[WG-InfoSharing] Reminder: tomorrow's call

Doc Searls doc at searls.com
Thu Jun 27 23:07:41 UTC 2019


Here are some responses to text in the deck, starting with Slide 2, from which I'll quote here...

> European Policy /GDPR Consent
> In practice, Consent is an automatic click-thru with little user understanding.

I've been in Europe for two weeks (Spain, UK), occasionally comparing the experience of using the commercial Web here to the same in the U.S., using a VPN for the latter. Here are some ways the GDPR actually works. Or, more accurately, fails more awfully than what we had prior to the GDPR.

Example 1:


This is Slate's total violation of the GDPR. There is no choice but to agree to be tracked for all the reasons they give—or to go away. That's the first violation. The second is forced agreement. There is no "consent" worthy of the noun.

When I look at Slate in the U.S. I see no notice at all. Also no trackers. (Privacy Badger spotted 46 when I took that screen shot in Spain,)


Example 2:


Note the large OK and the tiny "x" for making it go away. The  GDPR requires that a notice like this should not be a gateway to the website (that's the Slate violation), and I suppose some ComputerWeekly readers know enough to click the little x. But clearly the site wants people to click the large "OK," so they can continue "personalizing content and advertising." Which means they get to continue tracking people, only now with "consent."

In other words, the site gets to kid itself (and regulators, they hope) into thinking they are complying with the letter of the GDPR while in fact they are utterly violating its spirit. But at least one can opt out of the whole thing with the little x—or maybe not. At that site, as we see, 17 trackers are loaded anyway. 

Yes, you can "manage your preferences," but they're not yours. And they're not managed by you, or meant to be managed by you. They are meant to coerce you into saying "the hell with it" and clicking "OK."


Example 3:



McKinsey provides no choice at all, with this banner that persists on the page. What they obtain by this is not consent, but acquiescence to being tracked, which the GDPR was made to forbid.


Example 4:



This one forces a simple choice, and to its credit makes the rejection button as big (but not as attractive to clicks) as the acceptance button. At least here, if you click on the former, it goes away.


Example 5:


I've seen lots of these, "powered by Quantcast."

"Deny All" is nice but clearly "Accept and move on" is what the site prefers, and that means continuing to track people exactly as the GDPR would rather they not.

Now, let's dive into "Manage My Consents." It looks like this (on a popover page with no going-back option):



Notice the scroll bar on the right. Here's what's actually there:

Information storage and access

The storage of information, or access to information that is already stored, on your device such as advertising identifiers, device identifiers, cookies, and similar technologies.

Off

Personalisation

The collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as on other websites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests, which inform future selection of advertising and/or content.

Off

Ad selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as websites or apps, over time.

Off

Content selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, such as websites or apps, over time.

Off

Measurement

The collection of information about your use of the content, and combination with previously collected information, used to measure, understand, and report on your usage of the service. This does not include personalisation, the collection of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, i.e. on other service, such as websites or apps, over time.

Off

THIRD PARTY VENDORS
Information storage and access

The storage of information, or access to information that is already stored, on your device such as advertising identifiers, device identifiers, cookies, and similar technologies.

View Companies
 <>
Off

Personalisation

The collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as on other websites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests, which inform future selection of advertising and/or content.

View Companies
 <>
Off

Ad selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as websites or apps, over time.

View Companies
 <>
Off

Content selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, such as websites or apps, over time.

View Companies
 <>
Off

Measurement

The collection of information about your use of the content, and combination with previously collected information, used to measure, understand, and report on your usage of the service. This does not include personalisation, the collection of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, i.e. on other service, such as websites or apps, over time.

View Companies
 <>
Off

OTHER
Google

Allow Google and their technology partners to collect data and use cookies for ad personalisation and measurement.

View Companies
 <>
Off


All defaulted to On.

Below that, in tiny blue type, is "See full vendor list," which is 510 companies long. Here is just the ones that start with the letter R:

R-Advertising
R-TARGET
Rakuten Marketing LLC
Readpeak Oy
Realeyes OÜ
ReigNN Platform Ltd.
Relay42 Netherlands B.V.
remerge GmbH
Research Now Group, Inc
Revcontent, LLC
Reveal Mobile, Inc
RevLifter Ltd
RevX Inc.
Rezonence Limited
RhythmOne, LLC
Rich Audience
RMSi Radio Marketing Service interactive GmbH
Rockabox Media Ltd
Rockerbox, Inc
RockYou, Inc.
Roq.ad GmbH
RTB House S.A.
RTK.IO, Inc
RUN, Inc.

Now, let's say you "reject all." Or that you go through that list and decide who you don't and do want to be tracked by. Do you have any record of those settings? Nope, at least beyond whatever cookies might be recorded (likely in an unreadable form) in your browser. 

Clearly this is meant to preserve Business As Usual, which is all about tracking people.

> Consent and Consent Management is solely controlled by Enterprises.

To say the least, this is meaningful only in the sense that makes "consent" meaningless.


Continuing on Slide 2...

> 2021
> 
> Meaningful Consent
> 
> Care is taken to ensure that users truly understand the ramifications of their consent.
> 
> Consent Management is still solely controlled by Enterprises.

