Who's a First Party Anyway? Takeaways From AdMonsters' DNT Meetup With W3C

“Originally there were five different versions of the definition of ‘Do Not Track,” commented Aleecia McDonald, Cochair of the World Wide Web Consortium’s (W3C) Tracking Protection Working Group (as well as a representative of Mozilla and a member and a fellow at the Stanford Center for Internet and Society) at AdMonsters recent DNT meetup in NYC. “Now we’re down to two, but while they’re not diametrically opposed, they’re pretty far apart.”

Developing the standards for a DNT mechanism as well as guidelines around compliance and scope could not have been seen as a slam dunk assignment, but W3C, known for its excellence with technical standards (you might have heard of this thing called HTML), took on the task. While DNT certainly has its technical component, the organization is also wading into the muddy and somewhat unfamiliar waters of making policy.

With representatives more than 70 diverse organizations – including all the makers of the most-used browsers, privacy advocates, the most major of publishers, and advertising technology and services providers (there's some overlap as you can imagine) – meetings of the Tracking Protection Working Group can get pretty intense. Agreement doesn’t come easy, nor should it when dealing with technology that could dramatically reshape the Internet (and definitely the digital advertising industry).

But even with so many members, the group is still seeking feedback from all parties likely to be affected – especially those in the trenches who are likely to bump heads with DNT. Last week, McDonald – as well as Tracking Protection Working Group member Alan Chapell of Chapell & Associates, an authority when it comes to digital advertising and privacy – took some time to walk through the DNT and compliance drafts with members of the ad ops community, as well as give a more holistic picture of the W3C’s goals with DNT. But this meeting wasn’t just about dropping details – McDonald and Chapell were seeking input from an important Internet precinct.

Ops, legal and site engineering professionals from the likes of NBCUniversal (which played host to the get-together), NYTimes.com, A&E Networks, Conde Nast, Travora, AddThis (previously Clearspring), MTV Networks, Gawker and more added to a lively discussion of the draft guidance and the future of online tracking.

A Matter of Trust

As McDonald explained, DNT is about trusting online companies with securing consumer privacy, not about black and white lists. The W3C is barred from giving standards regarding browser user interfaces – the group is concerned with the signals sent back and forth.

As proposed, DNT is set as a binary HTTP call and response, with a browser bouncing a user’s preference off of website, and if the website complies (adoption is not mandatory) it sends a response. There are actually three signals

• DNT 1 – enable DNT ‘cause user says no tracking, buddy!
• DNT 0 – user says track away! (Well, something like that)
• 0 – user has not made a choice (Blissful ignorance?)

In the U.S., the default browser setting will probably be 0, but in the privacy-concerned EU, it will probably be DNT 1 (though some countries may not allow this setting as a default).

Oh, but it’s not so simple as on/off/undecided.

Big and Unresolved

In addition to disagreement over a set definition for tracking, understanding what constitutes a first party is a bit complicated. Multiple first parties are a recognized reality: first, there’s the publisher itself; but as soon as a user has a “meaningful interaction” with an element on a site supported by a third party, it transforms into a firstie. This includes advertisements – though actions such as closing expandables or muting a video player will likely not be considered “meaningful”; opening an expandable or playing a video, on the other hand, will.

The main point is that first parties cannot share collected data outside or match it to data from other data. This becomes an issue with attendees like AddThis, which offers social sharing widgets that collect data across millions of sites and power its audience product. Aggregated data can be used for analysis, but that’s not quite the same value.

This gets more complex with networked sites. Gawker, for example, runs a network of sister sites such as Jezebel and Deadspin – could user data be shared between those sites, especially when it’s used to suggest content? The tracking group is debating proposals regarding this situation – dubbed the “edges of a party” – including one in which publishers could list in their privacy policy which sites are grouped (“Discoverable” based on corporate ownership). 

However, this becomes an immense complication for giant content networks such as Microsoft or Yahoo, which would have to constantly update information on myriad properties. Another proposal suggests following user expectations and corporate branding.

As for third parties, it’s been proposed that tracking for the following uses will be permitted (with retention limits suggested)

• Billing and financial logging
• Security and fraud prevention
• 3rd party auditing

Frequency capping is another sticking point. Increasingly media buyers are requiring that capability, which in turn requires a tracking cookie. Capping may make the permitted third-party action list, but it will likely be banned in Europe with the EU Privacy Directive.

The Mendoza Line and Other Questions

Once a DNT standard is agreed upon net-wide, what percentage of users will turn it on? McDonald shared that since the introduction of Mozilla Firefox’s DNT functionality, 7% of browsers are using it. So what is, as Chapell put it, the Mendoza Line for online advertising – the percentage point at which DNT becomes a hindrance to online revenue efforts?

Some commented that the audience targeting pool is small enough as is – any reduction will have a detrimental effect on second-channel ad revenue. For example, on exchanges, DNT-enabled users will likely be labeled unsellable – “They’ll get PSAs all the time,” commented Rich LaBarca of AddThis.

On the brighter side, widespread adoption of DSPs could buoy direct sales efforts

While most publishers are fine with content recommendation and other intra-site features because of the first party rules, many “Web 3.0” high-functioning sites rely on third parties to provide data regarding regular operations. Specific site exemptions is a section in the working drafts under immense scrutiny; even then, is there a standard format for delivering the message, “This site won’t work right if DNT is on”?

Also:

• Where does Facebook’s social infrastructure clash with DNT? (Facebook does have representatives attending Tracking Protection Working Group meetings.)
• When someone registers and logs into a site (say, NYTimes.com,), does that trump the DNT order?
• What about TV anywhere initiatives that rely on a third party for authentication with a cable company?

Next Steps

Three hours of friendly and insightful discussion left all parties with a slew of notes, thoughts and further questions. To keep up the conversation, McDonald invited attendees and other AdMonster regulars to start a W3C community group to comment on the current and future drafts. Please join our group, Ad Ops Speaks on DNT . (Note: to join you must register a free account with W3C,)

The Tracking Protection Working Group’s next face-to-face meeting is June 20-22 in Bellevue, Wash. It’s aiming to finish a Last Call Working Draft by June, which will be opened to the public for comment. According to the current timeline, Proposed Recommendations would be delivered in September, with the final Recommendation sealed in October.

But it’s not happily ever after at that point. There’s also no way to “future-proof” the standard – tech will change, exceptions will be found, consumer tracking will come in new forms. “If we get 10 years out of this, I think we’ve done well,” McDonald said.

Get the latest on all things premium at OPS London, which will bring EU digital advertising leaders and ops professionals together to discuss and develop best practices for operational excellence. Register today for OPS London, which will be held May 15, 2012.