. 3 Online Privacy – What’s the Problem? The landscape: •The Wall Street Journal, The New York Times, Time Magazine, and other news organizations have written articles raising concerns about abuse of privacy online. •The Privacy Rights Clearinghouse, Consumer Watchdog, Consumer Action, and the Center for Digital Democracy have voice concerns about online privacy. •Politicians and regulators in the US and other regions have conducted studies, held hearings, and introduced legislation attempting to address online privacy violations.
  4. 4. 4 Technology’s Impact on Privacy Concerns about technology’s impact on privacy pre-date the commercialization of the World Wide Web. March 18, 1992
  5. 5. 5 Technology’s Impact on Privacy “A new protocol being developed by the Internet Engineering Task Force (IETF) has raised privacy concerns. Internet Protocol Version 6 (IPv6) is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol (IPv4)... “The new addressing structure, however, may mean that every packet can be traced back to each user's unique network interface card ID… That information... forms the basis of the privacy concerns raised by some observers of the IETF process.” Concerns about the Internet’s effect on privacy go back to the last century. October 12, 1999
  6. 6. 6 Online Privacy – Is This The Problem?
  7. 7. 7 What’s to Be Done about ePrivacy Issues? Three major initiatives are underway: • European Union’s ePrivacy Directive: applies regulation to cookie storage • World Wide Web Consortium (W3C) Tracking Protection Working Group: developing standards to put tracking control in the hands of individual website users • W3C Customer Experience Digital Data Community Group: creating standards that put control in the hands of website owners
  8. 8. 8 Europe Union ePrivacy Directive The European Commission has had an online privacy directive (Directive 2002/058 on Privacy and Electronic Communications) in place for over a decade. • 2002 version required website owners to inform visitors about cookie placement and offer a method of refusing cookies (opt-out) • 2009 version requires website owners to gain permission from visitors before storing any cookies not essential to basic site operation (opt-in) The opt-in requirement of the 2009 revision caused an uproar in the European online community. Many feared it would severely disrupt visitors’ website experiences and put European online commerce at a severe competitive disadvantage.
  9. 9. 9 "Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing.... “ From 2009 Revision of Article 5(3) of Directive 2002/58/EC, emphasis added EU ePrivacy Directive 2009 Revision
  10. 10. 10 European Union Legislative Activity The “Cookie” Laws European Commission directed all EU members to incorporate the amended ePrivacy Directive into their national laws by 25 May 2011. • Many members did not meet that deadline and still have not put regulation in place. • UK enacted regulations requiring opt-in checks as of 26 May 2011 and immediately postponed enforcement for a year. • When the UK regulation took effect, the UK Information Commissioner’s Office (ICO) urged quick action, but the law was quickly derided as anti- competitive, confusing, and harmful. Eventually, even the ICO took down its cookie opt-in pop-up.
  11. 11. 11 BBC Food: An Example of a Cookie Opt-In (Almost)
  12. 12. 12 David Naylor: An Example of a Cookie Opt-In (Parody)
  13. 13. 13 From http://blog.silktide.com/2013/01/the-stupid-cookie-law-is-dead-at-last/#more-2942 How the UK Cookie Law has Played Out – One View
  14. 14. 14From http://blog.silktide.com/2013/01/the-stupid-cookie-law-is-dead-at-last/#more-2942 What the UK Cookie Law Has Achieved – One Opinion
  15. 15. 15 W3C Tracking Protection Working Group Background In Spring 2011, the World Wide Web Consortium (W3C) created its Tracking Protection Working Group to deliver standards for communicating and conforming to website visitors’ privacy preferences. From the beginning, this was a high-profile group with members from technical fields, governments, and industry associations, but dominated by privacy advocates and advertising industry groups.
  16. 16. 16 W3C Tracking Protection Working Group The Twists and Turns Between September 2011 and April 2014, the group’s work has included : • Multiple drafts of two specifications •Tracking preference expression (the Do Not Track (DNT) flag) • Website compliance • 9 face-to-face meetings in Europe and US • 111 teleconferences • 242 issues raised • 447 actions assigned • 5 co-chairs • 2 charter extensions
  17. 17. 17 W3C Tracking Protection Working Group Where Does The Project Stand? The latest: • Summer 2013 – Digital Advertising Alliance stand-off forced co-chairs to choose sides. Result: several resignations and group went on hiatus. • W3C surveyed the remaining working group members to determine how to proceed. Chose to proceed, but losing members and shrinking scope. • One spec (tracking preference expression) approaching release for public comment • Meanwhile, all major browsers as well as some software operating systems and utilities are offering the DNT flag as an option or a default. Most websites are ignoring the flag.
  18. 18. 18 W3C Customer Experience Digital Data Community Group Background This W3C Project was formed by the merger of two standardization initiatives, one led by Google and Qubit, the other by IBM It is being driven primarily by technologists and analysts The Group’s mission is to identify a standard framework for analytics data, both for efficiency and to enhance analytics capabilities Because much of this data is of a sensitive or private nature, privacy must be addressed along with other standardization issues
  19. 19. 19 W3C Customer Experience Digital Data Community Group Standard Analytics Data Object (Current as of Spec. 1) digitalData .PageIdentifier .Page .Product .Transaction .Event .Component .Cart .User .Version .ShippingAddress . ShippingAddress. Securty SAddrLine1 SAddrLine2 City State/Province Postal Code Country SAddrLine1: Private SAddrLine2:Private City: Analytics, Advertising State/Province: Analytics, Advertising Postal Code:Analytics, Advertising Country: Analytics Advertising
  20. 20. W3C Customer Experience Digital Data Community Group Permissions Mapping www.calc.com – analytics; www.adsRus.com – advertising; www.audit.com – financial; www.oursite.com – personalization; Example of a mapping table:
  21. 21. 21 W3C Customer Experience Digital Data Community Group Architecture (Current Vision) Access Control Layer www.calc.com – analytics; www.adsRus.com – advertising; www.audit.com - financial Access Permissions Table digitalData .PageIdentifier .Page .Product .Transaction .Event .Component .Cart .User .Version www.calc.com www.BigAds.com Request Data Request
  22. 22. W3C Customer Experience Digital Data Community Group Benefits In developing the specification with these features, the Group is attempting to set up an analytics data architecture that: • Provides standardized data to be used by all analytics products • Is flexible, extensible, and customizable for regions, industries, and organizations • Offers the potential for more analytics integration (such as web application performance monitoring) If you are interested in participating in this effort as it moves to the next stage of standardization, contact me.
  23. 23. 23 Anna Long Founder and Principal Analyst Web AnalyticaSM Email: anna.m.long@webanalytica.net LinkedIn: linkedin.com/in/annamlong Twitter: @webbylytical Cary, NC Washington, DC 919 349-5725

×