When there is only one controlling party and consent is in label only, it is not consensual.

To truly understand that you're being screwed isn't a big step beyond ignorance on the matter. It's also not especially meaningful.


Next...

> 2023
> 
> User Supplied Terms
> 
> Tables are turned and users provide sharing terms to which Enterprises must indicate consent?

That date might be realistic, but I'd rather make it closer, if only for aspirational purposes.

I'm also not sure we need to turn tables. The status quo is worse than broken. What's proposed here is a better system: People signal their own terms, the simplest of which is "Don't track me off your site, for any purpose. Sign here and we'll both keep a copy."

> Consent Management provided by User Agents.

The agent needn't be a third party, or an intermediary, though those should be on the table as an option. Ideally, there would be a simple tool, such as a browser feature or add-on, or something new that works as simply as one of those.

And finally (on Slide 2)...

> 2025
> 
> Mutual Agreement / Service Negotiation
> 
> Consent is replaced with a Sharing (or Service) Negotiation process.
> 
> Consent Management provided by Intermediaries.

I think this can be part of the prior stage, and again not require intermediaries, at least for the simple stuff.


Okay, it's past midnight here in the UK, and we finally received the third of our three bags missing since Tuesday. The rest of the family is in bed and my noisy keyboard is keeping them awake. I think I may have covered enough anyway. 

Some closing thoughts...

First, starting with the current status quo, which is deeply corrupt and broken, is like starting with slavery as the infant stage of freedom. There is no "user respect" in this status quo. In fact there is long-standing contempt.

Second, though this is the InfoSharing WG, I think it will help to consider that, if one wishes not to be tracked, and an agreement is made about that, very little information needs to be shared. A choice is recorded and respected. If it's not respected, there are ways to resolve disputes in existence already (contact law, ODR <https://en.wikipedia.org/wiki/Online_dispute_resolution>). It doesn't need to be complicated, or framed as data exchange.

Third, (to me at least) Me2B is anchored with Me, not B. The vector of "to" goes from Me to B. It may end up as a mutual thing, but it's fundamentally about the individual having full agency, and the ability to make the first move. This is another reason why I don't see a path from the existing B-screws-Me system to Me2B. We need to start anew with Me2B and show how that's better for the Bs of the world than B-screws-Me has proven to be.

Doc

> On Jun 27, 2019, at 4:27 PM, Lisa LeVasseur <lalevasseur at ieee.org> wrote:
> 
> This is the drafty view of the evolution of consent to mutual agency, from a Me2B perspective.  Comments welcome.
> 
> On Wed, Jun 26, 2019 at 8:11 AM Jim Pasquale <jim at digi.me <mailto:jim at digi.me>> wrote:
> With many of the workgroup participants at Identiverse this week. Tomorrow’s call will focus on drafting an update to the new charter for CIS. 
> 
> Here are the call in details:
> 
> GoToMeeting (GTM1)
> Please join my meeting from your computer, tablet or smartphone. 
> Please join my meeting from your computer, tablet or smartphone. 
> https://global.gotomeeting.com/join/323930725  <https://global.gotomeeting.com/join/323930725>
> 
> You can also dial in using your phone. 
> United States: +1 (669) 224-3318 
> 
> Access Code: 323-930-725 
> 
> More phone numbers 
> Australia: +61 2 9091 7603 
> Austria: +43 1 2530 22500 
> Belgium: +32 28 93 7002 
> Canada: +1 (647) 497-9376 
> Denmark: +45 32 72 03 69 
> Finland: +358 923 17 0556 
> France: +33 170 950 590 
> Germany: +49 692 5736 7300 
> Ireland: +353 15 360 756 
> Italy: +39 0 230 57 81 80 
> Netherlands: +31 207 941 375 
> New Zealand: +64 9 282 9510 
> Norway: +47 21 93 37 37 
> Spain: +34 932 75 1230 
> Sweden: +46 853 527 818 
> Switzerland: +41 225 4599 60 
> United Kingdom: +44 330 221 0097 
> 
> See you on the call.
> 
> 
> Disclaimer
> 
> The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorised to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. If you have received this email in error, please delete it and advise the sender.
> 
> .
> 
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
> https://kantarainitiative.org/mailman/listinfo/wg-infosharing <https://kantarainitiative.org/mailman/listinfo/wg-infosharing>
> <Beyond Consent_ Evolving to Mutual Agency in Me2B Relationship.pdf>_______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> https://kantarainitiative.org/mailman/listinfo/wg-infosharing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190628/5f8fe141/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: slatenotice.png
Type: image/png
Size: 155131 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190628/5f8fe141/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: techtargetnotice.png
Type: image/png
Size: 141551 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190628/5f8fe141/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mckinseynotice.png
Type: image/png
Size: 91593 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190628/5f8fe141/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: atlanticnotice.png
Type: image/png
Size: 300060 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190628/5f8fe141/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: deadlie-quantcast.png
Type: image/png
Size: 222335 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190628/5f8fe141/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: quantcast-manage.png
Type: image/png
Size: 307027 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190628/5f8fe141/attachment-0011.png>


More information about the WG-InfoSharing mailing list